From 6e157fb9200af64558812ae142ffc61cbcd57049 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 19 Dec 2024 08:53:54 -0700
Subject: [PATCH 01/53] Bump development for v25.01.0, also update copyright
 year

---
 Dockerfiles/api.Dockerfile                    |  2 +-
 Dockerfiles/arkime.Dockerfile                 |  2 +-
 Dockerfiles/dashboards-helper.Dockerfile      |  2 +-
 Dockerfiles/dirinit.Dockerfile                |  2 +-
 Dockerfiles/file-monitor.Dockerfile           |  2 +-
 Dockerfiles/file-upload.Dockerfile            |  2 +-
 Dockerfiles/filebeat.Dockerfile               |  2 +-
 Dockerfiles/freq.Dockerfile                   |  2 +-
 Dockerfiles/htadmin.Dockerfile                |  2 +-
 Dockerfiles/netbox.Dockerfile                 |  2 +-
 Dockerfiles/nginx.Dockerfile                  |  2 +-
 Dockerfiles/opensearch.Dockerfile             |  2 +-
 Dockerfiles/pcap-capture.Dockerfile           |  2 +-
 Dockerfiles/pcap-monitor.Dockerfile           |  2 +-
 Dockerfiles/postgresql.Dockerfile             |  2 +-
 Dockerfiles/redis.Dockerfile                  |  2 +-
 Dockerfiles/suricata.Dockerfile               |  2 +-
 Dockerfiles/zeek.Dockerfile                   |  2 +-
 LICENSE.txt                                   |  2 +-
 NOTICE.txt                                    |  2 +-
 README.md                                     |  2 +-
 _config.yml                                   |  2 +-
 arkime/scripts/arkime_update_geo.sh           |  2 +-
 arkime/scripts/initarkime.sh                  |  2 +-
 arkime/scripts/live_capture.sh                |  2 +-
 arkime/scripts/viewer_service.sh              |  2 +-
 arkime/scripts/wipearkime.sh                  |  2 +-
 arkime/scripts/wise_service.sh                |  2 +-
 arkime/supervisord.conf                       |  2 +-
 arkime/wise/source.zeeklogs.js                |  2 +-
 dashboards/scripts/opensearch_read_only.py    |  2 +-
 dashboards/scripts/shared-object-creation.sh  |  2 +-
 dashboards/supervisord.conf                   |  2 +-
 docker-compose-dev.yml                        | 48 +++++++++----------
 docker-compose.yml                            | 48 +++++++++----------
 file-monitor/docker-entrypoint.sh             |  2 +-
 file-monitor/supervisord.conf                 |  2 +-
 file-upload/docker-entrypoint.sh              |  2 +-
 file-upload/supervisord.conf                  |  2 +-
 filebeat/filebeat-logs.yml                    |  2 +-
 filebeat/filebeat-nginx.yml                   |  2 +-
 filebeat/filebeat-tcp.yml                     |  2 +-
 filebeat/scripts/clean-processed-folder.py    |  2 +-
 .../filebeat-process-zeek-folder-functions.sh |  2 +-
 .../scripts/filebeat-process-zeek-folder.sh   |  2 +-
 .../filebeat-watch-zeeklogs-uploads-folder.py |  2 +-
 filebeat/scripts/filebeat.sh                  |  2 +-
 filebeat/supervisord.conf                     |  2 +-
 freq-server/supervisord.conf                  |  2 +-
 hedgehog-iso/Dockerfile                       |  2 +-
 .../normal/0169-pip-installs.hook.chroot      |  2 +-
 .../normal/0900-setup-rc-local.hook.chroot    |  2 +-
 .../normal/0910-sensor-build.hook.chroot      |  2 +-
 .../normal/0911-get-stig-scripts.hook.chroot  |  2 +-
 .../0990-remove-unwanted-pkg.hook.chroot      |  2 +-
 .../0991-security-performance.hook.chroot     |  2 +-
 .../hooks/normal/0992-login.hook.chroot       |  2 +-
 .../includes.binary/install/preseed_base.cfg  |  2 +-
 .../install/preseed_multipar.cfg              |  2 +-
 .../install/preseed_vmware.cfg                |  2 +-
 .../opt/zeek/share/zeek/site/extractor.zeek   |  2 +-
 .../share/zeek/site/extractor_params.zeek     |  2 +-
 .../usr/local/bin/configure-capture.py        |  2 +-
 .../usr/local/bin/sensor-init.sh              |  2 +-
 .../usr/local/bin/ufw_allow_requests.sh       |  2 +-
 .../sensor_ctl/arkime/live_capture.sh         |  2 +-
 hedgehog-iso/interface/sensor_ctl/clean.sh    |  2 +-
 hedgehog-iso/interface/sensor_ctl/control.sh  |  2 +-
 .../sensor_ctl/filebeat/filebeat.yml          |  2 +-
 .../filebeat/sensor_filebeat_local.sh         |  2 +-
 .../sensor_ctl/miscbeat/filebeat.yml          |  2 +-
 .../miscbeat/sensor_miscbeat_local.sh         |  2 +-
 .../sensor_ctl/scripts/log_disk_space.sh      |  2 +-
 .../supervisor.init/arkime_config_populate.sh |  2 +-
 .../suricata_update_cron_setup.sh             |  2 +-
 .../interface/sensor_ctl/supervisor.sh        |  2 +-
 .../zeek/extractor_override.interesting.zeek  |  2 +-
 .../interface/sensor_interface/routes.py      |  2 +-
 .../sensor_interface/static/js/custom.js      |  2 +-
 .../sensor_interface/sysquery/sys_service.py  |  2 +-
 hedgehog-iso/vagrant/Vagrantfile              |  2 +-
 hedgehog-iso/yara/Dockerfile                  |  2 +-
 hedgehog-iso/yara/build-docker-image.sh       |  2 +-
 hedgehog-iso/yara/build-yara-deb.sh           |  2 +-
 hedgehog-raspi/Dockerfile                     |  2 +-
 hedgehog-raspi/vagrant/Vagrantfile            |  2 +-
 htadmin/supervisord.conf                      |  2 +-
 kubernetes/03-opensearch.yml                  |  4 +-
 kubernetes/04-dashboards.yml                  |  2 +-
 kubernetes/05-upload.yml                      |  4 +-
 kubernetes/06-pcap-monitor.yml                |  4 +-
 kubernetes/07-arkime.yml                      |  4 +-
 kubernetes/08-api.yml                         |  2 +-
 kubernetes/09-dashboards-helper.yml           |  2 +-
 kubernetes/10-zeek.yml                        |  4 +-
 kubernetes/11-suricata.yml                    |  4 +-
 kubernetes/12-file-monitor.yml                |  4 +-
 kubernetes/13-filebeat.yml                    |  4 +-
 kubernetes/14-logstash.yml                    |  4 +-
 kubernetes/15-netbox-redis.yml                |  4 +-
 kubernetes/16-netbox-redis-cache.yml          |  2 +-
 kubernetes/17-netbox-postgres.yml             |  4 +-
 kubernetes/18-netbox.yml                      |  4 +-
 kubernetes/19-htadmin.yml                     |  4 +-
 kubernetes/20-pcap-capture.yml                |  4 +-
 kubernetes/21-zeek-live.yml                   |  4 +-
 kubernetes/22-suricata-live.yml               |  4 +-
 kubernetes/23-arkime-live.yml                 |  4 +-
 kubernetes/24-freq.yml                        |  2 +-
 kubernetes/98-nginx-proxy.yml                 |  4 +-
 logstash/certs/client.conf                    |  2 +-
 logstash/certs/server.conf                    |  2 +-
 logstash/pipelines/beats/11_beats_logs.conf   |  2 +-
 .../enrichment/20_enriched_to_ecs.conf        |  2 +-
 .../pipelines/enrichment/23_severity.conf     |  2 +-
 .../pipelines/enrichment/96_make_unique.conf  |  2 +-
 .../pipelines/enrichment/97_arkimize.conf     |  2 +-
 .../pipelines/enrichment/98_finalize.conf     |  2 +-
 logstash/pipelines/output/98_finalize.conf    |  2 +-
 logstash/pipelines/suricata/19_severity.conf  |  2 +-
 logstash/pipelines/zeek/1000_zeek_prep.conf   |  2 +-
 logstash/pipelines/zeek/1001_zeek_parse.conf  |  2 +-
 logstash/pipelines/zeek/1011_zeek_bacnet.conf |  2 +-
 .../pipelines/zeek/1012_zeek_bestguess.conf   |  2 +-
 logstash/pipelines/zeek/1013_zeek_bsap.conf   |  2 +-
 logstash/pipelines/zeek/1014_zeek_conn.conf   |  2 +-
 .../pipelines/zeek/1015_zeek_dce_rpc.conf     |  2 +-
 logstash/pipelines/zeek/1016_zeek_dhcp.conf   |  2 +-
 .../pipelines/zeek/1017_zeek_diagnostic.conf  |  2 +-
 logstash/pipelines/zeek/1018_zeek_dnp3.conf   |  2 +-
 logstash/pipelines/zeek/1019_zeek_dns.conf    |  2 +-
 logstash/pipelines/zeek/1020_zeek_ecat.conf   |  2 +-
 logstash/pipelines/zeek/1021_zeek_enip.conf   |  2 +-
 logstash/pipelines/zeek/1022_zeek_files.conf  |  2 +-
 logstash/pipelines/zeek/1023_zeek_ftp.conf    |  2 +-
 .../pipelines/zeek/1024_zeek_genisys.conf     |  2 +-
 .../pipelines/zeek/1025_zeek_ge_srtp.conf     |  2 +-
 logstash/pipelines/zeek/1026_zeek_gquic.conf  |  2 +-
 .../pipelines/zeek/1027_zeek_hart_ip.conf     |  2 +-
 logstash/pipelines/zeek/1028_zeek_http.conf   |  2 +-
 logstash/pipelines/zeek/1029_zeek_intel.conf  |  2 +-
 logstash/pipelines/zeek/1030_zeek_ipsec.conf  |  2 +-
 logstash/pipelines/zeek/1031_zeek_irc.conf    |  2 +-
 .../pipelines/zeek/1032_zeek_kerberos.conf    |  2 +-
 logstash/pipelines/zeek/1033_zeek_known.conf  |  2 +-
 logstash/pipelines/zeek/1034_zeek_ldap.conf   |  2 +-
 logstash/pipelines/zeek/1035_zeek_login.conf  |  2 +-
 logstash/pipelines/zeek/1036_zeek_modbus.conf |  2 +-
 logstash/pipelines/zeek/1037_zeek_mqtt.conf   |  2 +-
 logstash/pipelines/zeek/1038_zeek_mysql.conf  |  2 +-
 logstash/pipelines/zeek/1039_zeek_notice.conf |  2 +-
 logstash/pipelines/zeek/1040_zeek_ntlm.conf   |  2 +-
 logstash/pipelines/zeek/1041_zeek_ntp.conf    |  2 +-
 logstash/pipelines/zeek/1042_zeek_ocsp.conf   |  2 +-
 .../zeek/1043_zeek_opcua_binary.conf          |  2 +-
 logstash/pipelines/zeek/1044_zeek_ospf.conf   |  2 +-
 logstash/pipelines/zeek/1045_zeek_pe.conf     |  2 +-
 .../pipelines/zeek/1046_zeek_profinet.conf    |  2 +-
 logstash/pipelines/zeek/1047_zeek_radius.conf |  2 +-
 logstash/pipelines/zeek/1048_zeek_rdp.conf    |  2 +-
 logstash/pipelines/zeek/1049_zeek_rfb.conf    |  2 +-
 logstash/pipelines/zeek/1050_zeek_s7comm.conf |  2 +-
 .../pipelines/zeek/1051_zeek_signatures.conf  |  2 +-
 logstash/pipelines/zeek/1052_zeek_sip.conf    |  2 +-
 logstash/pipelines/zeek/1053_zeek_smb.conf    |  2 +-
 logstash/pipelines/zeek/1054_zeek_smtp.conf   |  2 +-
 logstash/pipelines/zeek/1055_zeek_snmp.conf   |  2 +-
 logstash/pipelines/zeek/1056_zeek_socks.conf  |  2 +-
 .../pipelines/zeek/1057_zeek_software.conf    |  2 +-
 logstash/pipelines/zeek/1058_zeek_ssh.conf    |  2 +-
 logstash/pipelines/zeek/1059_zeek_ssl.conf    |  2 +-
 logstash/pipelines/zeek/1060_zeek_stun.conf   |  2 +-
 .../zeek/1061_zeek_synchrophasor.conf         |  2 +-
 logstash/pipelines/zeek/1062_zeek_syslog.conf |  2 +-
 logstash/pipelines/zeek/1063_zeek_tds.conf    |  2 +-
 logstash/pipelines/zeek/1064_zeek_tftp.conf   |  2 +-
 logstash/pipelines/zeek/1065_zeek_tunnel.conf |  2 +-
 logstash/pipelines/zeek/1066_zeek_weird.conf  |  2 +-
 .../pipelines/zeek/1067_zeek_wireguard.conf   |  2 +-
 logstash/pipelines/zeek/1068_zeek_x509.conf   |  2 +-
 .../pipelines/zeek/1069_zeek_websocket.conf   |  2 +-
 .../pipelines/zeek/1199_zeek_unknown.conf     |  2 +-
 logstash/pipelines/zeek/1200_zeek_mutate.conf |  2 +-
 .../pipelines/zeek/1300_zeek_normalize.conf   |  2 +-
 .../pipelines/zeek/1400_zeek_convert.conf     |  2 +-
 logstash/pipelines/zeek/1900_severity.conf    |  2 +-
 logstash/scripts/logstash-start.sh            |  2 +-
 logstash/supervisord.conf                     |  2 +-
 malcolm-iso/Dockerfile                        |  2 +-
 .../normal/0900-setup-rc-local.hook.chroot    |  2 +-
 .../normal/0911-get-stig-scripts.hook.chroot  |  2 +-
 .../includes.binary/install/preseed_base.cfg  |  2 +-
 .../install/preseed_multipar.cfg              |  2 +-
 .../install/preseed_vmware.cfg                |  2 +-
 .../includes.chroot/usr/local/bin/agg-init.sh |  2 +-
 .../usr/local/bin/docker-load-wait.sh         |  2 +-
 .../local/bin/malcolm-first-run-configure.sh  |  2 +-
 .../usr/local/bin/set-malcolm-gtk-bookmark.sh |  2 +-
 malcolm-iso/htpdate/Dockerfile                |  2 +-
 malcolm-iso/htpdate/build-docker-image.sh     |  2 +-
 malcolm-iso/htpdate/build-htpdate-deb.sh      |  2 +-
 malcolm-iso/vagrant/Vagrantfile               |  2 +-
 .../scripts/netbox_enumerate_permissions.py   |  2 +-
 netbox/scripts/netbox_init.py                 |  2 +-
 netbox/scripts/netbox_install_plugins.py      |  2 +-
 netbox/supervisord.conf                       |  2 +-
 nginx/landingpage/404.html                    |  4 +-
 nginx/landingpage/502.html                    |  4 +-
 nginx/landingpage/index.html                  |  4 +-
 nginx/nginx.conf                              |  2 +-
 nginx/nginx_readonly.conf                     |  2 +-
 nginx/supervisord.conf                        |  2 +-
 pcap-capture/scripts/netsniff-roll.sh         |  2 +-
 pcap-capture/scripts/supervisor.sh            |  2 +-
 pcap-capture/supervisord.conf                 |  2 +-
 .../scripts/watch-pcap-uploads-folder.py      |  2 +-
 pcap-monitor/supervisord.conf                 |  2 +-
 scripts/build.sh                              |  2 +-
 scripts/control.py                            |  2 +-
 scripts/demo/Vagrantfile                      |  2 +-
 .../amazon_linux_2023_malcolm_demo_setup.sh   |  2 +-
 scripts/demo/reset_and_auto_populate.sh       |  2 +-
 scripts/documentation_build.sh                |  2 +-
 scripts/github_image_helper.sh                |  2 +-
 scripts/install.py                            |  2 +-
 scripts/malcolm_appliance_packager.sh         |  2 +-
 scripts/malcolm_common.py                     |  2 +-
 scripts/malcolm_kubernetes.py                 |  2 +-
 scripts/malcolm_utils.py                      |  2 +-
 scripts/package_zeek_logs.sh                  |  2 +-
 scripts/release_cleaver.ps1                   |  2 +-
 scripts/release_cleaver.sh                    |  2 +-
 .../aws/ami/packer_vars.json.example          |  2 +-
 .../aws/ami/scripts/Malcolm_AMI_Setup.sh      |  4 +-
 scripts/third-party-logs/fluent-bit-setup.ps1 |  2 +-
 scripts/third-party-logs/fluent-bit-setup.sh  |  2 +-
 scripts/zeek_script_to_malcolm_boilerplate.py |  2 +-
 shared/bin/capture-format-wait.sh             |  2 +-
 shared/bin/common-init.sh                     |  2 +-
 shared/bin/configure-interfaces.py            |  2 +-
 shared/bin/extracted_files_http_server.py     |  2 +-
 shared/bin/fstab.py                           |  2 +-
 shared/bin/keystore-bootstrap.sh              |  2 +-
 shared/bin/maxmind-mmdb-download.sh           |  2 +-
 shared/bin/opensearch_status.sh               |  2 +-
 shared/bin/os-disk-config.py                  |  2 +-
 shared/bin/pcap_processor.py                  |  2 +-
 shared/bin/pcap_utils.py                      |  2 +-
 shared/bin/pcap_watcher.py                    |  2 +-
 shared/bin/preseed_late_user_config.sh        |  2 +-
 shared/bin/prune_files.sh                     |  2 +-
 shared/bin/sensorcommon.py                    |  2 +-
 shared/bin/service_check_passthrough.sh       |  2 +-
 shared/bin/set-dconf-screen-lock-defaults.sh  |  2 +-
 shared/bin/suricata_config_populate.py        |  2 +-
 shared/bin/suricata_update_config_populate.py |  2 +-
 shared/bin/zeek-deb-download.sh               |  2 +-
 shared/bin/zeek_carve_logger.py               |  2 +-
 shared/bin/zeek_carve_scanner.py              |  2 +-
 shared/bin/zeek_carve_utils.py                |  2 +-
 shared/bin/zeek_carve_watcher.py              |  2 +-
 shared/bin/zeek_install_plugins.sh            |  2 +-
 shared/bin/zeek_intel_from_threat_feed.py     |  2 +-
 shared/bin/zeek_intel_setup.sh                |  2 +-
 shared/bin/zeek_threat_feed_utils.py          |  2 +-
 shared/bin/zeekdeploy.sh                      |  2 +-
 suricata/supervisord.conf                     |  2 +-
 zeek/config/extractor.zeek                    |  2 +-
 .../extractor_override.interesting.zeek       |  2 +-
 zeek/config/extractor_params.zeek             |  2 +-
 zeek/supervisord.conf                         |  2 +-
 271 files changed, 339 insertions(+), 339 deletions(-)

diff --git a/Dockerfiles/api.Dockerfile b/Dockerfiles/api.Dockerfile
index 3793d1d2a..38be1c749 100644
--- a/Dockerfiles/api.Dockerfile
+++ b/Dockerfiles/api.Dockerfile
@@ -20,7 +20,7 @@ RUN python3 -m pip wheel --no-cache-dir --no-deps --wheel-dir /usr/src/app/wheel
 
 FROM python:3-slim-bookworm
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/arkime.Dockerfile b/Dockerfiles/arkime.Dockerfile
index 2686cedc9..f895b1c95 100644
--- a/Dockerfiles/arkime.Dockerfile
+++ b/Dockerfiles/arkime.Dockerfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 FROM debian:12-slim
 
diff --git a/Dockerfiles/dashboards-helper.Dockerfile b/Dockerfiles/dashboards-helper.Dockerfile
index bc7305167..899fc30a0 100644
--- a/Dockerfiles/dashboards-helper.Dockerfile
+++ b/Dockerfiles/dashboards-helper.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2020 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/dirinit.Dockerfile b/Dockerfiles/dirinit.Dockerfile
index 41fdc98eb..c9fbb9fff 100644
--- a/Dockerfiles/dirinit.Dockerfile
+++ b/Dockerfiles/dirinit.Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.20
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/file-monitor.Dockerfile b/Dockerfiles/file-monitor.Dockerfile
index 03cf7dd21..a43c3a2d7 100644
--- a/Dockerfiles/file-monitor.Dockerfile
+++ b/Dockerfiles/file-monitor.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/file-upload.Dockerfile b/Dockerfiles/file-upload.Dockerfile
index c421bceee..304921063 100644
--- a/Dockerfiles/file-upload.Dockerfile
+++ b/Dockerfiles/file-upload.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim AS npmget
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ENV DEBIAN_FRONTEND noninteractive
 
diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 152473905..02f4ddfa1 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,6 +1,6 @@
 FROM docker.elastic.co/beats/filebeat-oss:8.16.0
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/freq.Dockerfile b/Dockerfiles/freq.Dockerfile
index 65b90d4ae..25d762185 100644
--- a/Dockerfiles/freq.Dockerfile
+++ b/Dockerfiles/freq.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/htadmin.Dockerfile b/Dockerfiles/htadmin.Dockerfile
index acc8fd560..aa2608cc3 100644
--- a/Dockerfiles/htadmin.Dockerfile
+++ b/Dockerfiles/htadmin.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:11-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile
index 1e1dd0f02..9ab9ac677 100644
--- a/Dockerfiles/netbox.Dockerfile
+++ b/Dockerfiles/netbox.Dockerfile
@@ -1,6 +1,6 @@
 FROM netboxcommunity/netbox:v4.1.8
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile
index 1b804926a..46526a53e 100644
--- a/Dockerfiles/nginx.Dockerfile
+++ b/Dockerfiles/nginx.Dockerfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ####################################################################################
 # thanks to:  nginx                       -  https://github.com/nginxinc/docker-nginx/blob/master/mainline/alpine/Dockerfile
diff --git a/Dockerfiles/opensearch.Dockerfile b/Dockerfiles/opensearch.Dockerfile
index 101dc1a12..10dc389d1 100644
--- a/Dockerfiles/opensearch.Dockerfile
+++ b/Dockerfiles/opensearch.Dockerfile
@@ -1,6 +1,6 @@
 FROM opensearchproject/opensearch:2.18.0
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/pcap-capture.Dockerfile b/Dockerfiles/pcap-capture.Dockerfile
index 6f08e70df..c1a7df4de 100644
--- a/Dockerfiles/pcap-capture.Dockerfile
+++ b/Dockerfiles/pcap-capture.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/pcap-monitor.Dockerfile b/Dockerfiles/pcap-monitor.Dockerfile
index f1c83c8da..ff3d5600d 100644
--- a/Dockerfiles/pcap-monitor.Dockerfile
+++ b/Dockerfiles/pcap-monitor.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/postgresql.Dockerfile b/Dockerfiles/postgresql.Dockerfile
index 1759b53d6..993ca855e 100644
--- a/Dockerfiles/postgresql.Dockerfile
+++ b/Dockerfiles/postgresql.Dockerfile
@@ -1,6 +1,6 @@
 FROM postgres:16-alpine
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/redis.Dockerfile b/Dockerfiles/redis.Dockerfile
index 0d45b35ef..d95224289 100644
--- a/Dockerfiles/redis.Dockerfile
+++ b/Dockerfiles/redis.Dockerfile
@@ -1,6 +1,6 @@
 FROM redis:7-alpine
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/suricata.Dockerfile b/Dockerfiles/suricata.Dockerfile
index d5a1104b7..9b77005cd 100644
--- a/Dockerfiles/suricata.Dockerfile
+++ b/Dockerfiles/suricata.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index 619acb53d..de6449947 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
 LABEL org.opencontainers.image.url='https://github.com/idaholab/Malcolm'
diff --git a/LICENSE.txt b/LICENSE.txt
index e4db15ef7..9413f2e34 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,4 +1,4 @@
-Copyright 2024 Battelle Energy Alliance, LLC
+Copyright 2025 Battelle Energy Alliance, LLC
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/NOTICE.txt b/NOTICE.txt
index 4365ece5a..0ac960f4d 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -4,7 +4,7 @@ https://github.com/idaholab/Malcolm
 
 See LICENSE.txt for license terms.
 
-Malcolm is Copyright (c) 2024 Battelle Energy Alliance, LLC, and is developed
+Malcolm is Copyright (c) 2025 Battelle Energy Alliance, LLC, and is developed
 and released through the cooperation of the Cybersecurity and Infrastructure
 Security Agency of the U.S. Department of Homeland Security. All rights reserved.
 
diff --git a/README.md b/README.md
index e29837f74..572aa2abc 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ You can help steer Malcolm's development by sharing your ideas and feedback. Ple
 
 ## <a name="Footer"></a>Copyright and License
 
-Malcolm is Copyright 2024 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the [Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/) of the [U.S. Department of Homeland Security](https://www.dhs.gov/).
+Malcolm is Copyright 2025 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the [Cybersecurity and Infrastructure Security Agency](https://www.cisa.gov/) of the [U.S. Department of Homeland Security](https://www.dhs.gov/).
 
 Malcolm is licensed under the Apache License, version 2.0. See `LICENSE.txt` for the terms of its release.
 
diff --git a/_config.yml b/_config.yml
index b2d24a72d..b37bc34e8 100644
--- a/_config.yml
+++ b/_config.yml
@@ -1,7 +1,7 @@
 repository: idaholab/Malcolm
 title: Malcolm
 malcolm:
-  version: 24.12.0
+  version: 25.01.0
 description: A powerful, easily deployable network traffic analysis tool suite for network security monitoring
 logo: docs/images/logo/Malcolm_outline_banner_dark.png
 remote_theme: pages-themes/minimal@v0.2.0
diff --git a/arkime/scripts/arkime_update_geo.sh b/arkime/scripts/arkime_update_geo.sh
index 197f89f69..9e8995f01 100755
--- a/arkime/scripts/arkime_update_geo.sh
+++ b/arkime/scripts/arkime_update_geo.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 cd "${ARKIME_DIR:-/opt/arkime}"/etc
 
diff --git a/arkime/scripts/initarkime.sh b/arkime/scripts/initarkime.sh
index 3de1cbf53..fee8d797b 100755
--- a/arkime/scripts/initarkime.sh
+++ b/arkime/scripts/initarkime.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 MALCOLM_PROFILE=${MALCOLM_PROFILE:-"malcolm"}
 OPENSEARCH_URL=${OPENSEARCH_URL:-"http://opensearch:9200"}
diff --git a/arkime/scripts/live_capture.sh b/arkime/scripts/live_capture.sh
index d45769383..637542492 100755
--- a/arkime/scripts/live_capture.sh
+++ b/arkime/scripts/live_capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2023 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ARKIME_DIR=${ARKIME_DIR:-"/opt/arkime"}
 CERT_FILE="${ARKIME_DIR}"/etc/viewer.crt
diff --git a/arkime/scripts/viewer_service.sh b/arkime/scripts/viewer_service.sh
index b6064fcdb..74e10795f 100755
--- a/arkime/scripts/viewer_service.sh
+++ b/arkime/scripts/viewer_service.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # note: when setting the node name, the docker_entrypoint.sh script around
 #   MALCOLM_PCAP_NODE_NAME as it gets written into config.ini needs to match
diff --git a/arkime/scripts/wipearkime.sh b/arkime/scripts/wipearkime.sh
index 6779dd6d1..96bd1b5ef 100755
--- a/arkime/scripts/wipearkime.sh
+++ b/arkime/scripts/wipearkime.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [[ ${OPENSEARCH_SSL_CERTIFICATE_VERIFICATION:-"false"} != "true" ]] && DB_SSL_FLAG="--insecure" || DB_SSL_FLAG=""
 OPENSEARCH_URL_FULL="$(grep -Pi '^elasticsearch\s*=' $ARKIME_DIR/etc/config.ini | cut -d'=' -f2-)"
diff --git a/arkime/scripts/wise_service.sh b/arkime/scripts/wise_service.sh
index d717dda10..80ddd80e1 100755
--- a/arkime/scripts/wise_service.sh
+++ b/arkime/scripts/wise_service.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 while true; do
   if [[ (("$WISE" == "on") || ("$ARKIME_LIVE_CAPTURE" == "true")) && (-f /var/run/arkime/runwise) && (-f $ARKIME_DIR/etc/wise.ini) ]]; then
diff --git a/arkime/supervisord.conf b/arkime/supervisord.conf
index afaa34e14..a9b64a5bc 100644
--- a/arkime/supervisord.conf
+++ b/arkime/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/arkime/wise/source.zeeklogs.js b/arkime/wise/source.zeeklogs.js
index 2bc468f3f..b49538c4c 100644
--- a/arkime/wise/source.zeeklogs.js
+++ b/arkime/wise/source.zeeklogs.js
@@ -10,7 +10,7 @@ const WISESource = require('./wiseSource.js');
 // Data may be populated with Malcolm's Logstash filters:
 //   (https://github.com/idaholab/Malcolm/tree/main/logstash/pipelines)
 //
-// Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+// Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 // see https://raw.githubusercontent.com/idaholab/Malcolm/main/LICENSE.txt
 //////////////////////////////////////////////////////////////////////////////////
 
diff --git a/dashboards/scripts/opensearch_read_only.py b/dashboards/scripts/opensearch_read_only.py
index 38dac8715..0ec48c805 100755
--- a/dashboards/scripts/opensearch_read_only.py
+++ b/dashboards/scripts/opensearch_read_only.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import argparse
 import json
diff --git a/dashboards/scripts/shared-object-creation.sh b/dashboards/scripts/shared-object-creation.sh
index e7bc2c21c..c6b526a40 100755
--- a/dashboards/scripts/shared-object-creation.sh
+++ b/dashboards/scripts/shared-object-creation.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -euo pipefail
 shopt -s nocasematch
diff --git a/dashboards/supervisord.conf b/dashboards/supervisord.conf
index 0fcb1fe2d..652c4685f 100644
--- a/dashboards/supervisord.conf
+++ b/dashboards/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 034a4cc37..f760bf3c7 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -1,11 +1,11 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 services:
   opensearch:
     build:
       context: .
       dockerfile: Dockerfiles/opensearch.Dockerfile
-    image: ghcr.io/idaholab/malcolm/opensearch:24.12.0
+    image: ghcr.io/idaholab/malcolm/opensearch:25.01.0
     # Technically the "hedgehog" profile doesn't have OpenSearch, but in that case
     #   OPENSEARCH_PRIMARY will be set to remote, which means the container will
     #   start but not actually run OpenSearch. It's included in both profiles to
@@ -83,7 +83,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/dashboards-helper.Dockerfile
-    image: ghcr.io/idaholab/malcolm/dashboards-helper:24.12.0
+    image: ghcr.io/idaholab/malcolm/dashboards-helper:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -137,7 +137,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/dashboards.Dockerfile
-    image: ghcr.io/idaholab/malcolm/dashboards:24.12.0
+    image: ghcr.io/idaholab/malcolm/dashboards:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -184,7 +184,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/logstash.Dockerfile
-    image: ghcr.io/idaholab/malcolm/logstash-oss:24.12.0
+    image: ghcr.io/idaholab/malcolm/logstash-oss:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -299,7 +299,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/filebeat.Dockerfile
-    image: ghcr.io/idaholab/malcolm/filebeat-oss:24.12.0
+    image: ghcr.io/idaholab/malcolm/filebeat-oss:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -376,7 +376,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/arkime.Dockerfile
-    image: ghcr.io/idaholab/malcolm/arkime:24.12.0
+    image: ghcr.io/idaholab/malcolm/arkime:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -462,7 +462,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/arkime.Dockerfile
-    image: ghcr.io/idaholab/malcolm/arkime:24.12.0
+    image: ghcr.io/idaholab/malcolm/arkime:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -547,7 +547,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/zeek.Dockerfile
-    image: ghcr.io/idaholab/malcolm/zeek:24.12.0
+    image: ghcr.io/idaholab/malcolm/zeek:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -620,7 +620,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/zeek.Dockerfile
-    image: ghcr.io/idaholab/malcolm/zeek:24.12.0
+    image: ghcr.io/idaholab/malcolm/zeek:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -685,7 +685,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/suricata.Dockerfile
-    image: ghcr.io/idaholab/malcolm/suricata:24.12.0
+    image: ghcr.io/idaholab/malcolm/suricata:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -745,7 +745,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/suricata.Dockerfile
-    image: ghcr.io/idaholab/malcolm/suricata:24.12.0
+    image: ghcr.io/idaholab/malcolm/suricata:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -803,7 +803,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-monitor.Dockerfile
-    image: ghcr.io/idaholab/malcolm/file-monitor:24.12.0
+    image: ghcr.io/idaholab/malcolm/file-monitor:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -859,7 +859,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-capture.Dockerfile
-    image: ghcr.io/idaholab/malcolm/pcap-capture:24.12.0
+    image: ghcr.io/idaholab/malcolm/pcap-capture:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -906,7 +906,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/pcap-monitor.Dockerfile
-    image: ghcr.io/idaholab/malcolm/pcap-monitor:24.12.0
+    image: ghcr.io/idaholab/malcolm/pcap-monitor:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -961,7 +961,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/file-upload.Dockerfile
-    image: ghcr.io/idaholab/malcolm/file-upload:24.12.0
+    image: ghcr.io/idaholab/malcolm/file-upload:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1003,7 +1003,7 @@ services:
       retries: 3
       start_period: 60s
   htadmin:
-    image: ghcr.io/idaholab/malcolm/htadmin:24.12.0
+    image: ghcr.io/idaholab/malcolm/htadmin:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1056,7 +1056,7 @@ services:
       retries: 3
       start_period: 60s
   freq:
-    image: ghcr.io/idaholab/malcolm/freq:24.12.0
+    image: ghcr.io/idaholab/malcolm/freq:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1094,7 +1094,7 @@ services:
       retries: 3
       start_period: 60s
   netbox:
-    image: ghcr.io/idaholab/malcolm/netbox:24.12.0
+    image: ghcr.io/idaholab/malcolm/netbox:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1161,7 +1161,7 @@ services:
       retries: 3
       start_period: 120s
   netbox-postgres:
-    image: ghcr.io/idaholab/malcolm/postgresql:24.12.0
+    image: ghcr.io/idaholab/malcolm/postgresql:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1205,7 +1205,7 @@ services:
       retries: 3
       start_period: 45s
   netbox-redis:
-    image: ghcr.io/idaholab/malcolm/redis:24.12.0
+    image: ghcr.io/idaholab/malcolm/redis:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1253,7 +1253,7 @@ services:
       retries: 3
       start_period: 45s
   netbox-redis-cache:
-    image: ghcr.io/idaholab/malcolm/redis:24.12.0
+    image: ghcr.io/idaholab/malcolm/redis:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1296,7 +1296,7 @@ services:
       retries: 3
       start_period: 45s
   api:
-    image: ghcr.io/idaholab/malcolm/api:24.12.0
+    image: ghcr.io/idaholab/malcolm/api:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1346,7 +1346,7 @@ services:
     build:
       context: .
       dockerfile: Dockerfiles/nginx.Dockerfile
-    image: ghcr.io/idaholab/malcolm/nginx-proxy:24.12.0
+    image: ghcr.io/idaholab/malcolm/nginx-proxy:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
diff --git a/docker-compose.yml b/docker-compose.yml
index cc9b234cb..4394b66af 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,8 +1,8 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 services:
   opensearch:
-    image: ghcr.io/idaholab/malcolm/opensearch:24.12.0
+    image: ghcr.io/idaholab/malcolm/opensearch:25.01.0
     # Technically the "hedgehog" profile doesn't have OpenSearch, but in that case
     #   OPENSEARCH_PRIMARY will be set to remote, which means the container will
     #   start but not actually run OpenSearch. It's included in both profiles to
@@ -77,7 +77,7 @@ services:
       retries: 3
       start_period: 180s
   dashboards-helper:
-    image: ghcr.io/idaholab/malcolm/dashboards-helper:24.12.0
+    image: ghcr.io/idaholab/malcolm/dashboards-helper:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -128,7 +128,7 @@ services:
       retries: 3
       start_period: 30s
   dashboards:
-    image: ghcr.io/idaholab/malcolm/dashboards:24.12.0
+    image: ghcr.io/idaholab/malcolm/dashboards:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -172,7 +172,7 @@ services:
       retries: 3
       start_period: 210s
   logstash:
-    image: ghcr.io/idaholab/malcolm/logstash-oss:24.12.0
+    image: ghcr.io/idaholab/malcolm/logstash-oss:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -260,7 +260,7 @@ services:
       retries: 3
       start_period: 600s
   filebeat:
-    image: ghcr.io/idaholab/malcolm/filebeat-oss:24.12.0
+    image: ghcr.io/idaholab/malcolm/filebeat-oss:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -334,7 +334,7 @@ services:
       retries: 3
       start_period: 60s
   arkime:
-    image: ghcr.io/idaholab/malcolm/arkime:24.12.0
+    image: ghcr.io/idaholab/malcolm/arkime:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -399,7 +399,7 @@ services:
       retries: 3
       start_period: 210s
   arkime-live:
-    image: ghcr.io/idaholab/malcolm/arkime:24.12.0
+    image: ghcr.io/idaholab/malcolm/arkime:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -463,7 +463,7 @@ services:
       source: ./pcap
       target: /data/pcap
   zeek:
-    image: ghcr.io/idaholab/malcolm/zeek:24.12.0
+    image: ghcr.io/idaholab/malcolm/zeek:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -527,7 +527,7 @@ services:
       retries: 3
       start_period: 60s
   zeek-live:
-    image: ghcr.io/idaholab/malcolm/zeek:24.12.0
+    image: ghcr.io/idaholab/malcolm/zeek:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -583,7 +583,7 @@ services:
       target: /opt/zeek/share/zeek/site/custom
       read_only: true
   suricata:
-    image: ghcr.io/idaholab/malcolm/suricata:24.12.0
+    image: ghcr.io/idaholab/malcolm/suricata:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -640,7 +640,7 @@ services:
       retries: 3
       start_period: 120s
   suricata-live:
-    image: ghcr.io/idaholab/malcolm/suricata:24.12.0
+    image: ghcr.io/idaholab/malcolm/suricata:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -695,7 +695,7 @@ services:
       target: /opt/suricata/include-configs
       read_only: true
   file-monitor:
-    image: ghcr.io/idaholab/malcolm/file-monitor:24.12.0
+    image: ghcr.io/idaholab/malcolm/file-monitor:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -748,7 +748,7 @@ services:
       retries: 3
       start_period: 60s
   pcap-capture:
-    image: ghcr.io/idaholab/malcolm/pcap-capture:24.12.0
+    image: ghcr.io/idaholab/malcolm/pcap-capture:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -792,7 +792,7 @@ services:
       source: ./pcap/upload
       target: /pcap
   pcap-monitor:
-    image: ghcr.io/idaholab/malcolm/pcap-monitor:24.12.0
+    image: ghcr.io/idaholab/malcolm/pcap-monitor:25.01.0
     profiles: ["malcolm", "hedgehog"]
     userns_mode: keep-id
     logging:
@@ -844,7 +844,7 @@ services:
       retries: 3
       start_period: 90s
   upload:
-    image: ghcr.io/idaholab/malcolm/file-upload:24.12.0
+    image: ghcr.io/idaholab/malcolm/file-upload:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -886,7 +886,7 @@ services:
       retries: 3
       start_period: 60s
   htadmin:
-    image: ghcr.io/idaholab/malcolm/htadmin:24.12.0
+    image: ghcr.io/idaholab/malcolm/htadmin:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -936,7 +936,7 @@ services:
       retries: 3
       start_period: 60s
   freq:
-    image: ghcr.io/idaholab/malcolm/freq:24.12.0
+    image: ghcr.io/idaholab/malcolm/freq:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -971,7 +971,7 @@ services:
       retries: 3
       start_period: 60s
   netbox:
-    image: ghcr.io/idaholab/malcolm/netbox:24.12.0
+    image: ghcr.io/idaholab/malcolm/netbox:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1035,7 +1035,7 @@ services:
       retries: 3
       start_period: 120s
   netbox-postgres:
-    image: ghcr.io/idaholab/malcolm/postgresql:24.12.0
+    image: ghcr.io/idaholab/malcolm/postgresql:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1076,7 +1076,7 @@ services:
       retries: 3
       start_period: 45s
   netbox-redis:
-    image: ghcr.io/idaholab/malcolm/redis:24.12.0
+    image: ghcr.io/idaholab/malcolm/redis:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1121,7 +1121,7 @@ services:
       retries: 3
       start_period: 45s
   netbox-redis-cache:
-    image: ghcr.io/idaholab/malcolm/redis:24.12.0
+    image: ghcr.io/idaholab/malcolm/redis:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1161,7 +1161,7 @@ services:
       retries: 3
       start_period: 45s
   api:
-    image: ghcr.io/idaholab/malcolm/api:24.12.0
+    image: ghcr.io/idaholab/malcolm/api:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
@@ -1205,7 +1205,7 @@ services:
       retries: 3
       start_period: 60s
   nginx-proxy:
-    image: ghcr.io/idaholab/malcolm/nginx-proxy:24.12.0
+    image: ghcr.io/idaholab/malcolm/nginx-proxy:25.01.0
     profiles: ["malcolm"]
     userns_mode: keep-id
     logging:
diff --git a/file-monitor/docker-entrypoint.sh b/file-monitor/docker-entrypoint.sh
index 0027ecfd6..0ee56283c 100755
--- a/file-monitor/docker-entrypoint.sh
+++ b/file-monitor/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [[ -z $EXTRACTED_FILE_ENABLE_CLAMAV ]]; then
   EXTRACTED_FILE_ENABLE_CLAMAV=false
diff --git a/file-monitor/supervisord.conf b/file-monitor/supervisord.conf
index 4b8dbcea7..685b78639 100644
--- a/file-monitor/supervisord.conf
+++ b/file-monitor/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/file-upload/docker-entrypoint.sh b/file-upload/docker-entrypoint.sh
index f4b3c3afc..fd15abd89 100755
--- a/file-upload/docker-entrypoint.sh
+++ b/file-upload/docker-entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [[ -z $MALCOLM_USERNAME || -z $MALCOLM_PASSWORD ]]; then
   echo "Please set the SSH username and (openssl-encrypted then base64-encoded) password by adding the following arguments to docker run/create:"
diff --git a/file-upload/supervisord.conf b/file-upload/supervisord.conf
index 5a6f22aa2..6c7428a85 100644
--- a/file-upload/supervisord.conf
+++ b/file-upload/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/filebeat/filebeat-logs.yml b/filebeat/filebeat-logs.yml
index e3a7ffeca..9c5a25d67 100644
--- a/filebeat/filebeat-logs.yml
+++ b/filebeat/filebeat-logs.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 name: "${PCAP_NODE_NAME:malcolm}"
 
diff --git a/filebeat/filebeat-nginx.yml b/filebeat/filebeat-nginx.yml
index 2d1247d13..66d62fc34 100644
--- a/filebeat/filebeat-nginx.yml
+++ b/filebeat/filebeat-nginx.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 name: "${PCAP_NODE_NAME:malcolm}"
 
diff --git a/filebeat/filebeat-tcp.yml b/filebeat/filebeat-tcp.yml
index dd5353579..c300aa6db 100644
--- a/filebeat/filebeat-tcp.yml
+++ b/filebeat/filebeat-tcp.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 name: "${PCAP_NODE_NAME:malcolm}"
 
diff --git a/filebeat/scripts/clean-processed-folder.py b/filebeat/scripts/clean-processed-folder.py
index b21e9841b..eefea808b 100755
--- a/filebeat/scripts/clean-processed-folder.py
+++ b/filebeat/scripts/clean-processed-folder.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 import os
diff --git a/filebeat/scripts/filebeat-process-zeek-folder-functions.sh b/filebeat/scripts/filebeat-process-zeek-folder-functions.sh
index 17cd2e8ff..4d92d71ed 100755
--- a/filebeat/scripts/filebeat-process-zeek-folder-functions.sh
+++ b/filebeat/scripts/filebeat-process-zeek-folder-functions.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 function in_array() {
   local haystack="${1}[@]"
diff --git a/filebeat/scripts/filebeat-process-zeek-folder.sh b/filebeat/scripts/filebeat-process-zeek-folder.sh
index 9aae1798e..5feab172f 100755
--- a/filebeat/scripts/filebeat-process-zeek-folder.sh
+++ b/filebeat/scripts/filebeat-process-zeek-folder.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 # for files (sort -V (natural)) under /zeek that:
diff --git a/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.py b/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.py
index 864ce28d8..ce1b7ceb4 100755
--- a/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.py
+++ b/filebeat/scripts/filebeat-watch-zeeklogs-uploads-folder.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for PCAP files for processing (by publishing their filenames to a ZMQ socket)
diff --git a/filebeat/scripts/filebeat.sh b/filebeat/scripts/filebeat.sh
index 208931571..7316d3e56 100644
--- a/filebeat/scripts/filebeat.sh
+++ b/filebeat/scripts/filebeat.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 PATH_HOME=
 PATH_CONFIG=
 PATH_DATA=
diff --git a/filebeat/supervisord.conf b/filebeat/supervisord.conf
index d7e94ccf7..ee762d4ef 100644
--- a/filebeat/supervisord.conf
+++ b/filebeat/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/freq-server/supervisord.conf b/freq-server/supervisord.conf
index 0fc672422..81c53ee64 100644
--- a/freq-server/supervisord.conf
+++ b/freq-server/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/hedgehog-iso/Dockerfile b/hedgehog-iso/Dockerfile
index c7a9970b2..25b3dcd57 100644
--- a/hedgehog-iso/Dockerfile
+++ b/hedgehog-iso/Dockerfile
@@ -1,6 +1,6 @@
 FROM ghcr.io/mmguero/qemu-live-iso:latest
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
diff --git a/hedgehog-iso/config/hooks/normal/0169-pip-installs.hook.chroot b/hedgehog-iso/config/hooks/normal/0169-pip-installs.hook.chroot
index f5a69daf0..87945666f 100755
--- a/hedgehog-iso/config/hooks/normal/0169-pip-installs.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0169-pip-installs.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export LC_ALL=C.UTF-8
 export LANG=C.UTF-8
diff --git a/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot b/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
index 8e5872e7a..67a789502 100755
--- a/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 sed -i 's/^exit 0//' /etc/rc.local 2>/dev/null
 
diff --git a/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 93b070894..74c284cce 100755
--- a/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # some environment variables needed for build
 export CCACHE_DIR="/var/spool/ccache"
diff --git a/hedgehog-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot b/hedgehog-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
index 2d9862133..057068969 100755
--- a/hedgehog-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # clone harbian-audit and clean up some stuff we don't need
 mkdir -p /opt
diff --git a/hedgehog-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot b/hedgehog-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
index c24eadc13..7b10fc3d9 100755
--- a/hedgehog-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # remove development packages not necessary for building dynamic Zeek plugins
 apt-get -y --purge remove \
diff --git a/hedgehog-iso/config/hooks/normal/0991-security-performance.hook.chroot b/hedgehog-iso/config/hooks/normal/0991-security-performance.hook.chroot
index e4fa64082..3a4d246c7 100755
--- a/hedgehog-iso/config/hooks/normal/0991-security-performance.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0991-security-performance.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ARCH="$(dpkg --print-architecture)"
 
diff --git a/hedgehog-iso/config/hooks/normal/0992-login.hook.chroot b/hedgehog-iso/config/hooks/normal/0992-login.hook.chroot
index c8cd4a337..ae4f6a45b 100755
--- a/hedgehog-iso/config/hooks/normal/0992-login.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0992-login.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 sed -i 's/^#autologin-user=.*/autologin-user=sensor/' /etc/lightdm/lightdm.conf
 sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
diff --git a/hedgehog-iso/config/includes.binary/install/preseed_base.cfg b/hedgehog-iso/config/includes.binary/install/preseed_base.cfg
index bc3c87ca2..dee00a02c 100644
--- a/hedgehog-iso/config/includes.binary/install/preseed_base.cfg
+++ b/hedgehog-iso/config/includes.binary/install/preseed_base.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i netcfg/enable boolean false
 d-i netcfg/choose_interface select auto
diff --git a/hedgehog-iso/config/includes.binary/install/preseed_multipar.cfg b/hedgehog-iso/config/includes.binary/install/preseed_multipar.cfg
index 9189b6932..c596f55fa 100644
--- a/hedgehog-iso/config/includes.binary/install/preseed_multipar.cfg
+++ b/hedgehog-iso/config/includes.binary/install/preseed_multipar.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/hedgehog-iso/config/includes.binary/install/preseed_vmware.cfg b/hedgehog-iso/config/includes.binary/install/preseed_vmware.cfg
index 792d0c7a6..aac02e866 100644
--- a/hedgehog-iso/config/includes.binary/install/preseed_vmware.cfg
+++ b/hedgehog-iso/config/includes.binary/install/preseed_vmware.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek b/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek
index 7f846c9ea..7b3ef5a46 100644
--- a/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek
+++ b/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 @load ./extractor_params
 
diff --git a/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek b/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek
index 4aeca1da6..9d671e99e 100644
--- a/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek
+++ b/hedgehog-iso/config/includes.chroot/opt/zeek/share/zeek/site/extractor_params.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   const extractor_extract_none       = "none" &redef;
diff --git a/hedgehog-iso/config/includes.chroot/usr/local/bin/configure-capture.py b/hedgehog-iso/config/includes.chroot/usr/local/bin/configure-capture.py
index b108d6820..e62db500b 100755
--- a/hedgehog-iso/config/includes.chroot/usr/local/bin/configure-capture.py
+++ b/hedgehog-iso/config/includes.chroot/usr/local/bin/configure-capture.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # script for configuring sensor capture and forwarding parameters
 
diff --git a/hedgehog-iso/config/includes.chroot/usr/local/bin/sensor-init.sh b/hedgehog-iso/config/includes.chroot/usr/local/bin/sensor-init.sh
index 009d856a5..1063d11bf 100755
--- a/hedgehog-iso/config/includes.chroot/usr/local/bin/sensor-init.sh
+++ b/hedgehog-iso/config/includes.chroot/usr/local/bin/sensor-init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 SCRIPT_PATH="$(dirname $(realpath -e "${BASH_SOURCE[0]}"))"
 
diff --git a/hedgehog-iso/config/includes.chroot/usr/local/bin/ufw_allow_requests.sh b/hedgehog-iso/config/includes.chroot/usr/local/bin/ufw_allow_requests.sh
index bec7776a0..f6dea1b9e 100755
--- a/hedgehog-iso/config/includes.chroot/usr/local/bin/ufw_allow_requests.sh
+++ b/hedgehog-iso/config/includes.chroot/usr/local/bin/ufw_allow_requests.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # manage a UFW rule for allowing a remote Malcolm instance to connect to
 # services hosted on the sensor
diff --git a/hedgehog-iso/interface/sensor_ctl/arkime/live_capture.sh b/hedgehog-iso/interface/sensor_ctl/arkime/live_capture.sh
index 118a8f9a5..70adbb7d6 100755
--- a/hedgehog-iso/interface/sensor_ctl/arkime/live_capture.sh
+++ b/hedgehog-iso/interface/sensor_ctl/arkime/live_capture.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ARKIME_DIR=${ARKIME_DIR:-"/opt/arkime"}
 
diff --git a/hedgehog-iso/interface/sensor_ctl/clean.sh b/hedgehog-iso/interface/sensor_ctl/clean.sh
index 2d253f975..717b06ae8 100755
--- a/hedgehog-iso/interface/sensor_ctl/clean.sh
+++ b/hedgehog-iso/interface/sensor_ctl/clean.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/hedgehog-iso/interface/sensor_ctl/control.sh b/hedgehog-iso/interface/sensor_ctl/control.sh
index 84a645b1f..07f61c7bf 100755
--- a/hedgehog-iso/interface/sensor_ctl/control.sh
+++ b/hedgehog-iso/interface/sensor_ctl/control.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml b/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml
index adb9ae734..8c87afc4e 100644
--- a/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml
+++ b/hedgehog-iso/interface/sensor_ctl/filebeat/filebeat.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 logging.metrics.enabled: false
 
diff --git a/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh b/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh
index cb204f0eb..e2c3474d1 100755
--- a/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh
+++ b/hedgehog-iso/interface/sensor_ctl/filebeat/sensor_filebeat_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [[ -z "$ZEEK_CAPTURE_PATH" ]]; then
   ZEEK_CAPTURE_PATH="$HOME/zeek_logs"
diff --git a/hedgehog-iso/interface/sensor_ctl/miscbeat/filebeat.yml b/hedgehog-iso/interface/sensor_ctl/miscbeat/filebeat.yml
index f3a0dbae7..802760b53 100644
--- a/hedgehog-iso/interface/sensor_ctl/miscbeat/filebeat.yml
+++ b/hedgehog-iso/interface/sensor_ctl/miscbeat/filebeat.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filebeat.inputs:
 - type: tcp
diff --git a/hedgehog-iso/interface/sensor_ctl/miscbeat/sensor_miscbeat_local.sh b/hedgehog-iso/interface/sensor_ctl/miscbeat/sensor_miscbeat_local.sh
index b329b760f..8436b24cd 100755
--- a/hedgehog-iso/interface/sensor_ctl/miscbeat/sensor_miscbeat_local.sh
+++ b/hedgehog-iso/interface/sensor_ctl/miscbeat/sensor_miscbeat_local.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory (containing config file)
 [[ "$(uname -s)" = 'Darwin' ]] && REALPATH=grealpath || REALPATH=realpath
diff --git a/hedgehog-iso/interface/sensor_ctl/scripts/log_disk_space.sh b/hedgehog-iso/interface/sensor_ctl/scripts/log_disk_space.sh
index 798987cde..7b318c242 100755
--- a/hedgehog-iso/interface/sensor_ctl/scripts/log_disk_space.sh
+++ b/hedgehog-iso/interface/sensor_ctl/scripts/log_disk_space.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 SPACE_STRING="$(/bin/df -lh --output=source,target,avail,size,pcent | tail -n +2 | grep '^/dev' |  tr -s ' ' ',' | cut -d, -f2,3,4,5 | sed 's/^/\[/' | sed 's/$/\]/' | tr '\n' '.')"
 logger "${SPACE_STRING}"
diff --git a/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh b/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh
index 28436aa0d..c5b950fd0 100644
--- a/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh
+++ b/hedgehog-iso/interface/sensor_ctl/supervisor.init/arkime_config_populate.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export ARKIME_HTTPS_FLAG=""
 
diff --git a/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_update_cron_setup.sh b/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_update_cron_setup.sh
index 6df9390e2..e6d53bd3f 100644
--- a/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_update_cron_setup.sh
+++ b/hedgehog-iso/interface/sensor_ctl/supervisor.init/suricata_update_cron_setup.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [[ -n $SUPERVISOR_PATH ]] && [[ -d "$SUPERVISOR_PATH"/supercronic ]]; then
 
diff --git a/hedgehog-iso/interface/sensor_ctl/supervisor.sh b/hedgehog-iso/interface/sensor_ctl/supervisor.sh
index 933baf5cf..27a5b34d0 100755
--- a/hedgehog-iso/interface/sensor_ctl/supervisor.sh
+++ b/hedgehog-iso/interface/sensor_ctl/supervisor.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/hedgehog-iso/interface/sensor_ctl/zeek/extractor_override.interesting.zeek b/hedgehog-iso/interface/sensor_ctl/zeek/extractor_override.interesting.zeek
index 3055ed92f..8cb43bea5 100644
--- a/hedgehog-iso/interface/sensor_ctl/zeek/extractor_override.interesting.zeek
+++ b/hedgehog-iso/interface/sensor_ctl/zeek/extractor_override.interesting.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   redef extractor_always_extract_unknown = F;
diff --git a/hedgehog-iso/interface/sensor_interface/routes.py b/hedgehog-iso/interface/sensor_interface/routes.py
index 4a0b0c5ce..4ab099374 100644
--- a/hedgehog-iso/interface/sensor_interface/routes.py
+++ b/hedgehog-iso/interface/sensor_interface/routes.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import psutil
 import time
diff --git a/hedgehog-iso/interface/sensor_interface/static/js/custom.js b/hedgehog-iso/interface/sensor_interface/static/js/custom.js
index 347e16927..013e3f627 100644
--- a/hedgehog-iso/interface/sensor_interface/static/js/custom.js
+++ b/hedgehog-iso/interface/sensor_interface/static/js/custom.js
@@ -1,4 +1,4 @@
-// Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+// Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 function start_all() {
     var xhttp = new XMLHttpRequest();
diff --git a/hedgehog-iso/interface/sensor_interface/sysquery/sys_service.py b/hedgehog-iso/interface/sensor_interface/sysquery/sys_service.py
index 781882084..e06d6516f 100644
--- a/hedgehog-iso/interface/sensor_interface/sysquery/sys_service.py
+++ b/hedgehog-iso/interface/sensor_interface/sysquery/sys_service.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import subprocess
 import json
diff --git a/hedgehog-iso/vagrant/Vagrantfile b/hedgehog-iso/vagrant/Vagrantfile
index bc1c3cf90..707c9cd89 100644
--- a/hedgehog-iso/vagrant/Vagrantfile
+++ b/hedgehog-iso/vagrant/Vagrantfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unless Vagrant.has_plugin?("vagrant-sshfs")
   raise 'vagrant-sshfs plugin is not installed!'
diff --git a/hedgehog-iso/yara/Dockerfile b/hedgehog-iso/yara/Dockerfile
index 98b9c4674..2e8a84cf5 100644
--- a/hedgehog-iso/yara/Dockerfile
+++ b/hedgehog-iso/yara/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm@inl.gov"
 
diff --git a/hedgehog-iso/yara/build-docker-image.sh b/hedgehog-iso/yara/build-docker-image.sh
index 31060166b..76372e67e 100755
--- a/hedgehog-iso/yara/build-docker-image.sh
+++ b/hedgehog-iso/yara/build-docker-image.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory
 SCRIPT_PATH="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/hedgehog-iso/yara/build-yara-deb.sh b/hedgehog-iso/yara/build-yara-deb.sh
index 1fd9f7989..1896db38a 100755
--- a/hedgehog-iso/yara/build-yara-deb.sh
+++ b/hedgehog-iso/yara/build-yara-deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 YARA_URL="https://github.com/VirusTotal/YARA"
 YARA_VER="$(curl -sqI "$YARA_URL/releases/latest" | awk -F '/' '/^location/ {print  substr($NF, 1, length($NF)-1)}' | sed 's/^v//')"
diff --git a/hedgehog-raspi/Dockerfile b/hedgehog-raspi/Dockerfile
index dcdcb9468..8be23e1e5 100644
--- a/hedgehog-raspi/Dockerfile
+++ b/hedgehog-raspi/Dockerfile
@@ -1,6 +1,6 @@
 FROM ghcr.io/mmguero/qemu-live-iso:latest
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
diff --git a/hedgehog-raspi/vagrant/Vagrantfile b/hedgehog-raspi/vagrant/Vagrantfile
index 897e6a371..6efe07d65 100644
--- a/hedgehog-raspi/vagrant/Vagrantfile
+++ b/hedgehog-raspi/vagrant/Vagrantfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unless Vagrant.has_plugin?("vagrant-sshfs")
   raise 'vagrant-sshfs plugin is not installed!'
diff --git a/htadmin/supervisord.conf b/htadmin/supervisord.conf
index c0aba0f9d..851340436 100644
--- a/htadmin/supervisord.conf
+++ b/htadmin/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/kubernetes/03-opensearch.yml b/kubernetes/03-opensearch.yml
index 28a3bc5e7..9d09746c3 100644
--- a/kubernetes/03-opensearch.yml
+++ b/kubernetes/03-opensearch.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: opensearch-container
-        image: ghcr.io/idaholab/malcolm/opensearch:24.12.0
+        image: ghcr.io/idaholab/malcolm/opensearch:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -71,7 +71,7 @@ spec:
             subPath: "opensearch"
       initContainers:
       - name: opensearch-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/04-dashboards.yml b/kubernetes/04-dashboards.yml
index 138e0a6a7..f2ea328ff 100644
--- a/kubernetes/04-dashboards.yml
+++ b/kubernetes/04-dashboards.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: dashboards-container
-        image: ghcr.io/idaholab/malcolm/dashboards:24.12.0
+        image: ghcr.io/idaholab/malcolm/dashboards:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/05-upload.yml b/kubernetes/05-upload.yml
index ac5ef80f6..466c7c491 100644
--- a/kubernetes/05-upload.yml
+++ b/kubernetes/05-upload.yml
@@ -34,7 +34,7 @@ spec:
     spec:
       containers:
       - name: upload-container
-        image: ghcr.io/idaholab/malcolm/file-upload:24.12.0
+        image: ghcr.io/idaholab/malcolm/file-upload:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -73,7 +73,7 @@ spec:
             subPath: "upload"
       initContainers:
       - name: upload-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/06-pcap-monitor.yml b/kubernetes/06-pcap-monitor.yml
index 7808d3212..1eab516c1 100644
--- a/kubernetes/06-pcap-monitor.yml
+++ b/kubernetes/06-pcap-monitor.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: pcap-monitor-container
-        image: ghcr.io/idaholab/malcolm/pcap-monitor:24.12.0
+        image: ghcr.io/idaholab/malcolm/pcap-monitor:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -70,7 +70,7 @@ spec:
             name: pcap-monitor-zeek-volume
       initContainers:
       - name: pcap-monitor-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/07-arkime.yml b/kubernetes/07-arkime.yml
index f483bf63f..221685f6e 100644
--- a/kubernetes/07-arkime.yml
+++ b/kubernetes/07-arkime.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: arkime-container
-        image: ghcr.io/idaholab/malcolm/arkime:24.12.0
+        image: ghcr.io/idaholab/malcolm/arkime:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -81,7 +81,7 @@ spec:
             name: arkime-pcap-volume
       initContainers:
       - name: arkime-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/08-api.yml b/kubernetes/08-api.yml
index 422d403dc..d6ee6cbca 100644
--- a/kubernetes/08-api.yml
+++ b/kubernetes/08-api.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: api-container
-        image: ghcr.io/idaholab/malcolm/api:24.12.0
+        image: ghcr.io/idaholab/malcolm/api:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/09-dashboards-helper.yml b/kubernetes/09-dashboards-helper.yml
index fc65ee1e6..eb185a3b6 100644
--- a/kubernetes/09-dashboards-helper.yml
+++ b/kubernetes/09-dashboards-helper.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: dashboards-helper-container
-        image: ghcr.io/idaholab/malcolm/dashboards-helper:24.12.0
+        image: ghcr.io/idaholab/malcolm/dashboards-helper:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/10-zeek.yml b/kubernetes/10-zeek.yml
index 865ed63d2..fc7ee06c8 100644
--- a/kubernetes/10-zeek.yml
+++ b/kubernetes/10-zeek.yml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: zeek-offline-container
-        image: ghcr.io/idaholab/malcolm/zeek:24.12.0
+        image: ghcr.io/idaholab/malcolm/zeek:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -62,7 +62,7 @@ spec:
             subPath: "zeek/intel"
       initContainers:
       - name: zeek-offline-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/11-suricata.yml b/kubernetes/11-suricata.yml
index af93b525e..1a721cb97 100644
--- a/kubernetes/11-suricata.yml
+++ b/kubernetes/11-suricata.yml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: suricata-offline-container
-        image: ghcr.io/idaholab/malcolm/suricata:24.12.0
+        image: ghcr.io/idaholab/malcolm/suricata:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -55,7 +55,7 @@ spec:
             name: suricata-offline-custom-configs-volume
       initContainers:
       - name: suricata-offline-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/12-file-monitor.yml b/kubernetes/12-file-monitor.yml
index 0a7bc3c4e..4eeac930d 100644
--- a/kubernetes/12-file-monitor.yml
+++ b/kubernetes/12-file-monitor.yml
@@ -33,7 +33,7 @@ spec:
     spec:
       containers:
       - name: file-monitor-container
-        image: ghcr.io/idaholab/malcolm/file-monitor:24.12.0
+        image: ghcr.io/idaholab/malcolm/file-monitor:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -83,7 +83,7 @@ spec:
             name: file-monitor-yara-rules-custom-volume
       initContainers:
       - name: file-monitor-live-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/13-filebeat.yml b/kubernetes/13-filebeat.yml
index cc0fa13b1..6c28afb6c 100644
--- a/kubernetes/13-filebeat.yml
+++ b/kubernetes/13-filebeat.yml
@@ -33,7 +33,7 @@ spec:
     spec:
       containers:
       - name: filebeat-container
-        image: ghcr.io/idaholab/malcolm/filebeat-oss:24.12.0
+        image: ghcr.io/idaholab/malcolm/filebeat-oss:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -83,7 +83,7 @@ spec:
             subPath: "nginx"
       initContainers:
       - name: filebeat-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/14-logstash.yml b/kubernetes/14-logstash.yml
index 1720bf47a..08669839d 100644
--- a/kubernetes/14-logstash.yml
+++ b/kubernetes/14-logstash.yml
@@ -49,7 +49,7 @@ spec:
       #       topologyKey: "kubernetes.io/hostname"
       containers:
       - name: logstash-container
-        image: ghcr.io/idaholab/malcolm/logstash-oss:24.12.0
+        image: ghcr.io/idaholab/malcolm/logstash-oss:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -114,7 +114,7 @@ spec:
             subPath: "logstash"
       initContainers:
       - name: logstash-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/15-netbox-redis.yml b/kubernetes/15-netbox-redis.yml
index c1afbd151..312112bb1 100644
--- a/kubernetes/15-netbox-redis.yml
+++ b/kubernetes/15-netbox-redis.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: netbox-redis-container
-        image: ghcr.io/idaholab/malcolm/redis:24.12.0
+        image: ghcr.io/idaholab/malcolm/redis:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -83,7 +83,7 @@ spec:
             subPath: netbox/redis
       initContainers:
       - name: netbox-redis-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/16-netbox-redis-cache.yml b/kubernetes/16-netbox-redis-cache.yml
index 088832f7f..3819b4f0b 100644
--- a/kubernetes/16-netbox-redis-cache.yml
+++ b/kubernetes/16-netbox-redis-cache.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: netbox-redis-cache-container
-        image: ghcr.io/idaholab/malcolm/redis:24.12.0
+        image: ghcr.io/idaholab/malcolm/redis:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/17-netbox-postgres.yml b/kubernetes/17-netbox-postgres.yml
index 9418304d1..9470f7aee 100644
--- a/kubernetes/17-netbox-postgres.yml
+++ b/kubernetes/17-netbox-postgres.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: netbox-postgres-container
-        image: ghcr.io/idaholab/malcolm/postgresql:24.12.0
+        image: ghcr.io/idaholab/malcolm/postgresql:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -74,7 +74,7 @@ spec:
             subPath: netbox/postgres
       initContainers:
       - name: netbox-postgres-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/18-netbox.yml b/kubernetes/18-netbox.yml
index 56a49d113..90ee2c436 100644
--- a/kubernetes/18-netbox.yml
+++ b/kubernetes/18-netbox.yml
@@ -36,7 +36,7 @@ spec:
     spec:
       containers:
       - name: netbox-container
-        image: ghcr.io/idaholab/malcolm/netbox:24.12.0
+        image: ghcr.io/idaholab/malcolm/netbox:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -88,7 +88,7 @@ spec:
             subPath: netbox/media
       initContainers:
       - name: netbox-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/19-htadmin.yml b/kubernetes/19-htadmin.yml
index 2329b3795..5c356bd89 100644
--- a/kubernetes/19-htadmin.yml
+++ b/kubernetes/19-htadmin.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: htadmin-container
-        image: ghcr.io/idaholab/malcolm/htadmin:24.12.0
+        image: ghcr.io/idaholab/malcolm/htadmin:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -63,7 +63,7 @@ spec:
             subPath: "htadmin"
       initContainers:
       - name: htadmin-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/20-pcap-capture.yml b/kubernetes/20-pcap-capture.yml
index 7be2a824e..953e013f4 100644
--- a/kubernetes/20-pcap-capture.yml
+++ b/kubernetes/20-pcap-capture.yml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: pcap-capture-container
-        image: ghcr.io/idaholab/malcolm/pcap-capture:24.12.0
+        image: ghcr.io/idaholab/malcolm/pcap-capture:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -50,7 +50,7 @@ spec:
             subPath: "upload"
       initContainers:
       - name: pcap-capture-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/21-zeek-live.yml b/kubernetes/21-zeek-live.yml
index 7f9075a27..fae5de8d9 100644
--- a/kubernetes/21-zeek-live.yml
+++ b/kubernetes/21-zeek-live.yml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: zeek-live-container
-        image: ghcr.io/idaholab/malcolm/zeek:24.12.0
+        image: ghcr.io/idaholab/malcolm/zeek:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -61,7 +61,7 @@ spec:
             subPath: "zeek/intel"
       initContainers:
       - name: zeek-live-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/22-suricata-live.yml b/kubernetes/22-suricata-live.yml
index 23513a0fb..cba4bd2e7 100644
--- a/kubernetes/22-suricata-live.yml
+++ b/kubernetes/22-suricata-live.yml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: suricata-live-container
-        image: ghcr.io/idaholab/malcolm/suricata:24.12.0
+        image: ghcr.io/idaholab/malcolm/suricata:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -56,7 +56,7 @@ spec:
             name: suricata-live-custom-configs-volume
       initContainers:
       - name: suricata-live-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/23-arkime-live.yml b/kubernetes/23-arkime-live.yml
index 568988e14..10324c7ec 100644
--- a/kubernetes/23-arkime-live.yml
+++ b/kubernetes/23-arkime-live.yml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: arkime-live-container
-        image: ghcr.io/idaholab/malcolm/arkime:24.12.0
+        image: ghcr.io/idaholab/malcolm/arkime:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -64,7 +64,7 @@ spec:
             name: arkime-live-pcap-volume
       initContainers:
       - name: arkime-live-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/24-freq.yml b/kubernetes/24-freq.yml
index 29a2c991c..0511a433a 100644
--- a/kubernetes/24-freq.yml
+++ b/kubernetes/24-freq.yml
@@ -30,7 +30,7 @@ spec:
     spec:
       containers:
       - name: freq-container
-        image: ghcr.io/idaholab/malcolm/freq:24.12.0
+        image: ghcr.io/idaholab/malcolm/freq:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/kubernetes/98-nginx-proxy.yml b/kubernetes/98-nginx-proxy.yml
index 4873d6be6..35c230827 100644
--- a/kubernetes/98-nginx-proxy.yml
+++ b/kubernetes/98-nginx-proxy.yml
@@ -39,7 +39,7 @@ spec:
     spec:
       containers:
       - name: nginx-proxy-container
-        image: ghcr.io/idaholab/malcolm/nginx-proxy:24.12.0
+        image: ghcr.io/idaholab/malcolm/nginx-proxy:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
@@ -99,7 +99,7 @@ spec:
           subPath: "nginx"
       initContainers:
       - name: nginx-dirinit-container
-        image: ghcr.io/idaholab/malcolm/dirinit:24.12.0
+        image: ghcr.io/idaholab/malcolm/dirinit:25.01.0
         imagePullPolicy: Always
         stdin: false
         tty: true
diff --git a/logstash/certs/client.conf b/logstash/certs/client.conf
index dd13ea722..6b00be60d 100644
--- a/logstash/certs/client.conf
+++ b/logstash/certs/client.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # one may wish to consider not using self-signed certificates in production
 
diff --git a/logstash/certs/server.conf b/logstash/certs/server.conf
index bb92f2403..cebd7b887 100644
--- a/logstash/certs/server.conf
+++ b/logstash/certs/server.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # one may wish to consider not using self-signed certificates in production
 
diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index cf91d814c..9cb620b3e 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -3,7 +3,7 @@
 #   Malcolm and Hedgehog Linux itself (i.e., not captured
 #   network traffic metadata, but operational metadata)
 #
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/enrichment/20_enriched_to_ecs.conf b/logstash/pipelines/enrichment/20_enriched_to_ecs.conf
index 5a46456a6..fdb42c0f0 100644
--- a/logstash/pipelines/enrichment/20_enriched_to_ecs.conf
+++ b/logstash/pipelines/enrichment/20_enriched_to_ecs.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/enrichment/23_severity.conf b/logstash/pipelines/enrichment/23_severity.conf
index 3c28a2d2a..a028544d6 100644
--- a/logstash/pipelines/enrichment/23_severity.conf
+++ b/logstash/pipelines/enrichment/23_severity.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/enrichment/96_make_unique.conf b/logstash/pipelines/enrichment/96_make_unique.conf
index 1e5367017..348f01673 100644
--- a/logstash/pipelines/enrichment/96_make_unique.conf
+++ b/logstash/pipelines/enrichment/96_make_unique.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # take array fields that are already generic (i.e., ECS or Arkime) and deduplicate them.
 # there is also a little bit of light normalization that happens here
diff --git a/logstash/pipelines/enrichment/97_arkimize.conf b/logstash/pipelines/enrichment/97_arkimize.conf
index a94c58696..ed3debc89 100644
--- a/logstash/pipelines/enrichment/97_arkimize.conf
+++ b/logstash/pipelines/enrichment/97_arkimize.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # take fields that are already generic (i.e., ECS or whatever) and copy them
 # to their Arkime equivalents if applicable
diff --git a/logstash/pipelines/enrichment/98_finalize.conf b/logstash/pipelines/enrichment/98_finalize.conf
index 2a8be2578..eab443f3e 100644
--- a/logstash/pipelines/enrichment/98_finalize.conf
+++ b/logstash/pipelines/enrichment/98_finalize.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # final adjustments before forwarding
 
diff --git a/logstash/pipelines/output/98_finalize.conf b/logstash/pipelines/output/98_finalize.conf
index 3365b269e..7ea9ae812 100644
--- a/logstash/pipelines/output/98_finalize.conf
+++ b/logstash/pipelines/output/98_finalize.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
     # remove tags we'd rather not see globally
diff --git a/logstash/pipelines/suricata/19_severity.conf b/logstash/pipelines/suricata/19_severity.conf
index 19d8db1eb..7f183c11a 100644
--- a/logstash/pipelines/suricata/19_severity.conf
+++ b/logstash/pipelines/suricata/19_severity.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/zeek/1000_zeek_prep.conf b/logstash/pipelines/zeek/1000_zeek_prep.conf
index 3a33831ca..b280b829b 100644
--- a/logstash/pipelines/zeek/1000_zeek_prep.conf
+++ b/logstash/pipelines/zeek/1000_zeek_prep.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/zeek/1001_zeek_parse.conf b/logstash/pipelines/zeek/1001_zeek_parse.conf
index 454ba8e53..ca68f9f7d 100644
--- a/logstash/pipelines/zeek/1001_zeek_parse.conf
+++ b/logstash/pipelines/zeek/1001_zeek_parse.conf
@@ -11,7 +11,7 @@
 #   - get filters where in != out
 #   $ docker compose exec logstash curl -XGET http://localhost:9600/_node/stats/pipelines | jq -r '.. | .filters? // empty | .[] | objects | select (.events.in != .events.out) | [.id, .events.in, .events.out, .events.duration_in_millis] | join (";")'
 #
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1011_zeek_bacnet.conf b/logstash/pipelines/zeek/1011_zeek_bacnet.conf
index 841a0b415..b953a1b39 100644
--- a/logstash/pipelines/zeek/1011_zeek_bacnet.conf
+++ b/logstash/pipelines/zeek/1011_zeek_bacnet.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1012_zeek_bestguess.conf b/logstash/pipelines/zeek/1012_zeek_bestguess.conf
index 9067f3f09..a12e369ad 100644
--- a/logstash/pipelines/zeek/1012_zeek_bestguess.conf
+++ b/logstash/pipelines/zeek/1012_zeek_bestguess.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1013_zeek_bsap.conf b/logstash/pipelines/zeek/1013_zeek_bsap.conf
index 8a9f8f0b6..6fbbc54be 100644
--- a/logstash/pipelines/zeek/1013_zeek_bsap.conf
+++ b/logstash/pipelines/zeek/1013_zeek_bsap.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1014_zeek_conn.conf b/logstash/pipelines/zeek/1014_zeek_conn.conf
index 29f2cb613..dabbd20dd 100644
--- a/logstash/pipelines/zeek/1014_zeek_conn.conf
+++ b/logstash/pipelines/zeek/1014_zeek_conn.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1015_zeek_dce_rpc.conf b/logstash/pipelines/zeek/1015_zeek_dce_rpc.conf
index e2efbab9c..f0aba81b7 100644
--- a/logstash/pipelines/zeek/1015_zeek_dce_rpc.conf
+++ b/logstash/pipelines/zeek/1015_zeek_dce_rpc.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1016_zeek_dhcp.conf b/logstash/pipelines/zeek/1016_zeek_dhcp.conf
index f94df57df..9d9d05a83 100644
--- a/logstash/pipelines/zeek/1016_zeek_dhcp.conf
+++ b/logstash/pipelines/zeek/1016_zeek_dhcp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1017_zeek_diagnostic.conf b/logstash/pipelines/zeek/1017_zeek_diagnostic.conf
index b1c7025aa..04c23c080 100644
--- a/logstash/pipelines/zeek/1017_zeek_diagnostic.conf
+++ b/logstash/pipelines/zeek/1017_zeek_diagnostic.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1018_zeek_dnp3.conf b/logstash/pipelines/zeek/1018_zeek_dnp3.conf
index 846343c79..82671dd12 100644
--- a/logstash/pipelines/zeek/1018_zeek_dnp3.conf
+++ b/logstash/pipelines/zeek/1018_zeek_dnp3.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1019_zeek_dns.conf b/logstash/pipelines/zeek/1019_zeek_dns.conf
index 7971b0e31..165db08f8 100644
--- a/logstash/pipelines/zeek/1019_zeek_dns.conf
+++ b/logstash/pipelines/zeek/1019_zeek_dns.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1020_zeek_ecat.conf b/logstash/pipelines/zeek/1020_zeek_ecat.conf
index b3272fc21..9838dfd5b 100644
--- a/logstash/pipelines/zeek/1020_zeek_ecat.conf
+++ b/logstash/pipelines/zeek/1020_zeek_ecat.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1021_zeek_enip.conf b/logstash/pipelines/zeek/1021_zeek_enip.conf
index 2a2f9e8f2..a824628ca 100644
--- a/logstash/pipelines/zeek/1021_zeek_enip.conf
+++ b/logstash/pipelines/zeek/1021_zeek_enip.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1022_zeek_files.conf b/logstash/pipelines/zeek/1022_zeek_files.conf
index 105492ee9..1fb2451c3 100644
--- a/logstash/pipelines/zeek/1022_zeek_files.conf
+++ b/logstash/pipelines/zeek/1022_zeek_files.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1023_zeek_ftp.conf b/logstash/pipelines/zeek/1023_zeek_ftp.conf
index 30473a39f..46b070f04 100644
--- a/logstash/pipelines/zeek/1023_zeek_ftp.conf
+++ b/logstash/pipelines/zeek/1023_zeek_ftp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1024_zeek_genisys.conf b/logstash/pipelines/zeek/1024_zeek_genisys.conf
index fb50b5d93..c893ae8c0 100644
--- a/logstash/pipelines/zeek/1024_zeek_genisys.conf
+++ b/logstash/pipelines/zeek/1024_zeek_genisys.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1025_zeek_ge_srtp.conf b/logstash/pipelines/zeek/1025_zeek_ge_srtp.conf
index b7e73d456..2aba4714f 100644
--- a/logstash/pipelines/zeek/1025_zeek_ge_srtp.conf
+++ b/logstash/pipelines/zeek/1025_zeek_ge_srtp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1026_zeek_gquic.conf b/logstash/pipelines/zeek/1026_zeek_gquic.conf
index 70a697dff..be1e00dfd 100644
--- a/logstash/pipelines/zeek/1026_zeek_gquic.conf
+++ b/logstash/pipelines/zeek/1026_zeek_gquic.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1027_zeek_hart_ip.conf b/logstash/pipelines/zeek/1027_zeek_hart_ip.conf
index fbe84e04f..b2c95879b 100644
--- a/logstash/pipelines/zeek/1027_zeek_hart_ip.conf
+++ b/logstash/pipelines/zeek/1027_zeek_hart_ip.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1028_zeek_http.conf b/logstash/pipelines/zeek/1028_zeek_http.conf
index 0baf87789..f26f4d564 100644
--- a/logstash/pipelines/zeek/1028_zeek_http.conf
+++ b/logstash/pipelines/zeek/1028_zeek_http.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1029_zeek_intel.conf b/logstash/pipelines/zeek/1029_zeek_intel.conf
index 1796a5337..da81ca0b4 100644
--- a/logstash/pipelines/zeek/1029_zeek_intel.conf
+++ b/logstash/pipelines/zeek/1029_zeek_intel.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1030_zeek_ipsec.conf b/logstash/pipelines/zeek/1030_zeek_ipsec.conf
index 34d5a3a4c..fb1495e29 100644
--- a/logstash/pipelines/zeek/1030_zeek_ipsec.conf
+++ b/logstash/pipelines/zeek/1030_zeek_ipsec.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1031_zeek_irc.conf b/logstash/pipelines/zeek/1031_zeek_irc.conf
index b674565e9..99ede2211 100644
--- a/logstash/pipelines/zeek/1031_zeek_irc.conf
+++ b/logstash/pipelines/zeek/1031_zeek_irc.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1032_zeek_kerberos.conf b/logstash/pipelines/zeek/1032_zeek_kerberos.conf
index d79335c5e..975dc3cfc 100644
--- a/logstash/pipelines/zeek/1032_zeek_kerberos.conf
+++ b/logstash/pipelines/zeek/1032_zeek_kerberos.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1033_zeek_known.conf b/logstash/pipelines/zeek/1033_zeek_known.conf
index 0b701453a..2e54851bf 100644
--- a/logstash/pipelines/zeek/1033_zeek_known.conf
+++ b/logstash/pipelines/zeek/1033_zeek_known.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1034_zeek_ldap.conf b/logstash/pipelines/zeek/1034_zeek_ldap.conf
index 3ae2f8f17..6340ea517 100644
--- a/logstash/pipelines/zeek/1034_zeek_ldap.conf
+++ b/logstash/pipelines/zeek/1034_zeek_ldap.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1035_zeek_login.conf b/logstash/pipelines/zeek/1035_zeek_login.conf
index 2460ffa56..beda4f8e6 100644
--- a/logstash/pipelines/zeek/1035_zeek_login.conf
+++ b/logstash/pipelines/zeek/1035_zeek_login.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1036_zeek_modbus.conf b/logstash/pipelines/zeek/1036_zeek_modbus.conf
index 4ff4723cb..4412284a6 100644
--- a/logstash/pipelines/zeek/1036_zeek_modbus.conf
+++ b/logstash/pipelines/zeek/1036_zeek_modbus.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1037_zeek_mqtt.conf b/logstash/pipelines/zeek/1037_zeek_mqtt.conf
index 8c3730f44..2cfb8bbb5 100644
--- a/logstash/pipelines/zeek/1037_zeek_mqtt.conf
+++ b/logstash/pipelines/zeek/1037_zeek_mqtt.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1038_zeek_mysql.conf b/logstash/pipelines/zeek/1038_zeek_mysql.conf
index 892ac1bb2..19b844eb1 100644
--- a/logstash/pipelines/zeek/1038_zeek_mysql.conf
+++ b/logstash/pipelines/zeek/1038_zeek_mysql.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1039_zeek_notice.conf b/logstash/pipelines/zeek/1039_zeek_notice.conf
index ac044fef8..1c6d1aedb 100644
--- a/logstash/pipelines/zeek/1039_zeek_notice.conf
+++ b/logstash/pipelines/zeek/1039_zeek_notice.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1040_zeek_ntlm.conf b/logstash/pipelines/zeek/1040_zeek_ntlm.conf
index b0cafaee7..49ea98cb4 100644
--- a/logstash/pipelines/zeek/1040_zeek_ntlm.conf
+++ b/logstash/pipelines/zeek/1040_zeek_ntlm.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1041_zeek_ntp.conf b/logstash/pipelines/zeek/1041_zeek_ntp.conf
index fc4196b57..3cf496645 100644
--- a/logstash/pipelines/zeek/1041_zeek_ntp.conf
+++ b/logstash/pipelines/zeek/1041_zeek_ntp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1042_zeek_ocsp.conf b/logstash/pipelines/zeek/1042_zeek_ocsp.conf
index b6919838e..1f68ea947 100644
--- a/logstash/pipelines/zeek/1042_zeek_ocsp.conf
+++ b/logstash/pipelines/zeek/1042_zeek_ocsp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1043_zeek_opcua_binary.conf b/logstash/pipelines/zeek/1043_zeek_opcua_binary.conf
index 59e70689f..8e729f839 100644
--- a/logstash/pipelines/zeek/1043_zeek_opcua_binary.conf
+++ b/logstash/pipelines/zeek/1043_zeek_opcua_binary.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1044_zeek_ospf.conf b/logstash/pipelines/zeek/1044_zeek_ospf.conf
index 462bb4979..e69840cd3 100644
--- a/logstash/pipelines/zeek/1044_zeek_ospf.conf
+++ b/logstash/pipelines/zeek/1044_zeek_ospf.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1045_zeek_pe.conf b/logstash/pipelines/zeek/1045_zeek_pe.conf
index 992c6829d..3cde9c46e 100644
--- a/logstash/pipelines/zeek/1045_zeek_pe.conf
+++ b/logstash/pipelines/zeek/1045_zeek_pe.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1046_zeek_profinet.conf b/logstash/pipelines/zeek/1046_zeek_profinet.conf
index f823d9a6e..d9d7f6cff 100644
--- a/logstash/pipelines/zeek/1046_zeek_profinet.conf
+++ b/logstash/pipelines/zeek/1046_zeek_profinet.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1047_zeek_radius.conf b/logstash/pipelines/zeek/1047_zeek_radius.conf
index 8164bdcd2..4bf8d59fe 100644
--- a/logstash/pipelines/zeek/1047_zeek_radius.conf
+++ b/logstash/pipelines/zeek/1047_zeek_radius.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1048_zeek_rdp.conf b/logstash/pipelines/zeek/1048_zeek_rdp.conf
index c773b9962..cbb891203 100644
--- a/logstash/pipelines/zeek/1048_zeek_rdp.conf
+++ b/logstash/pipelines/zeek/1048_zeek_rdp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1049_zeek_rfb.conf b/logstash/pipelines/zeek/1049_zeek_rfb.conf
index e65d628fc..6540bad50 100644
--- a/logstash/pipelines/zeek/1049_zeek_rfb.conf
+++ b/logstash/pipelines/zeek/1049_zeek_rfb.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1050_zeek_s7comm.conf b/logstash/pipelines/zeek/1050_zeek_s7comm.conf
index 4b808b194..1270241d2 100644
--- a/logstash/pipelines/zeek/1050_zeek_s7comm.conf
+++ b/logstash/pipelines/zeek/1050_zeek_s7comm.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1051_zeek_signatures.conf b/logstash/pipelines/zeek/1051_zeek_signatures.conf
index 4f6a20441..49cb8e567 100644
--- a/logstash/pipelines/zeek/1051_zeek_signatures.conf
+++ b/logstash/pipelines/zeek/1051_zeek_signatures.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1052_zeek_sip.conf b/logstash/pipelines/zeek/1052_zeek_sip.conf
index fc49f7c33..242d358d6 100644
--- a/logstash/pipelines/zeek/1052_zeek_sip.conf
+++ b/logstash/pipelines/zeek/1052_zeek_sip.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1053_zeek_smb.conf b/logstash/pipelines/zeek/1053_zeek_smb.conf
index 9e42d4429..2db2e83b7 100644
--- a/logstash/pipelines/zeek/1053_zeek_smb.conf
+++ b/logstash/pipelines/zeek/1053_zeek_smb.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1054_zeek_smtp.conf b/logstash/pipelines/zeek/1054_zeek_smtp.conf
index f4587c5d5..362df67a9 100644
--- a/logstash/pipelines/zeek/1054_zeek_smtp.conf
+++ b/logstash/pipelines/zeek/1054_zeek_smtp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1055_zeek_snmp.conf b/logstash/pipelines/zeek/1055_zeek_snmp.conf
index 2991ed095..055077c3b 100644
--- a/logstash/pipelines/zeek/1055_zeek_snmp.conf
+++ b/logstash/pipelines/zeek/1055_zeek_snmp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1056_zeek_socks.conf b/logstash/pipelines/zeek/1056_zeek_socks.conf
index aeec39cb0..b7842c929 100644
--- a/logstash/pipelines/zeek/1056_zeek_socks.conf
+++ b/logstash/pipelines/zeek/1056_zeek_socks.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1057_zeek_software.conf b/logstash/pipelines/zeek/1057_zeek_software.conf
index e6cfe36d5..319cca1c2 100644
--- a/logstash/pipelines/zeek/1057_zeek_software.conf
+++ b/logstash/pipelines/zeek/1057_zeek_software.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1058_zeek_ssh.conf b/logstash/pipelines/zeek/1058_zeek_ssh.conf
index bf1177a34..0ed368e0c 100644
--- a/logstash/pipelines/zeek/1058_zeek_ssh.conf
+++ b/logstash/pipelines/zeek/1058_zeek_ssh.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1059_zeek_ssl.conf b/logstash/pipelines/zeek/1059_zeek_ssl.conf
index 675bb103b..e99cdf691 100644
--- a/logstash/pipelines/zeek/1059_zeek_ssl.conf
+++ b/logstash/pipelines/zeek/1059_zeek_ssl.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1060_zeek_stun.conf b/logstash/pipelines/zeek/1060_zeek_stun.conf
index fdb291513..bff49dd60 100644
--- a/logstash/pipelines/zeek/1060_zeek_stun.conf
+++ b/logstash/pipelines/zeek/1060_zeek_stun.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1061_zeek_synchrophasor.conf b/logstash/pipelines/zeek/1061_zeek_synchrophasor.conf
index ad4795ec7..229d8dd39 100644
--- a/logstash/pipelines/zeek/1061_zeek_synchrophasor.conf
+++ b/logstash/pipelines/zeek/1061_zeek_synchrophasor.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1062_zeek_syslog.conf b/logstash/pipelines/zeek/1062_zeek_syslog.conf
index efb0ed69b..c8d2efd68 100644
--- a/logstash/pipelines/zeek/1062_zeek_syslog.conf
+++ b/logstash/pipelines/zeek/1062_zeek_syslog.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1063_zeek_tds.conf b/logstash/pipelines/zeek/1063_zeek_tds.conf
index 23a724d0c..ea6142bf9 100644
--- a/logstash/pipelines/zeek/1063_zeek_tds.conf
+++ b/logstash/pipelines/zeek/1063_zeek_tds.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1064_zeek_tftp.conf b/logstash/pipelines/zeek/1064_zeek_tftp.conf
index 67cd6acef..b1bfca034 100644
--- a/logstash/pipelines/zeek/1064_zeek_tftp.conf
+++ b/logstash/pipelines/zeek/1064_zeek_tftp.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1065_zeek_tunnel.conf b/logstash/pipelines/zeek/1065_zeek_tunnel.conf
index 6dfa8829f..aec97aa70 100644
--- a/logstash/pipelines/zeek/1065_zeek_tunnel.conf
+++ b/logstash/pipelines/zeek/1065_zeek_tunnel.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1066_zeek_weird.conf b/logstash/pipelines/zeek/1066_zeek_weird.conf
index 4c1da69e3..332ba81d7 100644
--- a/logstash/pipelines/zeek/1066_zeek_weird.conf
+++ b/logstash/pipelines/zeek/1066_zeek_weird.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1067_zeek_wireguard.conf b/logstash/pipelines/zeek/1067_zeek_wireguard.conf
index 4a69f88d7..3f30f1000 100644
--- a/logstash/pipelines/zeek/1067_zeek_wireguard.conf
+++ b/logstash/pipelines/zeek/1067_zeek_wireguard.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1068_zeek_x509.conf b/logstash/pipelines/zeek/1068_zeek_x509.conf
index 9705ebd83..93a7547eb 100644
--- a/logstash/pipelines/zeek/1068_zeek_x509.conf
+++ b/logstash/pipelines/zeek/1068_zeek_x509.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1069_zeek_websocket.conf b/logstash/pipelines/zeek/1069_zeek_websocket.conf
index 5d0bbc0b6..e14d666e6 100644
--- a/logstash/pipelines/zeek/1069_zeek_websocket.conf
+++ b/logstash/pipelines/zeek/1069_zeek_websocket.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1199_zeek_unknown.conf b/logstash/pipelines/zeek/1199_zeek_unknown.conf
index ea72245c1..097b8bdf0 100644
--- a/logstash/pipelines/zeek/1199_zeek_unknown.conf
+++ b/logstash/pipelines/zeek/1199_zeek_unknown.conf
@@ -1,5 +1,5 @@
 ########################
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 #######################
 
 filter {
diff --git a/logstash/pipelines/zeek/1200_zeek_mutate.conf b/logstash/pipelines/zeek/1200_zeek_mutate.conf
index f9dd27b6c..3b68d5625 100644
--- a/logstash/pipelines/zeek/1200_zeek_mutate.conf
+++ b/logstash/pipelines/zeek/1200_zeek_mutate.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/zeek/1300_zeek_normalize.conf b/logstash/pipelines/zeek/1300_zeek_normalize.conf
index 8deb42be8..1cedcf7e9 100644
--- a/logstash/pipelines/zeek/1300_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/1300_zeek_normalize.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/zeek/1400_zeek_convert.conf b/logstash/pipelines/zeek/1400_zeek_convert.conf
index 28d2c6cb4..d6e54f09e 100644
--- a/logstash/pipelines/zeek/1400_zeek_convert.conf
+++ b/logstash/pipelines/zeek/1400_zeek_convert.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/pipelines/zeek/1900_severity.conf b/logstash/pipelines/zeek/1900_severity.conf
index 309f72b07..4d8ebc1e5 100644
--- a/logstash/pipelines/zeek/1900_severity.conf
+++ b/logstash/pipelines/zeek/1900_severity.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 filter {
 
diff --git a/logstash/scripts/logstash-start.sh b/logstash/scripts/logstash-start.sh
index a44e98176..731572d7e 100755
--- a/logstash/scripts/logstash-start.sh
+++ b/logstash/scripts/logstash-start.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/logstash/supervisord.conf b/logstash/supervisord.conf
index a9b91b0bf..a78d56234 100644
--- a/logstash/supervisord.conf
+++ b/logstash/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [inet_http_server]
 port=0.0.0.0:9001
diff --git a/malcolm-iso/Dockerfile b/malcolm-iso/Dockerfile
index e371b85b0..99210da42 100644
--- a/malcolm-iso/Dockerfile
+++ b/malcolm-iso/Dockerfile
@@ -1,6 +1,6 @@
 FROM ghcr.io/mmguero/qemu-live-iso:latest
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
diff --git a/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot b/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
index 535d38795..5e66a1303 100755
--- a/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 sed -i 's/^exit 0//' /etc/rc.local 2>/dev/null
 
diff --git a/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot b/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
index 4ba6b95fb..f54e4ebb8 100755
--- a/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
+++ b/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # clone harbian-audit and clean up some stuff we don't need
 mkdir -p /opt
diff --git a/malcolm-iso/config/includes.binary/install/preseed_base.cfg b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
index 7f0ebecb8..edb99d240 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_base.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_base.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i hw-detect/load_firmware boolean true
 d-i clock-setup/utc boolean true
diff --git a/malcolm-iso/config/includes.binary/install/preseed_multipar.cfg b/malcolm-iso/config/includes.binary/install/preseed_multipar.cfg
index 96d68233c..14f950609 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_multipar.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_multipar.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg b/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
index 792d0c7a6..aac02e866 100644
--- a/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
+++ b/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 d-i debian-installer/locale string en_US.UTF-8
 d-i console-setup/ask_detect boolean false
diff --git a/malcolm-iso/config/includes.chroot/usr/local/bin/agg-init.sh b/malcolm-iso/config/includes.chroot/usr/local/bin/agg-init.sh
index cce07105d..b0717a78d 100755
--- a/malcolm-iso/config/includes.chroot/usr/local/bin/agg-init.sh
+++ b/malcolm-iso/config/includes.chroot/usr/local/bin/agg-init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 SCRIPT_PATH="$(dirname $(realpath -e "${BASH_SOURCE[0]}"))"
 
diff --git a/malcolm-iso/config/includes.chroot/usr/local/bin/docker-load-wait.sh b/malcolm-iso/config/includes.chroot/usr/local/bin/docker-load-wait.sh
index 5f177c912..47f517804 100755
--- a/malcolm-iso/config/includes.chroot/usr/local/bin/docker-load-wait.sh
+++ b/malcolm-iso/config/includes.chroot/usr/local/bin/docker-load-wait.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 grep -q boot=live /proc/cmdline && exit 0
 
diff --git a/malcolm-iso/config/includes.chroot/usr/local/bin/malcolm-first-run-configure.sh b/malcolm-iso/config/includes.chroot/usr/local/bin/malcolm-first-run-configure.sh
index 3a81f572f..47a4578cd 100755
--- a/malcolm-iso/config/includes.chroot/usr/local/bin/malcolm-first-run-configure.sh
+++ b/malcolm-iso/config/includes.chroot/usr/local/bin/malcolm-first-run-configure.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 grep -q boot=live /proc/cmdline && exit 0
 
diff --git a/malcolm-iso/config/includes.chroot/usr/local/bin/set-malcolm-gtk-bookmark.sh b/malcolm-iso/config/includes.chroot/usr/local/bin/set-malcolm-gtk-bookmark.sh
index 5b16afc88..5a05b0c92 100755
--- a/malcolm-iso/config/includes.chroot/usr/local/bin/set-malcolm-gtk-bookmark.sh
+++ b/malcolm-iso/config/includes.chroot/usr/local/bin/set-malcolm-gtk-bookmark.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if ! grep -q Malcolm$ "$HOME"/.config/gtk-3.0/bookmarks && [[ -d "$HOME"/Malcolm ]]; then
   mkdir -p "$HOME"/.config/gtk-3.0/
diff --git a/malcolm-iso/htpdate/Dockerfile b/malcolm-iso/htpdate/Dockerfile
index 5bccd51dc..147cc4333 100644
--- a/malcolm-iso/htpdate/Dockerfile
+++ b/malcolm-iso/htpdate/Dockerfile
@@ -1,6 +1,6 @@
 FROM debian:12-slim
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 LABEL maintainer="malcolm@inl.gov"
 
diff --git a/malcolm-iso/htpdate/build-docker-image.sh b/malcolm-iso/htpdate/build-docker-image.sh
index a2361e8cf..3c91e4488 100755
--- a/malcolm-iso/htpdate/build-docker-image.sh
+++ b/malcolm-iso/htpdate/build-docker-image.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # force-navigate to script directory
 SCRIPT_PATH="$( cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/malcolm-iso/htpdate/build-htpdate-deb.sh b/malcolm-iso/htpdate/build-htpdate-deb.sh
index 51b32567a..dad2f98fa 100755
--- a/malcolm-iso/htpdate/build-htpdate-deb.sh
+++ b/malcolm-iso/htpdate/build-htpdate-deb.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 HTPDATE_URL="https://github.com/twekkel/htpdate"
 HTPDATE_VER="$(curl -sqI "$HTPDATE_URL/releases/latest" | awk -F '/' '/^location/ {print  substr($NF, 1, length($NF)-1)}' | sed 's/^v//')"
diff --git a/malcolm-iso/vagrant/Vagrantfile b/malcolm-iso/vagrant/Vagrantfile
index 8057a54f5..3f7a16eea 100644
--- a/malcolm-iso/vagrant/Vagrantfile
+++ b/malcolm-iso/vagrant/Vagrantfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unless Vagrant.has_plugin?("vagrant-sshfs")
   raise 'vagrant-sshfs plugin is not installed!'
diff --git a/netbox/scripts/netbox_enumerate_permissions.py b/netbox/scripts/netbox_enumerate_permissions.py
index 871226842..5da932f8b 100644
--- a/netbox/scripts/netbox_enumerate_permissions.py
+++ b/netbox/scripts/netbox_enumerate_permissions.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import argparse
 import itertools
diff --git a/netbox/scripts/netbox_init.py b/netbox/scripts/netbox_init.py
index 2193fda0a..562e4d81e 100755
--- a/netbox/scripts/netbox_init.py
+++ b/netbox/scripts/netbox_init.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import argparse
 import glob
diff --git a/netbox/scripts/netbox_install_plugins.py b/netbox/scripts/netbox_install_plugins.py
index 60960a77f..c3009e30a 100755
--- a/netbox/scripts/netbox_install_plugins.py
+++ b/netbox/scripts/netbox_install_plugins.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import argparse
 import ast
diff --git a/netbox/supervisord.conf b/netbox/supervisord.conf
index be80d8736..90b03ec26 100644
--- a/netbox/supervisord.conf
+++ b/netbox/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [inet_http_server]
 port=0.0.0.0:9001
diff --git a/nginx/landingpage/404.html b/nginx/landingpage/404.html
index dc799d6d4..05ce1e608 100644
--- a/nginx/landingpage/404.html
+++ b/nginx/landingpage/404.html
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
-    <!-- Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved. -->
+    <!-- Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved. -->
     <head>
         <base target="_blank">
         <meta charset="utf-8" />
@@ -42,7 +42,7 @@ <h2 class="mb-3">This page does not exist</h2>
                 <div class="row">
                     <div class="col-lg-6 h-100 text-center text-lg-start my-auto">
                         <p class="text-muted small mb-4 mb-lg-0">
-                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2024 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
+                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
                         Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
                     </div>
                     <div class="col-lg-6 h-100 text-center text-lg-end my-auto">
diff --git a/nginx/landingpage/502.html b/nginx/landingpage/502.html
index dc2dd487a..d9b482646 100644
--- a/nginx/landingpage/502.html
+++ b/nginx/landingpage/502.html
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
-    <!-- Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved. -->
+    <!-- Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved. -->
     <head>
         <base target="_blank">
         <meta charset="utf-8" />
@@ -43,7 +43,7 @@ <h2 class="mb-3">Malcolm has encountered an error</h2>
                 <div class="row">
                     <div class="col-lg-6 h-100 text-center text-lg-start my-auto">
                         <p class="text-muted small mb-4 mb-lg-0">
-                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2024 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
+                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
                         Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
                     </div>
                     <div class="col-lg-6 h-100 text-center text-lg-end my-auto">
diff --git a/nginx/landingpage/index.html b/nginx/landingpage/index.html
index 5daad4dc8..c741dc678 100644
--- a/nginx/landingpage/index.html
+++ b/nginx/landingpage/index.html
@@ -1,6 +1,6 @@
 <!DOCTYPE html>
 <html lang="en">
-    <!-- Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved. -->
+    <!-- Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved. -->
     <head>
         <base target="_blank">
         <meta charset="utf-8" />
@@ -97,7 +97,7 @@ <h3>Extracted Files</h3></a>
                 <div class="row">
                     <div class="col-lg-6 h-100 text-center text-lg-start my-auto">
                         <p class="text-muted small mb-4 mb-lg-0">
-                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2024 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
+                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
                         Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
                     </div>
                     <div class="col-lg-6 h-100 text-center text-lg-end my-auto">
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 25107e9bd..8e4fcb38e 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 daemon off;
 
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index 8d3c45921..bab3d9868 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 daemon off;
 
diff --git a/nginx/supervisord.conf b/nginx/supervisord.conf
index 4fa4d85ad..be7fcd9e3 100644
--- a/nginx/supervisord.conf
+++ b/nginx/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/pcap-capture/scripts/netsniff-roll.sh b/pcap-capture/scripts/netsniff-roll.sh
index 1fd48530a..f021ce82e 100755
--- a/pcap-capture/scripts/netsniff-roll.sh
+++ b/pcap-capture/scripts/netsniff-roll.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 lastmod(){
   expr $(date +%s) - $(stat -c %X "$1")
diff --git a/pcap-capture/scripts/supervisor.sh b/pcap-capture/scripts/supervisor.sh
index 73c4a869a..b0e4545f2 100755
--- a/pcap-capture/scripts/supervisor.sh
+++ b/pcap-capture/scripts/supervisor.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 set -e
diff --git a/pcap-capture/supervisord.conf b/pcap-capture/supervisord.conf
index 1ee0eb6a3..b07ae2da6 100644
--- a/pcap-capture/supervisord.conf
+++ b/pcap-capture/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/pcap-monitor/scripts/watch-pcap-uploads-folder.py b/pcap-monitor/scripts/watch-pcap-uploads-folder.py
index e3f21aed9..d287637be 100755
--- a/pcap-monitor/scripts/watch-pcap-uploads-folder.py
+++ b/pcap-monitor/scripts/watch-pcap-uploads-folder.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for PCAP files for processing (by publishing their filenames to a ZMQ socket)
diff --git a/pcap-monitor/supervisord.conf b/pcap-monitor/supervisord.conf
index e1f7b6fc1..47f3e96f4 100644
--- a/pcap-monitor/supervisord.conf
+++ b/pcap-monitor/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 
 [unix_http_server]
diff --git a/scripts/build.sh b/scripts/build.sh
index 6a9473d79..466c2fa13 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/scripts/control.py b/scripts/control.py
index 2430685c8..10c1c606c 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import sys
 
diff --git a/scripts/demo/Vagrantfile b/scripts/demo/Vagrantfile
index b1ffd363f..b0b0a3df3 100644
--- a/scripts/demo/Vagrantfile
+++ b/scripts/demo/Vagrantfile
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 Vagrant.configure("2") do |config|
 
diff --git a/scripts/demo/amazon_linux_2023_malcolm_demo_setup.sh b/scripts/demo/amazon_linux_2023_malcolm_demo_setup.sh
index 9d8f42a2c..9b1ea8154 100755
--- a/scripts/demo/amazon_linux_2023_malcolm_demo_setup.sh
+++ b/scripts/demo/amazon_linux_2023_malcolm_demo_setup.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################
 # for setting up a Malcolm demo instance on an Amazon Linux 2023 instance from scratch
diff --git a/scripts/demo/reset_and_auto_populate.sh b/scripts/demo/reset_and_auto_populate.sh
index 9724b0748..f9b5ff934 100755
--- a/scripts/demo/reset_and_auto_populate.sh
+++ b/scripts/demo/reset_and_auto_populate.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###############################################################################
 #
diff --git a/scripts/documentation_build.sh b/scripts/documentation_build.sh
index 086a63e6b..b52e80264 100755
--- a/scripts/documentation_build.sh
+++ b/scripts/documentation_build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/scripts/github_image_helper.sh b/scripts/github_image_helper.sh
index 28d58e94c..dcd59cb3d 100755
--- a/scripts/github_image_helper.sh
+++ b/scripts/github_image_helper.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/scripts/install.py b/scripts/install.py
index e539bb96c..423e5c17c 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import sys
 
diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh
index 8d39f2467..00ad2b7fd 100755
--- a/scripts/malcolm_appliance_packager.sh
+++ b/scripts/malcolm_appliance_packager.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/scripts/malcolm_common.py b/scripts/malcolm_common.py
index 52127daf9..0c5b07487 100644
--- a/scripts/malcolm_common.py
+++ b/scripts/malcolm_common.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import getpass
 import importlib
diff --git a/scripts/malcolm_kubernetes.py b/scripts/malcolm_kubernetes.py
index 30a510915..846eb507d 100644
--- a/scripts/malcolm_kubernetes.py
+++ b/scripts/malcolm_kubernetes.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import base64
 import glob
diff --git a/scripts/malcolm_utils.py b/scripts/malcolm_utils.py
index 80d6ccf68..c39846515 100644
--- a/scripts/malcolm_utils.py
+++ b/scripts/malcolm_utils.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import contextlib
 import enum
diff --git a/scripts/package_zeek_logs.sh b/scripts/package_zeek_logs.sh
index 8a484e4da..00d38a00e 100755
--- a/scripts/package_zeek_logs.sh
+++ b/scripts/package_zeek_logs.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # package up Zeek logs in a format more suitable for upload to Malcolm
 #
diff --git a/scripts/release_cleaver.ps1 b/scripts/release_cleaver.ps1
index e5c6019b1..6dc2b1846 100644
--- a/scripts/release_cleaver.ps1
+++ b/scripts/release_cleaver.ps1
@@ -1,6 +1,6 @@
 # release_cleaver.ps1
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # release_cleaver.sh
 # Split and join large files into 2 gigabyte chunks. sha256 sum is
diff --git a/scripts/release_cleaver.sh b/scripts/release_cleaver.sh
index f15861b93..0693881a2 100755
--- a/scripts/release_cleaver.sh
+++ b/scripts/release_cleaver.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # release_cleaver.sh
 # Split and join large files into 2 gigabyte chunks. sha256 sum is
diff --git a/scripts/third-party-environments/aws/ami/packer_vars.json.example b/scripts/third-party-environments/aws/ami/packer_vars.json.example
index 4822e268b..a06d7e9a3 100644
--- a/scripts/third-party-environments/aws/ami/packer_vars.json.example
+++ b/scripts/third-party-environments/aws/ami/packer_vars.json.example
@@ -3,7 +3,7 @@
   "aws_secret_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
   "instance_type": "t2.micro",
   "instance_arch": "x86_64",
-  "malcolm_tag": "v24.12.0",
+  "malcolm_tag": "v25.01.0",
   "malcolm_repo": "idaholab/Malcolm",
   "malcolm_uid": "1000",
   "ssh_username": "ec2-user",
diff --git a/scripts/third-party-environments/aws/ami/scripts/Malcolm_AMI_Setup.sh b/scripts/third-party-environments/aws/ami/scripts/Malcolm_AMI_Setup.sh
index bad1083de..4b3258f8a 100755
--- a/scripts/third-party-environments/aws/ami/scripts/Malcolm_AMI_Setup.sh
+++ b/scripts/third-party-environments/aws/ami/scripts/Malcolm_AMI_Setup.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # Configure Amazon Linux 2023 and install Malcolm
 
@@ -32,7 +32,7 @@ fi
 # -u UID      (user UID, e.g., 1000)
 VERBOSE_FLAG=
 MALCOLM_REPO=${MALCOLM_REPO:-idaholab/Malcolm}
-MALCOLM_TAG=${MALCOLM_TAG:-v24.12.0}
+MALCOLM_TAG=${MALCOLM_TAG:-v25.01.0}
 [[ -z "$MALCOLM_UID" ]] && ( [[ $EUID -eq 0 ]] && MALCOLM_UID=1000 || MALCOLM_UID="$(id -u)" )
 while getopts 'vr:t:u:' OPTION; do
   case "$OPTION" in
diff --git a/scripts/third-party-logs/fluent-bit-setup.ps1 b/scripts/third-party-logs/fluent-bit-setup.ps1
index be6d1998e..fe35772ad 100644
--- a/scripts/third-party-logs/fluent-bit-setup.ps1
+++ b/scripts/third-party-logs/fluent-bit-setup.ps1
@@ -5,7 +5,7 @@
 # configuration of fluent-bit (https://packages.fluentbit.io) for forwarding logs to
 # an instance of Malcolm (https://github.com/idaholab/malcolm).
 #
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 ###############################################################################
 
 $fluent_bit_version = '3.2'
diff --git a/scripts/third-party-logs/fluent-bit-setup.sh b/scripts/third-party-logs/fluent-bit-setup.sh
index b54c4aeb6..35e780d41 100755
--- a/scripts/third-party-logs/fluent-bit-setup.sh
+++ b/scripts/third-party-logs/fluent-bit-setup.sh
@@ -7,7 +7,7 @@
 # configuration of fluent-bit (https://fluentbit.io/) for forwarding logs to
 # an instance of Malcolm (https://github.com/idaholab/malcolm).
 #
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###############################################################################
 # force bash
diff --git a/scripts/zeek_script_to_malcolm_boilerplate.py b/scripts/zeek_script_to_malcolm_boilerplate.py
index 4f6a9f5a5..4c4668813 100755
--- a/scripts/zeek_script_to_malcolm_boilerplate.py
+++ b/scripts/zeek_script_to_malcolm_boilerplate.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 #
 # This script takes as input the filenames of one or more .zeek scripts which
diff --git a/shared/bin/capture-format-wait.sh b/shared/bin/capture-format-wait.sh
index 209caa037..b6882a270 100755
--- a/shared/bin/capture-format-wait.sh
+++ b/shared/bin/capture-format-wait.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 grep -q boot=live /proc/cmdline && exit 0
 
diff --git a/shared/bin/common-init.sh b/shared/bin/common-init.sh
index ef9c082c1..1030a7794 100755
--- a/shared/bin/common-init.sh
+++ b/shared/bin/common-init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 declare -A IFACES
 
diff --git a/shared/bin/configure-interfaces.py b/shared/bin/configure-interfaces.py
index d2d7c5f77..0db5e6dbc 100755
--- a/shared/bin/configure-interfaces.py
+++ b/shared/bin/configure-interfaces.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # script for configuring sensor network interface controller(s)
 
diff --git a/shared/bin/extracted_files_http_server.py b/shared/bin/extracted_files_http_server.py
index 8842add80..d5d162088 100755
--- a/shared/bin/extracted_files_http_server.py
+++ b/shared/bin/extracted_files_http_server.py
@@ -367,7 +367,7 @@ def do_GET(self):
                 with footer(cls='footer bg-light').add(div(cls='container')).add(div(cls='row')):
                     with div(cls="col-lg-6 h-100 text-center text-lg-start my-auto"):
                         p(
-                            "Malcolm © 2024 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.",
+                            "Malcolm © 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.",
                             cls="text-muted small mb-4 mb-lg-0",
                         )
 
diff --git a/shared/bin/fstab.py b/shared/bin/fstab.py
index b6750cd84..734582dd4 100644
--- a/shared/bin/fstab.py
+++ b/shared/bin/fstab.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # fstab interpreter
 
diff --git a/shared/bin/keystore-bootstrap.sh b/shared/bin/keystore-bootstrap.sh
index b519db285..a882c5f51 100755
--- a/shared/bin/keystore-bootstrap.sh
+++ b/shared/bin/keystore-bootstrap.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # make sure the keystore file used by the tool (e.g., foobar) is copied or created
 # into the correct location before the tool. starts up.
diff --git a/shared/bin/maxmind-mmdb-download.sh b/shared/bin/maxmind-mmdb-download.sh
index ae3ea5c28..9b6a1c48d 100755
--- a/shared/bin/maxmind-mmdb-download.sh
+++ b/shared/bin/maxmind-mmdb-download.sh
@@ -6,7 +6,7 @@
 #   see https://github.com/arkime/arkime/issues/1350
 #   see https://github.com/arkime/arkime/issues/1352
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unset VERBOSE
 MAXMIND_GEOIP_DB_LICENSE_KEY=${MAXMIND_GEOIP_DB_LICENSE_KEY:-}
diff --git a/shared/bin/opensearch_status.sh b/shared/bin/opensearch_status.sh
index c33d03e5b..6b495a194 100755
--- a/shared/bin/opensearch_status.sh
+++ b/shared/bin/opensearch_status.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 set -e
 
diff --git a/shared/bin/os-disk-config.py b/shared/bin/os-disk-config.py
index 57ab4c8e0..850d427d4 100644
--- a/shared/bin/os-disk-config.py
+++ b/shared/bin/os-disk-config.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Detect, partition, and format devices to be used for:
diff --git a/shared/bin/pcap_processor.py b/shared/bin/pcap_processor.py
index b3e0cd6aa..9802349f7 100755
--- a/shared/bin/pcap_processor.py
+++ b/shared/bin/pcap_processor.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Process queued files reported by pcap_watcher.py, using either arkime's capture or zeek to process
diff --git a/shared/bin/pcap_utils.py b/shared/bin/pcap_utils.py
index baee87d3f..9d172eeda 100644
--- a/shared/bin/pcap_utils.py
+++ b/shared/bin/pcap_utils.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import os
 import re
diff --git a/shared/bin/pcap_watcher.py b/shared/bin/pcap_watcher.py
index 428723f95..36484be7e 100755
--- a/shared/bin/pcap_watcher.py
+++ b/shared/bin/pcap_watcher.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for PCAP files for processing (by publishing their filenames to a ZMQ socket)
diff --git a/shared/bin/preseed_late_user_config.sh b/shared/bin/preseed_late_user_config.sh
index 6795aaa86..82265b633 100755
--- a/shared/bin/preseed_late_user_config.sh
+++ b/shared/bin/preseed_late_user_config.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ##################################################################################
 # prompt whether to autologin or not
diff --git a/shared/bin/prune_files.sh b/shared/bin/prune_files.sh
index 010327ae3..6ef376f03 100755
--- a/shared/bin/prune_files.sh
+++ b/shared/bin/prune_files.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # recursion depth (1 = not recursive)
 DEPTH=1
diff --git a/shared/bin/sensorcommon.py b/shared/bin/sensorcommon.py
index 8d5b3ebb3..82651d808 100644
--- a/shared/bin/sensorcommon.py
+++ b/shared/bin/sensorcommon.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import argparse
 import ipaddress
diff --git a/shared/bin/service_check_passthrough.sh b/shared/bin/service_check_passthrough.sh
index 3e63a57a4..2c2374de2 100755
--- a/shared/bin/service_check_passthrough.sh
+++ b/shared/bin/service_check_passthrough.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # This script will check command-line parameters and environment variables to see
 # if the service (determined by the hostname, unless otherwise specified) is
diff --git a/shared/bin/set-dconf-screen-lock-defaults.sh b/shared/bin/set-dconf-screen-lock-defaults.sh
index 9ccb4c0c1..916f9f6d6 100755
--- a/shared/bin/set-dconf-screen-lock-defaults.sh
+++ b/shared/bin/set-dconf-screen-lock-defaults.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 grep -q boot=live /proc/cmdline && exit 0
 
diff --git a/shared/bin/suricata_config_populate.py b/shared/bin/suricata_config_populate.py
index b270c89d2..19df3ef2f 100755
--- a/shared/bin/suricata_config_populate.py
+++ b/shared/bin/suricata_config_populate.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # modify suricata.yaml according to many environment variables
 
diff --git a/shared/bin/suricata_update_config_populate.py b/shared/bin/suricata_update_config_populate.py
index 52cf643f8..d04946bf6 100755
--- a/shared/bin/suricata_update_config_populate.py
+++ b/shared/bin/suricata_update_config_populate.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # modify suricata's update.yaml according to many environment variables
 
diff --git a/shared/bin/zeek-deb-download.sh b/shared/bin/zeek-deb-download.sh
index 6168079cd..b4c942f98 100755
--- a/shared/bin/zeek-deb-download.sh
+++ b/shared/bin/zeek-deb-download.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 unset VERBOSE
 command -v dpkg >/dev/null 2>&1 && ARCH="$(dpkg --print-architecture)" || ARCH=amd64
diff --git a/shared/bin/zeek_carve_logger.py b/shared/bin/zeek_carve_logger.py
index 8eeb9b69f..5f8c6dd1f 100755
--- a/shared/bin/zeek_carve_logger.py
+++ b/shared/bin/zeek_carve_logger.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for files extracted by zeek for processing
diff --git a/shared/bin/zeek_carve_scanner.py b/shared/bin/zeek_carve_scanner.py
index c472b84b2..036d8d433 100755
--- a/shared/bin/zeek_carve_scanner.py
+++ b/shared/bin/zeek_carve_scanner.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Process queued files reported by zeek_carve_watcher.py, scanning them with the specified
diff --git a/shared/bin/zeek_carve_utils.py b/shared/bin/zeek_carve_utils.py
index 21550aeaa..d1b16b70d 100644
--- a/shared/bin/zeek_carve_utils.py
+++ b/shared/bin/zeek_carve_utils.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 import clamd
 import logging
diff --git a/shared/bin/zeek_carve_watcher.py b/shared/bin/zeek_carve_watcher.py
index e457edd19..2d70584aa 100755
--- a/shared/bin/zeek_carve_watcher.py
+++ b/shared/bin/zeek_carve_watcher.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 ###################################################################################################
 # Monitor a directory for files extracted by zeek for processing
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index 1f8ec0edb..cd70c04ef 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Wrong interpreter, please run \"$0\" with bash"
diff --git a/shared/bin/zeek_intel_from_threat_feed.py b/shared/bin/zeek_intel_from_threat_feed.py
index 410ff19e4..7ccd18c71 100755
--- a/shared/bin/zeek_intel_from_threat_feed.py
+++ b/shared/bin/zeek_intel_from_threat_feed.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 from collections import deque
 from dateparser import parse as ParseDate
diff --git a/shared/bin/zeek_intel_setup.sh b/shared/bin/zeek_intel_setup.sh
index 35b1476e6..17b0d0c2c 100755
--- a/shared/bin/zeek_intel_setup.sh
+++ b/shared/bin/zeek_intel_setup.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # set up intel files prior to running zeek
 #   - https://idaholab.github.io/Malcolm/docs/zeek-intel.html#ZeekIntel
diff --git a/shared/bin/zeek_threat_feed_utils.py b/shared/bin/zeek_threat_feed_utils.py
index 81d1e0697..413c6dd8b 100644
--- a/shared/bin/zeek_threat_feed_utils.py
+++ b/shared/bin/zeek_threat_feed_utils.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 # adapted some code from tenzir/threatbus
 # - https://github.com/tenzir/threatbus
diff --git a/shared/bin/zeekdeploy.sh b/shared/bin/zeekdeploy.sh
index 2500f5167..7877fc8e9 100755
--- a/shared/bin/zeekdeploy.sh
+++ b/shared/bin/zeekdeploy.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 #
 # environment variables are used to control the contents of these files
diff --git a/suricata/supervisord.conf b/suricata/supervisord.conf
index a2e5c4afd..8dde9b4d2 100644
--- a/suricata/supervisord.conf
+++ b/suricata/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)
diff --git a/zeek/config/extractor.zeek b/zeek/config/extractor.zeek
index 7f846c9ea..7b3ef5a46 100644
--- a/zeek/config/extractor.zeek
+++ b/zeek/config/extractor.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 @load ./extractor_params
 
diff --git a/zeek/config/extractor_override.interesting.zeek b/zeek/config/extractor_override.interesting.zeek
index acbdb0943..3fa5bfecf 100644
--- a/zeek/config/extractor_override.interesting.zeek
+++ b/zeek/config/extractor_override.interesting.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   redef extractor_always_extract_unknown = F;
diff --git a/zeek/config/extractor_params.zeek b/zeek/config/extractor_params.zeek
index cd9a37513..9b819c168 100644
--- a/zeek/config/extractor_params.zeek
+++ b/zeek/config/extractor_params.zeek
@@ -1,6 +1,6 @@
 #!/usr/bin/env zeek
 
-# Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 export {
   const extractor_extract_none       = "none" &redef;
diff --git a/zeek/supervisord.conf b/zeek/supervisord.conf
index 3c9a89b1c..38bc4a125 100644
--- a/zeek/supervisord.conf
+++ b/zeek/supervisord.conf
@@ -1,4 +1,4 @@
-; Copyright (c) 2024 Battelle Energy Alliance, LLC.  All rights reserved.
+; Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 
 [unix_http_server]
 file=/tmp/supervisor.sock   ; (the path to the socket file)

From 433aa5700fe521e0e083ec0fbf550098f23b5cf9 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 6 Jan 2025 08:26:07 -0700
Subject: [PATCH 02/53] bump netbox to v4.1.10, osd_transform to v2.18.0, and
 fluent-bit to v3.2.4

---
 Dockerfiles/dashboards.Dockerfile             | 10 +++++-----
 Dockerfiles/netbox.Dockerfile                 |  2 +-
 scripts/third-party-logs/fluent-bit-setup.ps1 |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Dockerfiles/dashboards.Dockerfile b/Dockerfiles/dashboards.Dockerfile
index 3bfb5f610..8b2b2c4fe 100644
--- a/Dockerfiles/dashboards.Dockerfile
+++ b/Dockerfiles/dashboards.Dockerfile
@@ -23,7 +23,7 @@ ENV TERM xterm
 ENV TINI_VERSION v0.19.0
 ENV TINI_URL https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini
 
-ENV OSD_TRANSFORM_VIS_VERSION 2.17.1
+ENV OSD_TRANSFORM_VIS_VERSION 2.18.0
 
 ARG NODE_OPTIONS="--max_old_space_size=4096"
 ENV NODE_OPTIONS $NODE_OPTIONS
@@ -42,10 +42,10 @@ RUN export BINARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/')
     # Malcolm manages authentication and encryption via NGINX reverse proxy
     /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin remove securityDashboards --allow-root && \
     cd /tmp && \
-        unzip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
-        sed -i "s/2\.17\.1/2\.18\.0/g" opensearch-dashboards/transformVis/opensearch_dashboards.json && \
-        sed -i "s/2\.17\.1/2\.18\.0/g" opensearch-dashboards/transformVis/package.json && \
-        zip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
+        # unzip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
+        # sed -i "s/2\.17\.1/2\.18\.0/g" opensearch-dashboards/transformVis/opensearch_dashboards.json && \
+        # sed -i "s/2\.17\.1/2\.18\.0/g" opensearch-dashboards/transformVis/package.json && \
+        # zip transformVis.zip opensearch-dashboards/transformVis/opensearch_dashboards.json opensearch-dashboards/transformVis/package.json && \
         cd /usr/share/opensearch-dashboards/plugins && \
         /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin install file:///tmp/transformVis.zip --allow-root && \
         rm -rf /tmp/transformVis /tmp/opensearch-dashboards && \
diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile
index 9ab9ac677..b3e4a12b0 100644
--- a/Dockerfiles/netbox.Dockerfile
+++ b/Dockerfiles/netbox.Dockerfile
@@ -1,4 +1,4 @@
-FROM netboxcommunity/netbox:v4.1.8
+FROM netboxcommunity/netbox:v4.1.10
 
 # Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
diff --git a/scripts/third-party-logs/fluent-bit-setup.ps1 b/scripts/third-party-logs/fluent-bit-setup.ps1
index fe35772ad..47818dca7 100644
--- a/scripts/third-party-logs/fluent-bit-setup.ps1
+++ b/scripts/third-party-logs/fluent-bit-setup.ps1
@@ -9,7 +9,7 @@
 ###############################################################################
 
 $fluent_bit_version = '3.2'
-$fluent_bit_full_version = '3.2.2'
+$fluent_bit_full_version = '3.2.4'
 
 ###############################################################################
 # select an item from a menu provided in an array

From 02cf852b9ebe9d29f1570485ddc06ffcd39050bc Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 6 Jan 2025 13:45:05 -0700
Subject: [PATCH 03/53] for cisagov/Malcolm#354, work in progress for Malcolm
 directly accepting syslog

---
 Dockerfiles/filebeat.Dockerfile             |   8 +-
 config/filebeat.env.example                 |  10 ++
 filebeat/filebeat-syslog-tcp.yml            |  40 ++++++
 filebeat/filebeat-syslog-udp.yml            |  33 +++++
 filebeat/supervisord.conf                   |  36 +++++
 logstash/pipelines/beats/11_beats_logs.conf |  52 +++++++-
 scripts/install.py                          | 141 +++++++++++++++++---
 7 files changed, 300 insertions(+), 20 deletions(-)
 create mode 100644 filebeat/filebeat-syslog-tcp.yml
 create mode 100644 filebeat/filebeat-syslog-udp.yml

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index 02f4ddfa1..dc4e3b7af 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -65,6 +65,8 @@ ARG FILEBEAT_TCP_PARSE_SOURCE_FIELD="message"
 ARG FILEBEAT_TCP_PARSE_TARGET_FIELD=""
 ARG FILEBEAT_TCP_PARSE_DROP_FIELD=""
 ARG FILEBEAT_TCP_TAG="_malcolm_beats"
+ARG FILEBEAT_SYSLOG_TCP_LISTEN=false
+ARG FILEBEAT_SYSLOG_UDP_LISTEN=false
 ARG PCAP_NODE_NAME=malcolm
 
 ENV SUPERCRONIC_VERSION "0.2.33"
@@ -125,12 +127,14 @@ COPY --from=ghcr.io/mmguero-dev/gostatic --chmod=755 /goStatic /usr/bin/goStatic
 ADD filebeat/filebeat-logs.yml /usr/share/filebeat-logs/filebeat-logs.yml
 ADD filebeat/filebeat-nginx.yml /usr/share/filebeat-nginx/filebeat-nginx.yml
 ADD filebeat/filebeat-tcp.yml /usr/share/filebeat-tcp/filebeat-tcp.yml
+ADD filebeat/filebeat-syslog-udp.yml /usr/share/filebeat-syslog-udp/filebeat-syslog-udp.yml
+ADD filebeat/filebeat-syslog-tcp.yml /usr/share/filebeat-syslog-tcp/filebeat-syslog-tcp.yml
 ADD filebeat/scripts /usr/local/bin/
 ADD scripts/malcolm_utils.py /usr/local/bin/
 ADD shared/bin/watch_common.py /usr/local/bin/
 ADD shared/bin/opensearch_status.sh /usr/local/bin/
 ADD filebeat/supervisord.conf /etc/supervisord.conf
-RUN for INPUT in logs nginx tcp; do \
+RUN for INPUT in logs nginx tcp syslog-tcp syslog-udp; do \
       mkdir -p /usr/share/filebeat-$INPUT/data; \
       chown -R root:${PGROUP} /usr/share/filebeat-$INPUT; \
       cp -a /usr/share/filebeat/module /usr/share/filebeat-$INPUT/module; \
@@ -172,6 +176,8 @@ ENV FILEBEAT_TCP_PARSE_SOURCE_FIELD $FILEBEAT_TCP_PARSE_SOURCE_FIELD
 ENV FILEBEAT_TCP_PARSE_TARGET_FIELD $FILEBEAT_TCP_PARSE_TARGET_FIELD
 ENV FILEBEAT_TCP_PARSE_DROP_FIELD $FILEBEAT_TCP_PARSE_DROP_FIELD
 ENV FILEBEAT_TCP_TAG $FILEBEAT_TCP_TAG
+ENV FILEBEAT_SYSLOG_TCP_LISTEN $FILEBEAT_SYSLOG_TCP_LISTEN
+ENV FILEBEAT_SYSLOG_UDP_LISTEN $FILEBEAT_SYSLOG_UDP_LISTEN
 ENV FILEBEAT_REGISTRY_FILE "/usr/share/filebeat-logs/data/registry/filebeat/log.json"
 ENV FILEBEAT_ZEEK_DIR "/zeek/"
 ENV PCAP_NODE_NAME $PCAP_NODE_NAME
diff --git a/config/filebeat.env.example b/config/filebeat.env.example
index 6b8dbb418..61e161552 100644
--- a/config/filebeat.env.example
+++ b/config/filebeat.env.example
@@ -34,5 +34,15 @@ FILEBEAT_TCP_PARSE_TARGET_FIELD=miscbeat
 FILEBEAT_TCP_PARSE_DROP_FIELD=message
 # Tag to append to events sent to the filebeat TCP input listener
 FILEBEAT_TCP_TAG=_malcolm_beats
+# Whether or not to expose a filebeat UDP syslog listener (see
+#    https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html)
+FILEBEAT_SYSLOG_UDP_LISTEN=false
+# UDP port on which to listen for standard syslog messages
+FILEBEAT_SYSLOG_UDP_PORT=0
+# Whether or not to expose a filebeat TCP syslog listener (see
+#    https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html)
+FILEBEAT_SYSLOG_TCP_LISTEN=false
+# TCP port on which to listen for standard syslog messages
+FILEBEAT_SYSLOG_TCP_PORT=0
 # Number of processes dedicated to preparing files for ingestion into filebeat
 FILEBEAT_PREPARE_PROCESS_COUNT=1
\ No newline at end of file
diff --git a/filebeat/filebeat-syslog-tcp.yml b/filebeat/filebeat-syslog-tcp.yml
new file mode 100644
index 000000000..9ba5cf863
--- /dev/null
+++ b/filebeat/filebeat-syslog-tcp.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
+
+name: "${PCAP_NODE_NAME:malcolm}"
+
+logging:
+  to_console: false
+  metrics.enabled: false
+
+#================================ Inputs =======================================
+
+filebeat.inputs:
+- type: syslog
+  format: ${FILEBEAT_SYSLOG_TCP_FORMAT:auto}
+  max_message_size: ${FILEBEAT_SYSLOG_TCP_MAX_MESSAGE_SIZE:20MiB}
+  max_connections: ${FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS:1024}
+  protocol.tcp:
+    host: "0.0.0.0:${FILEBEAT_SYSLOG_TCP_PORT:514}"
+  ssl.enabled: ${FILEBEAT_SYSLOG_TCP_SSL:false}
+  ssl.certificate_authorities: ["/certs/ca.crt"]
+  ssl.certificate: "/certs/client.crt"
+  ssl.key: "/certs/client.key"
+  ssl.supported_protocols: "TLSv1.2"
+  ssl.verification_mode: "none"
+
+#================================ Processors ===================================
+processors:
+  - add_tags:
+      tags: [ "${FILEBEAT_TCP_TAG:_malcolm_beats}" ]
+
+#================================ Outputs ======================================
+
+#-------------------------- Logstash Output ------------------------------------
+output.logstash:
+  hosts: ["${LOGSTASH_HOST:logstash:5044}"]
+  ssl.enabled: ${BEATS_SSL:false}
+  ssl.certificate_authorities: ["/certs/ca.crt"]
+  ssl.certificate: "/certs/client.crt"
+  ssl.key: "/certs/client.key"
+  ssl.supported_protocols: "TLSv1.2"
+  ssl.verification_mode: "none"
diff --git a/filebeat/filebeat-syslog-udp.yml b/filebeat/filebeat-syslog-udp.yml
new file mode 100644
index 000000000..21c70b8f7
--- /dev/null
+++ b/filebeat/filebeat-syslog-udp.yml
@@ -0,0 +1,33 @@
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
+
+name: "${PCAP_NODE_NAME:malcolm}"
+
+logging:
+  to_console: false
+  metrics.enabled: false
+
+#================================ Inputs =======================================
+
+filebeat.inputs:
+- type: syslog
+  format: ${FILEBEAT_SYSLOG_UDP_FORMAT:auto}
+  max_message_size: ${FILEBEAT_SYSLOG_UDP_MAX_MESSAGE_SIZE:10KiB}
+  protocol.udp:
+    host: "0.0.0.0:${FILEBEAT_SYSLOG_UDP_PORT:514}"
+
+#================================ Processors ===================================
+processors:
+  - add_tags:
+      tags: [ "${FILEBEAT_TCP_TAG:_malcolm_beats}" ]
+
+#================================ Outputs ======================================
+
+#-------------------------- Logstash Output ------------------------------------
+output.logstash:
+  hosts: ["${LOGSTASH_HOST:logstash:5044}"]
+  ssl.enabled: ${BEATS_SSL:false}
+  ssl.certificate_authorities: ["/certs/ca.crt"]
+  ssl.certificate: "/certs/client.crt"
+  ssl.key: "/certs/client.key"
+  ssl.supported_protocols: "TLSv1.2"
+  ssl.verification_mode: "none"
diff --git a/filebeat/supervisord.conf b/filebeat/supervisord.conf
index ee762d4ef..b25acb911 100644
--- a/filebeat/supervisord.conf
+++ b/filebeat/supervisord.conf
@@ -72,6 +72,42 @@ stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
 
+[program:filebeat-syslog-udp]
+command=bash -c "/usr/local/bin/opensearch_status.sh -t malcolm_beats_template && /usr/local/bin/filebeat.sh \
+  -h /usr/share/filebeat-syslog-udp \
+  -c /usr/share/filebeat-syslog-udp \
+  -d /usr/share/filebeat-syslog-udp/data \
+  -f /usr/share/filebeat-syslog-udp/filebeat-syslog-udp.yml"
+user=%(ENV_PUSER)s
+autostart=%(ENV_FILEBEAT_SYSLOG_UDP_LISTEN)s
+autorestart=%(ENV_FILEBEAT_SYSLOG_UDP_LISTEN)s
+startsecs=30
+startretries=2000000000
+stopasgroup=true
+killasgroup=true
+directory=/usr/share/filebeat-syslog-udp
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
+[program:filebeat-syslog-tcp]
+command=bash -c "/usr/local/bin/opensearch_status.sh -t malcolm_beats_template && /usr/local/bin/filebeat.sh \
+  -h /usr/share/filebeat-syslog-tcp \
+  -c /usr/share/filebeat-syslog-tcp \
+  -d /usr/share/filebeat-syslog-tcp/data \
+  -f /usr/share/filebeat-syslog-tcp/filebeat-syslog-tcp.yml"
+user=%(ENV_PUSER)s
+autostart=%(ENV_FILEBEAT_SYSLOG_TCP_LISTEN)s
+autorestart=%(ENV_FILEBEAT_SYSLOG_TCP_LISTEN)s
+startsecs=30
+startretries=2000000000
+stopasgroup=true
+killasgroup=true
+directory=/usr/share/filebeat-syslog-tcp
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
 [program:watch-upload]
 command=python3 /usr/local/bin/filebeat-watch-zeeklogs-uploads-folder.py %(ENV_PCAP_PIPELINE_VERBOSITY)s
   --start-sleep 30
diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index 9cb620b3e..d58266cf2 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -517,7 +517,7 @@ filter {
 
     if ([miscbeat][syslog]) {
       #-------------------------------------------------
-      # syslog - https://docs.fluentbit.io/manual/pipeline/inputs/syslog
+      # syslog via fluent-bit - https://docs.fluentbit.io/manual/pipeline/inputs/syslog
 
       # time gets parsed into the miscbeat.date field, this is redundant
       mutate { id => "mutate_miscbeat_remove_syslog_time"
@@ -832,6 +832,54 @@ filter {
 
     } # [miscbeat][winstat]
 
+  } else if ([agent][type] == "filebeat") and ([input][type] == "syslog") {
+    #-------------------------------------------------
+    # syslog direct to Malcolm - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html
+
+    mutate { id => "mutate_replace_syslog_direct_event_module"
+             replace => { "[event][module]" => "syslog" } }
+
+    # store the originating host name as host.name as it's probably what people will want to search by
+    if ([hostname]) {
+      mutate { id => "mutate_syslog_direct_add_ecs_hostname"
+               add_field => { "[log][syslog][hostname]" => "%{[hostname]}" } }
+      mutate {
+        id => "mutate_syslog_direct_replace_hostname"
+        replace => { "[host][name]" => "%{[hostname]}" }
+        remove_field => [ "[hostname]" ]
+      }
+    }
+
+    # rename syslog fields according to ECS
+    # https://www.elastic.co/guide/en/ecs/current/ecs-log.html#field-log-syslog
+    mutate { id => "mutate_rename_direct_syslog"
+             rename => { "[event][severity]" => "[log][syslog][severity][code]" }
+             rename => { "[process][pid]" => "[log][syslog][procid]" }
+             rename => { "[process][program]" => "[log][syslog][appname]" }
+             rename => { "[syslog][facility]" => "[log][syslog][facility][code]" }
+             rename => { "[syslog][facility_label]" => "[log][syslog][facility][name]" }
+             rename => { "[syslog][priority]" => "[log][syslog][priority]" }
+             rename => { "[syslog][severity_label]" => "[log][syslog][severity][name]" }
+    }
+
+    if (![event][hash]) {
+      fingerprint {
+        id => "fingerprint_malcolm_miscbeat_syslog_direct"
+        source => [ "[host][name]",
+                    "[event][module]",
+                    "[log][syslog][severity][code]",
+                    "[log][syslog][facility][code]",
+                    "[log][syslog][appname]",
+                    "[event][original]",
+                    "[@timestamp]" ]
+        concatenate_sources => true
+        # uses event.hash
+        ecs_compatibility => "v8"
+        method => "MURMUR3_128"
+        base64encode => true
+      }
+    }
+
   } else if ("_zeekdiagnostic" in [tags]) {
     #-------------------------------------------------
     # Zeek diagnostic logs
@@ -1030,7 +1078,7 @@ filter {
     # store the original computer name as host.name as it's probably what people will want to search by
     if ([miscbeat][winlog][Computer]) {
       mutate {
-        id => "date_beats_evtx_host_name"
+        id => "mutate_beats_evtx_host_name"
         replace => { "[host][name]" => "%{[miscbeat][winlog][Computer]}" }
       }
     }
diff --git a/scripts/install.py b/scripts/install.py
index 423e5c17c..8ff887531 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -622,6 +622,8 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
         opensearchSecondaryLabel = 'remote OpenSearch'
         dashboardsUrl = 'http://dashboards:5601/dashboards'
         logstashHost = 'logstash:5044'
+        syslogPortDict = defaultdict(lambda: 0)
+        sftpOpen = False
         indexSnapshotCompressed = False
         behindReverseProxy = False
         dockerNetworkExternalName = ""
@@ -1504,9 +1506,20 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
                 elif currentStep == ConfigOptions.OpenPorts:
                     openPortsSelection = (
                         'c'
-                        if (args.exposeLogstash or args.exposeOpenSearch or args.exposeFilebeatTcp or args.exposeSFTP)
+                        if (
+                            args.exposeLogstash
+                            or args.exposeOpenSearch
+                            or args.exposeFilebeatTcp
+                            or args.exposeSFTP
+                            or args.syslogUdpPort
+                            or args.syslogTcpPort
+                        )
                         else 'unset'
                     )
+                    if args.syslogTcpPort:
+                        syslogPortDict['tcp'] = args.syslogTcpPort
+                    if args.syslogUdpPort:
+                        syslogPortDict['udp'] = args.syslogUdpPort
                     if self.orchMode is OrchestrationFramework.DOCKER_COMPOSE:
                         if malcolmProfile == PROFILE_MALCOLM:
                             openPortsOptions = ('no', 'yes', 'customize')
@@ -1603,16 +1616,51 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
                             extraLabel=BACK_LABEL,
                         )
 
-                    sftpOpen = (
+                    # Expose SFTP and/or Syslog servers?
+                    if (
                         (self.orchMode is OrchestrationFramework.DOCKER_COMPOSE)
                         and (malcolmProfile == PROFILE_MALCOLM)
                         and (openPortsSelection == 'c')
-                        and InstallerYesOrNo(
+                    ):
+                        sftpOpen = InstallerYesOrNo(
                             'Expose SFTP server (for PCAP upload) to external hosts?',
                             default=args.exposeSFTP,
                             extraLabel=BACK_LABEL,
                         )
-                    )
+                        if InstallerYesOrNo(
+                            'Accept standard syslog messages?',
+                            default=any([x > 0 for x in [args.syslogUdpPort, args.syslogTcpPort]]),
+                            extraLabel=BACK_LABEL,
+                        ):
+                            syslogTransports = ('tcp', 'udp')
+                            for transport in syslogTransports:
+                                loopBreaker = CountUntilException(
+                                    MaxAskForValueCount, f'Invalid syslog over {transport.upper()} port'
+                                )
+                                syslogPortStr = ''
+                                while (
+                                    (not syslogPortStr.isdigit())
+                                    or (int(syslogPortStr) < 0)
+                                    or (int(syslogPortStr) > 65535)
+                                    or (
+                                        not InstallerYesOrNo(
+                                            f'Setting port {syslogPortStr} for syslog over {transport.upper()}. Is this OK?',
+                                            default=True,
+                                            extraLabel=BACK_LABEL,
+                                        )
+                                    )
+                                ) and loopBreaker.increment():
+                                    syslogPortStr = InstallerAskForString(
+                                        f'Enter port for syslog over {transport.upper()} (e.g., 514) or 0 to disable',
+                                        extraLabel=BACK_LABEL,
+                                        default=str(syslogPortDict[transport]),
+                                    )
+                                if (
+                                    syslogPortStr.isdigit()
+                                    and (int(syslogPortStr) > 0)
+                                    and (int(syslogPortStr) <= 65535)
+                                ):
+                                    syslogPortDict[transport] = int(syslogPortStr)
 
                 ###################################################################################
                 elif currentStep == ConfigOptions.FileCarving:
@@ -1640,7 +1688,9 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
                     fileCarveHttpServerZip = False
                     fileCarveHttpServeEncryptKey = ''
 
-                    if InstallerYesOrNo('Enable file extraction with Zeek?', default=bool(fileCarveModeDefault)):
+                    if InstallerYesOrNo(
+                        'Enable file extraction with Zeek?', extraLabel=BACK_LABEL, default=bool(fileCarveModeDefault)
+                    ):
                         loopBreaker = CountUntilException(MaxAskForValueCount, 'Invalid file extraction behavior')
                         while fileCarveMode not in allowedFileCarveModes.keys() and loopBreaker.increment():
                             fileCarveMode = InstallerChooseOne(
@@ -2230,6 +2280,32 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
                 'FILEBEAT_TCP_TAG',
                 filebeatTcpTag,
             ),
+            # Syslog over TCP
+            EnvValue(
+                True,
+                os.path.join(args.configDir, 'filebeat.env'),
+                'FILEBEAT_SYSLOG_TCP_LISTEN',
+                TrueOrFalseNoQuote(syslogPortDict['tcp'] > 0),
+            ),
+            EnvValue(
+                True,
+                os.path.join(args.configDir, 'filebeat.env'),
+                'FILEBEAT_SYSLOG_TCP_PORT',
+                syslogPortDict['tcp'],
+            ),
+            # Syslog over UDP
+            EnvValue(
+                True,
+                os.path.join(args.configDir, 'filebeat.env'),
+                'FILEBEAT_SYSLOG_UDP_LISTEN',
+                TrueOrFalseNoQuote(syslogPortDict['udp'] > 0),
+            ),
+            EnvValue(
+                True,
+                os.path.join(args.configDir, 'filebeat.env'),
+                'FILEBEAT_SYSLOG_UDP_PORT',
+                syslogPortDict['udp'],
+            ),
             # logstash memory allowance
             EnvValue(
                 True,
@@ -2889,20 +2965,33 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
                         ###################################
 
                         ###################################
-                        # filebeat/logstash/upload port bind IPs (0.0.0.0 vs. 127.0.0.1)
-                        # set bind IPs based on whether it should be externally exposed or not
-                        for service, portInfo in {
-                            'filebeat': (filebeatTcpOpen, 5045, 5045),
-                            'logstash': (logstashOpen, 5044, 5044),
-                            'upload': (sftpOpen, 8022, 22),
+                        # port bind IPs (0.0.0.0 vs. 127.0.0.1)
+                        # set bind IPs based on whether services should be externally exposed or not
+                        for service, portInfos in {
+                            'filebeat': [
+                                [filebeatTcpOpen, 5045, 5045, 'tcp'],
+                                [syslogPortDict['tcp'] > 0, syslogPortDict['tcp'], syslogPortDict['tcp'], 'tcp'],
+                                [syslogPortDict['udp'] > 0, syslogPortDict['udp'], syslogPortDict['udp'], 'udp'],
+                            ],
+                            'logstash': [
+                                [logstashOpen, 5044, 5044, 'tcp'],
+                            ],
+                            'upload': [
+                                [sftpOpen, 8022, 22, 'tcp'],
+                            ],
                         }.items():
                             if service in data['services']:
                                 if malcolmProfile == PROFILE_HEDGEHOG:
                                     data['services'][service].pop('ports', None)
                                 else:
-                                    data['services'][service]['ports'] = [
-                                        f"{'0.0.0.0' if portInfo[0] is True else '127.0.0.1'}:{portInfo[1]}:{portInfo[2]}"
-                                    ]
+                                    data['services'][service]['ports'] = []
+                                    for portInfo in portInfos:
+                                        if all(x for x in portInfo):
+                                            data['services'][service]['ports'].append(
+                                                f"0.0.0.0:{portInfo[1]}:{portInfo[2]}/{portInfo[3]}"
+                                            )
+                                    if not data['services'][service]['ports']:
+                                        data['services'][service].pop('ports', None)
                         ###################################
 
                         ###################################
@@ -2924,11 +3013,11 @@ def tweak_malcolm_runtime(self, malcolm_install_path):
                                 data['services']['nginx-proxy'].pop('ports', None)
                             else:
                                 data['services']['nginx-proxy']['ports'] = [
-                                    f"{'0.0.0.0:443' if nginxSSL else '127.0.0.1:80'}:443",
+                                    f"{'0.0.0.0:443' if nginxSSL else '127.0.0.1:80'}:443/tcp",
                                 ]
-                                if opensearchPrimaryMode == DatabaseMode.OpenSearchLocal:
+                                if (opensearchPrimaryMode == DatabaseMode.OpenSearchLocal) and opensearchOpen:
                                     data['services']['nginx-proxy']['ports'].append(
-                                        f"{'0.0.0.0' if opensearchOpen else '127.0.0.1'}:{'9200' if nginxSSL else '9201'}:9200"
+                                        f"0.0.0.0:{'9200' if nginxSSL else '9201'}:9200/tcp"
                                     )
 
                             # enable/disable/configure traefik labels if applicable
@@ -4351,6 +4440,24 @@ def main():
         default=False,
         help="Expose SFTP server (for PCAP upload) to external hosts",
     )
+    logstashArgGroup.add_argument(
+        '--syslog-tcp-port',
+        dest='syslogTcpPort',
+        required=False,
+        metavar='<integer>',
+        type=int,
+        default=0,
+        help='Listen for Syslog (TCP) on this port',
+    )
+    logstashArgGroup.add_argument(
+        '--syslog-udp-port',
+        dest='syslogUdpPort',
+        required=False,
+        metavar='<integer>',
+        type=int,
+        default=0,
+        help='Listen for Syslog (UDP) on this port',
+    )
 
     storageArgGroup = parser.add_argument_group('Storage options')
     storageArgGroup.add_argument(

From 76606c97aedbadfdb0c333d1b4c81594a5964c3b Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 6 Jan 2025 14:38:04 -0700
Subject: [PATCH 04/53] for cisagov/Malcolm#354, work in progress for Malcolm
 directly accepting syslog; (dashboard)

---
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |   2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json |   2 +-
 .../0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json |   2 +-
 .../3768ef70-d819-11ee-820d-dd9fd73a3921.json |   6 +-
 .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json |  28 +--
 .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json |   4 +-
 .../88bcec50-cc74-11ef-bae9-0d6b8da935ba.json | 213 ++++++++++++++++++
 .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json |   4 +-
 .../dashboards/beats/Filebeat-nginx-logs.json |   8 +-
 .../beats/Filebeat-nginx-overview.json        |  10 +-
 .../beats/Metricbeat-host-overview.json       |  30 +--
 .../beats/Metricbeat-system-overview.json     |  16 +-
 .../f6600310-9943-11ee-a029-e973f4774355.json |   6 +-
 13 files changed, 272 insertions(+), 59 deletions(-)
 create mode 100644 dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json

diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index f99475f9f..abe104c4f 100644
--- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -368,7 +368,7 @@
         ],
         "sort": [
           [
-            "@timestamp",
+            "MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER",
             "desc"
           ]
         ],
diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 91f8cee9e..13e18509f 100644
--- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -12,7 +12,7 @@
       "attributes": {
         "title": "Syslog",
         "hits": 0,
-        "description": "",
+        "description": "Syslog messages observed in network traffic",
         "panelsJSON": "[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":29,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":13,\"y\":29,\"w\":13,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":26,\"y\":29,\"w\":13,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":39,\"y\":29,\"w\":9,\"h\":18,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":13,\"h\":21,\"i\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\"},\"panelIndex\":\"d1325585-cce1-46f1-acfd-59d64a8be83a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":21,\"i\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\"},\"panelIndex\":\"2abd9c38-fd1e-44fa-b391-ead499a92787\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":29,\"w\":13,\"h\":18,\"i\":\"13e3b050-3d67-4745-a182-b462852a67ef\"},\"panelIndex\":\"13e3b050-3d67-4745-a182-b462852a67ef\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":44,\"i\":\"59631e23-e452-40a9-a9dd-7d432278d35f\"},\"panelIndex\":\"59631e23-e452-40a9-a9dd-7d432278d35f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
         "optionsJSON": "{\"useMargins\":true}",
         "version": 1,
diff --git a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
index e365adb8c..aec5d3052 100644
--- a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
+++ b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
@@ -91,7 +91,7 @@
       "version": "WzkwOCwyXQ==",
       "attributes": {
         "title": "Hardware Temperature - Over Time",
-        "visState": "{\"title\":\"Hardware Temperature - Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"miscbeat.thermal.temp\",\"customLabel\":\"High °C\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"High °C\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":1.5,\"mode\":\"normal\",\"show\":true,\"showCircles\":false,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":true,\"style\":\"full\",\"value\":95,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\",\"setYExtents\":true,\"min\":35,\"max\":115},\"show\":true,\"style\":{},\"title\":{\"text\":\"High °C\"},\"type\":\"value\"}]}}",
+        "visState": "{\"title\":\"Hardware Temperature - Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"miscbeat.thermal.temp\",\"customLabel\":\"High °C\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"High °C\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":1.5,\"mode\":\"normal\",\"show\":true,\"showCircles\":false,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":true,\"style\":\"full\",\"value\":95,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\",\"setYExtents\":true,\"min\":35,\"max\":115},\"show\":true,\"style\":{},\"title\":{\"text\":\"High °C\"},\"type\":\"value\"}]}}",
         "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
index 09b92d2c2..a6fc0dc8f 100644
--- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
@@ -52,7 +52,7 @@
       "version": "WzExMDgsMV0=",
       "attributes": {
         "title": "Linux Kernel Messages by Host",
-        "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
+        "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -82,7 +82,7 @@
       "version": "WzExMTAsMV0=",
       "attributes": {
         "title": "Linux Kernel Messages over Time",
-        "visState": "{\"title\":\"Linux Kernel Messages over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Message Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Messages over Time by Priority\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.kmsg.priority\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Priority\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Message Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Message Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
+        "visState": "{\"title\":\"Linux Kernel Messages over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Message Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Messages over Time by Priority\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.kmsg.priority\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Priority\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Message Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Message Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
         "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
         "version": 1,
@@ -123,7 +123,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:kmsg\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"fixed_interval\":\"30m\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:kmsg\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30m\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
index 5b55478c9..844f7b378 100644
--- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
+++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
@@ -13,7 +13,7 @@
         "title": "Packet Capture Statistics",
         "hits": 0,
         "description": "Statistics and diagnostics for packet capture from Zeek and Suricata",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"w\":13,\"x\":0,\"y\":15},\"panelIndex\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"w\":13,\"x\":13,\"y\":15},\"panelIndex\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"columns\":[\"@timestamp\",\"host.name\",\"zeek.capture_loss.peer\",\"zeek.capture_loss.acks\",\"zeek.capture_loss.gaps\",\"zeek.capture_loss.percent_lost\"]},\"gridData\":{\"h\":20,\"i\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"w\":22,\"x\":26,\"y\":15},\"panelIndex\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"w\":13,\"x\":0,\"y\":25},\"panelIndex\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"w\":13,\"x\":13,\"y\":25},\"panelIndex\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"w\":24,\"x\":0,\"y\":35},\"panelIndex\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"w\":48,\"x\":0,\"y\":50},\"panelIndex\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"w\":48,\"x\":0,\"y\":71},\"panelIndex\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"w\":13,\"x\":0,\"y\":92},\"panelIndex\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"w\":35,\"x\":13,\"y\":92},\"panelIndex\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"w\":16,\"x\":0,\"y\":112},\"panelIndex\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"@timestamp\",\"host.name\",\"zeek.reporter.level\",\"zeek.reporter.msg\",\"zeek.reporter.location\"]},\"gridData\":{\"h\":17,\"i\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"w\":32,\"x\":16,\"y\":112},\"panelIndex\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"w\":24,\"x\":24,\"y\":35},\"panelIndex\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_14\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"w\":13,\"x\":0,\"y\":15},\"panelIndex\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"w\":13,\"x\":13,\"y\":15},\"panelIndex\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"columns\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"host.name\",\"zeek.capture_loss.peer\",\"zeek.capture_loss.acks\",\"zeek.capture_loss.gaps\",\"zeek.capture_loss.percent_lost\"]},\"gridData\":{\"h\":20,\"i\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"w\":22,\"x\":26,\"y\":15},\"panelIndex\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"w\":13,\"x\":0,\"y\":25},\"panelIndex\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"w\":13,\"x\":13,\"y\":25},\"panelIndex\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"w\":24,\"x\":0,\"y\":35},\"panelIndex\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"w\":48,\"x\":0,\"y\":50},\"panelIndex\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"w\":48,\"x\":0,\"y\":71},\"panelIndex\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"w\":13,\"x\":0,\"y\":92},\"panelIndex\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"w\":35,\"x\":13,\"y\":92},\"panelIndex\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"w\":16,\"x\":0,\"y\":112},\"panelIndex\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"host.name\",\"zeek.reporter.level\",\"zeek.reporter.msg\",\"zeek.reporter.location\"]},\"gridData\":{\"h\":17,\"i\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"w\":32,\"x\":16,\"y\":112},\"panelIndex\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"w\":24,\"x\":24,\"y\":35},\"panelIndex\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_14\"}]",
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
         "version": 1,
         "timeRestore": false,
@@ -112,7 +112,7 @@
       "version": "Wzg4NiwxXQ==",
       "attributes": {
         "title": "Last Capture Metric Timestamp by Host",
-        "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"@timestamp\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
+        "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
         "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
         "description": "",
         "version": 1,
@@ -141,7 +141,7 @@
       "version": "Wzg4NywxXQ==",
       "attributes": {
         "title": "Zeek and Suricata Capture Measurements ",
-        "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}",
+        "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}",
         "uiStateJSON": "{}",
         "description": "Positive values on the y-axis represent observed packets while negative values represent missing dropped packets and missing ACKs.\n\nThis data is logged by Zeek in stats.log (https://docs.zeek.org/en/master/scripts/policy/misc/stats.zeek.html#type-Stats::Info) and capture_loss.log (https://docs.zeek.org/en/master/scripts/policy/misc/capture-loss.zeek.html#type-CaptureLoss::Info), and by Suricata (https://docs.suricata.io/en/suricata-6.0.0/performance/statistics.html).",
         "version": 1,
@@ -164,7 +164,7 @@
       "version": "Wzg4OCwxXQ==",
       "attributes": {
         "title": "Zeek Stats - Packets and Bytes",
-        "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
+        "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -187,7 +187,7 @@
       "version": "Wzg4OSwxXQ==",
       "attributes": {
         "title": "Zeek Stats - Capture Loss",
-        "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
+        "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -223,7 +223,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:capture_loss\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:capture_loss\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -247,7 +247,7 @@
       "version": "WzEwMzYsMV0=",
       "attributes": {
         "title": "Suricata Stats - Packets and Bytes",
-        "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"@timestamp\"},{\"id\":\"13bb68b0-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"16585ab0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"2174bec0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmin\",\"field\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\"}],\"script\":\"params.pmax - params.pmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"@timestamp\"},{\"id\":\"47a7cc40-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"54341400-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmax\",\"field\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\"},{\"id\":\"58165740-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmin\",\"field\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.bmax - params.bmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
+        "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"13bb68b0-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"16585ab0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"2174bec0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmin\",\"field\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\"}],\"script\":\"params.pmax - params.pmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"47a7cc40-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"54341400-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmax\",\"field\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\"},{\"id\":\"58165740-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmin\",\"field\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.bmax - params.bmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -270,7 +270,7 @@
       "version": "WzEwNjIsMV0=",
       "attributes": {
         "title": "Suricata Stats - Capture Loss",
-        "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"b3188730-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"@timestamp\"},{\"id\":\"c4eedf90-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"c7577b20-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"cabd6270-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmin\",\"field\":\"b3188730-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.dmax-params.dmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
+        "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"b3188730-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"c4eedf90-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"c7577b20-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"cabd6270-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmin\",\"field\":\"b3188730-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.dmax-params.dmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -293,7 +293,7 @@
       "version": "Wzk0MSwxXQ==",
       "attributes": {
         "title": "Network Traffic (Packets)",
-        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
+        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -334,7 +334,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:stats\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:stats\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -375,7 +375,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"fixed_interval\":\"30m\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30m\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -451,7 +451,7 @@
         {
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
           "type": "index-pattern",
-          "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER"
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
         }
       ],
       "migrationVersion": {
@@ -509,7 +509,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:reporter\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:reporter\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
@@ -533,7 +533,7 @@
       "version": "Wzk0MiwxXQ==",
       "attributes": {
         "title": "Network Traffic (Bytes)",
-        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
+        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
index bae5dba1c..ca947ed1c 100644
--- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
+++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
@@ -72,7 +72,7 @@
       "version": "WzkxOCwxXQ==",
       "attributes": {
         "title": "Malcolm Sensor Audit Logs - Host",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
@@ -132,7 +132,7 @@
       "version": "WzkyNCwxXQ==",
       "attributes": {
         "title": "Malcolm Sensor Audit Logs - Logs Over Time by Type",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Logs Over Time by Type\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"miscbeat.auditlog.type\",\"terms_size\":\"20\",\"hide_in_legend\":0,\"label\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"filter\":{\"query\":\"event.module:auditlog AND miscbeat.auditlog:*\",\"language\":\"kuery\"},\"legend_position\":\"right\"}}",
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Logs Over Time by Type\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"miscbeat.auditlog.type\",\"terms_size\":\"20\",\"hide_in_legend\":0,\"label\":\"\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"filter\":{\"query\":\"event.module:auditlog AND miscbeat.auditlog:*\",\"language\":\"kuery\"},\"legend_position\":\"right\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
new file mode 100644
index 000000000..dc15ffb48
--- /dev/null
+++ b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
@@ -0,0 +1,213 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "Syslog messages forwarded to Malcolm from third-party hosts",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":17,\"h\":42,\"i\":\"9643084c-c5e9-48fb-bcec-3c19ebbc8824\"},\"panelIndex\":\"9643084c-c5e9-48fb-bcec-3c19ebbc8824\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":17,\"i\":\"15e304ad-7203-4256-baa4-6c68d81e0974\"},\"panelIndex\":\"15e304ad-7203-4256-baa4-6c68d81e0974\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":17,\"y\":17,\"w\":17,\"h\":25,\"i\":\"5ba24512-ebab-4755-8ff7-5488ef313c93\"},\"panelIndex\":\"5ba24512-ebab-4755-8ff7-5488ef313c93\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":34,\"y\":17,\"w\":14,\"h\":25,\"i\":\"86c420e1-adbf-42b4-97a2-7a6d61bdbaba\"},\"panelIndex\":\"86c420e1-adbf-42b4-97a2-7a6d61bdbaba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":42,\"w\":48,\"h\":33,\"i\":\"c42bd9aa-75b6-47ea-894b-0207558efa09\"},\"panelIndex\":\"c42bd9aa-75b6-47ea-894b-0207558efa09\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+        "timeRestore": false,
+        "title": "Syslog",
+        "version": 1
+      },
+      "id": "88bcec50-cc74-11ef-bae9-0d6b8da935ba",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "e84615e0-cc72-11ef-bae9-0d6b8da935ba",
+          "name": "panel_0",
+          "type": "visualization"
+        },
+        {
+          "id": "20d4e2f0-cc74-11ef-bae9-0d6b8da935ba",
+          "name": "panel_1",
+          "type": "visualization"
+        },
+        {
+          "id": "9587fcb0-cc72-11ef-bae9-0d6b8da935ba",
+          "name": "panel_2",
+          "type": "visualization"
+        },
+        {
+          "id": "60ad2500-cc73-11ef-bae9-0d6b8da935ba",
+          "name": "panel_3",
+          "type": "visualization"
+        },
+        {
+          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "name": "panel_4",
+          "type": "search"
+        }
+      ],
+      "type": "dashboard",
+      "updated_at": "2025-01-06T21:23:55.412Z",
+      "version": "WzEwNzQsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Syslog Facility",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Syslog Facility\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.facility.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Syslog Facility\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.facility.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Syslog Facility\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "e84615e0-cc72-11ef-bae9-0d6b8da935ba",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-06T21:22:44.702Z",
+      "version": "WzEwNzMsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Syslog Over Time",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "version": 1,
+        "visState": "{\"title\":\"Syslog Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"2025-01-06T13:39:38.861Z\",\"to\":\"2025-01-06T13:39:41.217Z\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.severity.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Severity\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "20d4e2f0-cc74-11ef-bae9-0d6b8da935ba",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-06T21:21:01.087Z",
+      "version": "WzEwNzEsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Syslog Severity",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Syslog Severity\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.severity.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Severity\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
+      },
+      "id": "9587fcb0-cc72-11ef-bae9-0d6b8da935ba",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-06T21:09:57.882Z",
+      "version": "WzEwNjQsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Syslog Hosts and Processes",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Syslog Hosts and Processes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.appname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "60ad2500-cc73-11ef-bae9-0d6b8da935ba",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-06T21:21:49.012Z",
+      "version": "WzEwNzIsMV0="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "host.name",
+          "log.syslog.appname",
+          "log.syslog.procid",
+          "log.syslog.facility.name",
+          "log.syslog.severity.name",
+          "event.original"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:syslog\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"365d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [],
+        "title": "Syslog",
+        "version": 1
+      },
+      "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2025-01-06T21:02:52.283Z",
+      "version": "WzEwNjMsMV0="
+    }
+  ],
+  "version": "2.18.0"
+}
diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
index 1e1551281..878cfba0d 100644
--- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
+++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
@@ -91,7 +91,7 @@
       "version": "Wzk0NSwxXQ==",
       "attributes": {
         "title": "Malcolm Sensor File/Directory Integrity - Host Check Summary",
-        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
+        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
         "description": "",
         "version": 1,
@@ -151,7 +151,7 @@
       "version": "WzgzNiwxXQ==",
       "attributes": {
         "title": "Malcolm Sensor File/Directory Integrity - Path",
-        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"@timestamp\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
+        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
         "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/Filebeat-nginx-logs.json b/dashboards/dashboards/beats/Filebeat-nginx-logs.json
index b2ad0dc32..d21f9861b 100644
--- a/dashboards/dashboards/beats/Filebeat-nginx-logs.json
+++ b/dashboards/dashboards/beats/Filebeat-nginx-logs.json
@@ -13,7 +13,7 @@
         "title": "nginx Access and Error Logs",
         "description": "",
         "hits": 0,
-        "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"log.level\",\"error.message\"],\"sort\":[\"@timestamp\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"url.original\",\"http.request.method\",\"http.response.status_code\",\"http.response.body.bytes\"],\"sort\":[\"@timestamp\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":12,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"log.level\",\"error.message\"],\"sort\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"url.original\",\"http.request.method\",\"http.response.status_code\",\"http.response.body.bytes\"],\"sort\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":12,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
         "optionsJSON": "{\"darkTheme\":false}",
         "version": 1,
         "timeRestore": false,
@@ -67,7 +67,7 @@
         },
         "sort": [
           [
-            "@timestamp",
+            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
             "desc"
           ]
         ],
@@ -107,7 +107,7 @@
         },
         "sort": [
           [
-            "@timestamp",
+            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
             "desc"
           ]
         ],
@@ -141,7 +141,7 @@
         "title": "nginx Access Over Time",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"1db649a0-a1f3-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"Access logs\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"annotations\":[{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"ignore_global_filters\":1,\"id\":\"970b1420-a1f3-11e7-a062-a1c3587f4874\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"color\":\"#F00\",\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"3189aa80-a1f3-11e7-a062-a1c3587f4874\"}],\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Access Over Time\"}"
+        "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"1db649a0-a1f3-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"Access logs\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"annotations\":[{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"ignore_global_filters\":1,\"id\":\"970b1420-a1f3-11e7-a062-a1c3587f4874\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"icon\":\"fa-tag\",\"color\":\"#F00\",\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"3189aa80-a1f3-11e7-a062-a1c3587f4874\"}],\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Access Over Time\"}"
       },
       "references": [],
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/Filebeat-nginx-overview.json b/dashboards/dashboards/beats/Filebeat-nginx-overview.json
index 7690a08a8..e9b625dd4 100644
--- a/dashboards/dashboards/beats/Filebeat-nginx-overview.json
+++ b/dashboards/dashboards/beats/Filebeat-nginx-overview.json
@@ -171,7 +171,7 @@
         "title": "nginx Response Codes Over Time",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"bar\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"query\":\"http.response.status_code:[200 TO 299]\",\"language\":\"lucene\"},\"label\":\"200s\",\"id\":\"5acdc750-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(252,196,0,1)\",\"filter\":{\"query\":\"http.response.status_code:[300 TO 399]\",\"language\":\"lucene\"},\"label\":\"300s\",\"id\":\"6efd2ae0-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(211,49,21,1)\",\"filter\":{\"query\":\"http.response.status_code:[400 TO 499]\",\"language\":\"lucene\"},\"label\":\"400s\",\"id\":\"76089a90-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(171,20,158,1)\",\"filter\":{\"query\":\"http.response.status_code:[500 TO 599]\",\"language\":\"lucene\"},\"label\":\"500s\",\"id\":\"7c7929d0-a29d-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"\",\"axis_position\":\"right\",\"split_mode\":\"filters\",\"fill\":0.5,\"stacked\":\"stacked\",\"terms_field\":\"http.response.status_code\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Response Codes Over Time\"}"
+        "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"bar\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"query\":\"http.response.status_code:[200 TO 299]\",\"language\":\"lucene\"},\"label\":\"200s\",\"id\":\"5acdc750-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(252,196,0,1)\",\"filter\":{\"query\":\"http.response.status_code:[300 TO 399]\",\"language\":\"lucene\"},\"label\":\"300s\",\"id\":\"6efd2ae0-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(211,49,21,1)\",\"filter\":{\"query\":\"http.response.status_code:[400 TO 499]\",\"language\":\"lucene\"},\"label\":\"400s\",\"id\":\"76089a90-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(171,20,158,1)\",\"filter\":{\"query\":\"http.response.status_code:[500 TO 599]\",\"language\":\"lucene\"},\"label\":\"500s\",\"id\":\"7c7929d0-a29d-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"\",\"axis_position\":\"right\",\"split_mode\":\"filters\",\"fill\":0.5,\"stacked\":\"stacked\",\"terms_field\":\"http.response.status_code\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Response Codes Over Time\"}"
       },
       "references": [],
       "migrationVersion": {
@@ -194,7 +194,7 @@
         "title": "nginx Top Pages",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"value_template\":\"\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"axis_position\":\"right\",\"split_mode\":\"terms\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"top_n\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"id\":\"6252c320-a1f5-11e7-92ba-5d0b8663aece\"}],\"interval\":\"auto\"},\"aggs\":[],\"title\":\"nginx Top Pages\"}"
+        "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"value_template\":\"\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"axis_position\":\"right\",\"split_mode\":\"terms\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"top_n\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"id\":\"6252c320-a1f5-11e7-92ba-5d0b8663aece\"}],\"interval\":\"auto\"},\"aggs\":[],\"title\":\"nginx Top Pages\"}"
       },
       "references": [],
       "migrationVersion": {
@@ -217,7 +217,7 @@
         "title": "nginx Errors Over Time",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"bar\",\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"axis_position\":\"right\",\"split_mode\":\"terms\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\",\"color\":\"rgba(211,49,21,1)\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:error\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Errors Over Time\"}"
+        "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"bar\",\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"axis_position\":\"right\",\"split_mode\":\"terms\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\",\"color\":\"rgba(211,49,21,1)\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:error\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Errors Over Time\"}"
       },
       "references": [],
       "migrationVersion": {
@@ -240,7 +240,7 @@
         "title": "nginx Data Volume",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"bytes\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"query\":\"http.response.status_code:[200 TO 299]\",\"language\":\"lucene\"},\"label\":\"200s\",\"id\":\"7c343c20-a29e-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"field\":\"http.response.body.bytes\"}],\"label\":\"\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":null,\"color\":\"#68BC00\",\"line_width\":1,\"split_color_mode\":\"gradient\"}],\"time_field\":\"@timestamp\",\"filter\":{\"query\":\"event.module: nginx AND fileset.name: access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Data Volume\"}"
+        "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"bytes\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"query\":\"http.response.status_code:[200 TO 299]\",\"language\":\"lucene\"},\"label\":\"200s\",\"id\":\"7c343c20-a29e-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"field\":\"http.response.body.bytes\"}],\"label\":\"\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":null,\"color\":\"#68BC00\",\"line_width\":1,\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module: nginx AND fileset.name: access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Data Volume\"}"
       },
       "references": [],
       "migrationVersion": {
@@ -293,7 +293,7 @@
         },
         "sort": [
           [
-            "@timestamp",
+            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
             "desc"
           ]
         ],
diff --git a/dashboards/dashboards/beats/Metricbeat-host-overview.json b/dashboards/dashboards/beats/Metricbeat-host-overview.json
index e700b9905..64512d4d5 100644
--- a/dashboards/dashboards/beats/Metricbeat-host-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-host-overview.json
@@ -122,7 +122,7 @@
       "version": "WzEwMjgsMV0=",
       "attributes": {
         "title": "Network Traffic (Packets)",
-        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
+        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -145,7 +145,7 @@
       "version": "Wzg1NSwxXQ==",
       "attributes": {
         "title": "Network Traffic (Bytes)",
-        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
+        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -168,7 +168,7 @@
       "version": "Wzg1NiwxXQ==",
       "attributes": {
         "title": "Memory Usage",
-        "visState": "{\"title\":\"Memory Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"32f46f40-1b16-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"4ff61fd0-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used\",\"type\":\"avg\"},{\"id\":\"3150c580-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"34e66f60-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"usedkb\",\"field\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.usedkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Used\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"753a6080-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(0,156,224,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"4f1bb980-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"52c168f0-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"swapkb\",\"field\":\"753a6081-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.swapkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Swap\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"32f46f41-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.free\",\"type\":\"avg\"},{\"id\":\"61b8e450-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"6458bc80-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"freekb\",\"field\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.freekb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Free\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"@timestamp\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Memory Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"32f46f40-1b16-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"4ff61fd0-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used\",\"type\":\"avg\"},{\"id\":\"3150c580-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"34e66f60-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"usedkb\",\"field\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.usedkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Used\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"753a6080-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(0,156,224,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"4f1bb980-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"52c168f0-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"swapkb\",\"field\":\"753a6081-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.swapkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Swap\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"32f46f41-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.free\",\"type\":\"avg\"},{\"id\":\"61b8e450-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"6458bc80-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"freekb\",\"field\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.freekb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Free\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -191,7 +191,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "CPU Usage",
-        "visState": "{\"title\":\"CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"80a04950-1b19-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"993acf30-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"993acf31-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.system_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"system\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"},{\"id\":\"80a04951-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"80a04952-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.user_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"0.9\",\"line_width\":1,\"label\":\"user\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\"},{\"id\":\"4eb3d7b0-eb9b-11ec-8afc-039f20728581\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(46,88,242,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4eb3d7b1-eb9b-11ec-8afc-039f20728581\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"total\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\",\"hidden\":false}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"@timestamp\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"80a04950-1b19-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"993acf30-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"993acf31-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.system_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"system\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"},{\"id\":\"80a04951-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"80a04952-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.user_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"0.9\",\"line_width\":1,\"label\":\"user\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\"},{\"id\":\"4eb3d7b0-eb9b-11ec-8afc-039f20728581\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(46,88,242,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4eb3d7b1-eb9b-11ec-8afc-039f20728581\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"total\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\",\"hidden\":false}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -214,7 +214,7 @@
       "version": "Wzg1OCwxXQ==",
       "attributes": {
         "title": "Disk IO (Bytes)",
-        "visState": "{\"title\":\"Disk IO (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(22,165,165,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.read_size\",\"type\":\"sum\"},{\"id\":\"3be3ef00-eb99-11ec-8afc-039f20728581\",\"type\":\"math\",\"variables\":[{\"id\":\"40f00c40-eb99-11ec-8afc-039f20728581\",\"name\":\"readsize\",\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\"}],\"script\":\"0 - params.readsize\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"reads\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(251,158,0,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.write_size\",\"type\":\"sum\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"writes\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"time_field\":\"@timestamp\",\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Disk IO (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(22,165,165,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.read_size\",\"type\":\"sum\"},{\"id\":\"3be3ef00-eb99-11ec-8afc-039f20728581\",\"type\":\"math\",\"variables\":[{\"id\":\"40f00c40-eb99-11ec-8afc-039f20728581\",\"name\":\"readsize\",\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\"}],\"script\":\"0 - params.readsize\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"reads\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(251,158,0,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.write_size\",\"type\":\"sum\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"writes\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -237,7 +237,7 @@
       "version": "Wzg4MSwxXQ==",
       "attributes": {
         "title": "CPU Usage Gauge",
-        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}",
+        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -260,7 +260,7 @@
       "version": "Wzg4MCwxXQ==",
       "attributes": {
         "title": "Memory Usage Gauge",
-        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -283,7 +283,7 @@
       "version": "Wzk0OCwxXQ==",
       "attributes": {
         "title": "Inbound Traffic",
-        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}",
+        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -306,7 +306,7 @@
       "version": "Wzk1NSwxXQ==",
       "attributes": {
         "title": "Outbound Traffic",
-        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"@timestamp\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -352,7 +352,7 @@
       "version": "Wzg2NCwxXQ==",
       "attributes": {
         "title": "Swap usage",
-        "visState": "{\"title\":\"Swap usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"filter\":\"\",\"series\":[{\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.mem.Swap.total\"},{\"id\":\"a4743e90-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"a62793e0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"used\",\"field\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\"},{\"id\":\"aaa023b0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"total\",\"field\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\"}],\"script\":\"params.used / params.total\"}],\"formatter\":\"percent\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Swap usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Swap usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"filter\":\"\",\"series\":[{\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.mem.Swap.total\"},{\"id\":\"a4743e90-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"a62793e0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"used\",\"field\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\"},{\"id\":\"aaa023b0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"total\",\"field\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\"}],\"script\":\"params.used / params.total\"}],\"formatter\":\"percent\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Swap usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -375,7 +375,7 @@
       "version": "Wzg2NSwxXQ==",
       "attributes": {
         "title": "Memory usage vs total",
-        "visState": "{\"title\":\"Memory usage vs total\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.used\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"647ab8e0-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"674d39d0-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memusedkb\",\"field\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memusedkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"83f4bc70-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"9ea2b900-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memtotalkb\",\"field\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memtotalkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Memory usage vs total\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.used\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"647ab8e0-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"674d39d0-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memusedkb\",\"field\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memusedkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"83f4bc70-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"9ea2b900-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memtotalkb\",\"field\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memtotalkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -398,7 +398,7 @@
       "version": "Wzk3NSwxXQ==",
       "attributes": {
         "title": "Disk used",
-        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"@timestamp\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"@timestamp\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}",
+        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -421,7 +421,7 @@
       "version": "WzEwMzQsMV0=",
       "attributes": {
         "title": "Interfaces by Incoming traffic",
-        "visState": "{\"title\":\"Interfaces by Incoming traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"42ceae90-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.rx\",\"type\":\"top_hit\",\"order_by\":\"@timestamp\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Incoming traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"@timestamp\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"44596d40-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Interfaces by Incoming traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"42ceae90-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.rx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Incoming traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"44596d40-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -444,7 +444,7 @@
       "version": "WzEwMzcsMV0=",
       "attributes": {
         "title": "Interfaces by Outgoing traffic",
-        "visState": "{\"title\":\"Interfaces by Outgoing traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9cdba910-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"9cdba911-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"@timestamp\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Outgoing traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"@timestamp\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"9db20be0-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Interfaces by Outgoing traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9cdba910-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"9cdba911-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Outgoing traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"9db20be0-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -490,7 +490,7 @@
       "version": "WzEwMjUsMV0=",
       "attributes": {
         "title": "Network Traffic (Drops and Errors)",
-        "visState": "{\"title\":\"Network Traffic (Drops and Errors)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"table\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.rx\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"color_rules\":[{\"id\":\"77170e30-ebf4-11ec-a401-f5db2d59e6af\"}],\"label\":\"Drops In\"},{\"id\":\"e5fec770-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e5fec771-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.rx\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors In\"},{\"id\":\"ce173de0-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"ce173de1-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.tx\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Drops Out\",\"color_rules\":[{\"id\":\"e3795510-ebf4-11ec-a401-f5db2d59e6af\"}]},{\"id\":\"f381f250-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"f381f251-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.tx\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors Out\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"bar_color_rules\":[{\"id\":\"5eab8790-ebf4-11ec-a401-f5db2d59e6af\"}],\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"pivot_label\":\"Interface\"}}",
+        "visState": "{\"title\":\"Network Traffic (Drops and Errors)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"table\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"color_rules\":[{\"id\":\"77170e30-ebf4-11ec-a401-f5db2d59e6af\"}],\"label\":\"Drops In\"},{\"id\":\"e5fec770-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e5fec771-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors In\"},{\"id\":\"ce173de0-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"ce173de1-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.tx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Drops Out\",\"color_rules\":[{\"id\":\"e3795510-ebf4-11ec-a401-f5db2d59e6af\"}]},{\"id\":\"f381f250-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"f381f251-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.tx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors Out\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"bar_color_rules\":[{\"id\":\"5eab8790-ebf4-11ec-a401-f5db2d59e6af\"}],\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"pivot_label\":\"Interface\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/Metricbeat-system-overview.json b/dashboards/dashboards/beats/Metricbeat-system-overview.json
index 8d88d63d0..069bc3d8f 100644
--- a/dashboards/dashboards/beats/Metricbeat-system-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-system-overview.json
@@ -139,7 +139,7 @@
       "version": "Wzg3NCwxXQ==",
       "attributes": {
         "title": "Top Hosts By Memory",
-        "visState": "{\"title\":\"Top Hosts By Memory\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\",\"order_by\":\"@timestamp\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"@timestamp\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Top Hosts By Memory\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -162,7 +162,7 @@
       "version": "Wzg3NSwxXQ==",
       "attributes": {
         "title": "Top Hosts By CPU",
-        "visState": "{\"title\":\"Top Hosts By CPU\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\",\"order_by\":\"@timestamp\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"@timestamp\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Top Hosts By CPU\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -185,7 +185,7 @@
       "version": "Wzg3NiwxXQ==",
       "attributes": {
         "title": "Hosts histogram by CPU usage",
-        "visState": "{\"title\":\"Hosts histogram by CPU usage\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"params\":{\"field\":\"miscbeat.cpu.cpu_p\",\"customLabel\":\"CPU usage %\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hosts\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"colorsNumber\":4,\"colorsRange\":[],\"invertColors\":false,\"setColorRange\":false,\"enableHover\":true,\"valueAxes\":[{\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"id\":\"ValueAxis-1\",\"labels\":{\"rotate\":0,\"show\":false,\"color\":\"#555\",\"overwriteColor\":false},\"show\":false,\"type\":\"value\"}],\"type\":\"heatmap\",\"times\":[],\"percentageMode\":true,\"colorSchema\":\"Greens\",\"addLegend\":true,\"legendPosition\":\"bottom\"}}",
+        "visState": "{\"title\":\"Hosts histogram by CPU usage\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"params\":{\"field\":\"miscbeat.cpu.cpu_p\",\"customLabel\":\"CPU usage %\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hosts\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"colorsNumber\":4,\"colorsRange\":[],\"invertColors\":false,\"setColorRange\":false,\"enableHover\":true,\"valueAxes\":[{\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"id\":\"ValueAxis-1\",\"labels\":{\"rotate\":0,\"show\":false,\"color\":\"#555\",\"overwriteColor\":false},\"show\":false,\"type\":\"value\"}],\"type\":\"heatmap\",\"times\":[],\"percentageMode\":true,\"colorSchema\":\"Greens\",\"addLegend\":true,\"legendPosition\":\"bottom\"}}",
         "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0% - 5%\":\"rgb(247,252,245)\",\"10% - 15%\":\"rgb(116,196,118)\",\"15% - 20%\":\"rgb(35,139,69)\",\"5% - 10%\":\"rgb(199,233,192)\"}}}",
         "description": "",
         "version": 1,
@@ -214,7 +214,7 @@
       "version": "Wzk0OCwxXQ==",
       "attributes": {
         "title": "Inbound Traffic",
-        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"@timestamp\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}",
+        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -237,7 +237,7 @@
       "version": "Wzk1NSwxXQ==",
       "attributes": {
         "title": "Outbound Traffic",
-        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"@timestamp\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -260,7 +260,7 @@
       "version": "Wzk3NSwxXQ==",
       "attributes": {
         "title": "Disk used",
-        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"@timestamp\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"@timestamp\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}",
+        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -283,7 +283,7 @@
       "version": "Wzg4MCwxXQ==",
       "attributes": {
         "title": "Memory Usage Gauge",
-        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
+        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -306,7 +306,7 @@
       "version": "Wzg4MSwxXQ==",
       "attributes": {
         "title": "CPU Usage Gauge",
-        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"@timestamp\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}",
+        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
index 2ebe7fffc..35d980a49 100644
--- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
+++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
@@ -127,7 +127,7 @@
       "version": "Wzk0MSwxXQ==",
       "attributes": {
         "title": "Journald - Logs by Host Over Time",
-        "visState": "{\"title\":\"Journald - Logs by Host Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Journald Host\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
+        "visState": "{\"title\":\"Journald - Logs by Host Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Journald Host\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -220,7 +220,7 @@
         "description": "",
         "hits": 0,
         "columns": [
-          "@timestamp",
+          "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
           "miscbeat.systemd.hostname",
           "process.name",
           "process.pid",
@@ -233,7 +233,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"miscbeat.systemd:*\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"@timestamp\",\"calendar_interval\":\"1w\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"miscbeat.systemd:*\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"calendar_interval\":\"1w\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [

From a5eb005a1fd53cd42088aeba587e94d7f9d10936 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 10:58:41 -0700
Subject: [PATCH 05/53] cisagov/Malcolm#543, add naviation pane to non-network
 dashboards

---
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json |   2 +-
 .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json |   2 +-
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json |   2 +-
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json |   2 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |   2 +-
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |   2 +-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json |   2 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json |   2 +-
 .../11be6381-beef-40a7-bdce-88c5398392fc.json |   2 +-
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json |   2 +-
 .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json |   2 +-
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json |   2 +-
 .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json |   2 +-
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json |   2 +-
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json |   4 +-
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json |   4 +-
 .../2cc56240-e460-11ed-a9d5-9f591c284cb4.json |   2 +-
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json |   2 +-
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json |   2 +-
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json |   2 +-
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json |   2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json |   2 +-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../3a9e3440-75e2-11ef-8138-03748f839a49.json |   2 +-
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |   2 +-
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json |   2 +-
 .../4a073440-b286-11eb-a4d4-09fa12a6ebd4.json |   2 +-
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json |   4 +-
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json |   2 +-
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json |   2 +-
 .../543118a9-02d7-43fe-b669-b8652177fc37.json |   2 +-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json |   2 +-
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json |   2 +-
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json |   2 +-
 .../677ee170-809e-11ed-8d5b-07069f823b6f.json |   4 +-
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json |   2 +-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json |   2 +-
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json |   2 +-
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json |   2 +-
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json |   2 +-
 .../87a32f90-ef58-11e9-974e-9d600036d105.json |   2 +-
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json |   2 +-
 .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json |   2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json |   2 +-
 .../95479950-41f2-11ea-88fa-7151df485405.json |   2 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json |   2 +-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../a33e0a50-afcd-11ea-993f-b7d8522a8bed.json |   2 +-
 .../a7514350-eba6-11e9-a384-0fcf32210194.json |   2 +-
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json |   2 +-
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json |   2 +-
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json |   2 +-
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json |   2 +-
 .../b8cf5890-87ed-11ef-ae18-dbcd34795edb.json |   2 +-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json |   2 +-
 .../046212a0-a2a1-11e7-928f-5dbe6f6f5519.json | 175 +++++
 .../0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json | 252 ++++----
 .../3768ef70-d819-11ee-820d-dd9fd73a3921.json | 176 +++---
 .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json | 598 +++++++++---------
 .../53bff390-5027-11ef-b744-23222ad0b42a.json | 131 ----
 ...55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json} | 258 ++++----
 .../79202ee0-d811-11ee-820d-dd9fd73a3921.json | 372 ++++++-----
 .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json | 324 +++++-----
 .../88bcec50-cc74-11ef-bae9-0d6b8da935ba.json |  78 ++-
 .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json | 252 ++++----
 .../dashboards/beats/Filebeat-nginx-logs.json | 175 -----
 .../beats/Metricbeat-host-overview.json       | 544 ++++++++--------
 .../beats/Metricbeat-system-overview.json     | 364 ++++++-----
 .../f6600310-9943-11ee-a029-e973f4774355.json | 290 +++++----
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json |   2 +-
 .../bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json |   2 +-
 .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json |   2 +-
 .../ca5799a0-56b5-11eb-b749-576de068f8ad.json |   2 +-
 .../caef3ade-d289-4d05-a511-149f3e97f238.json |   2 +-
 .../d2dd0180-06b1-11ec-8c6b-353266ade330.json |   2 +-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json |   2 +-
 .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json |   2 +-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json |   2 +-
 .../e233a570-45d9-11ef-96a6-432365601033.json |   2 +-
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json |   4 +-
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |   2 +-
 .../f394057d-1b16-4174-b994-7045f423a416.json |   2 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json |   2 +-
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json |   2 +-
 .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json |   2 +-
 91 files changed, 2137 insertions(+), 2016 deletions(-)
 create mode 100644 dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
 delete mode 100644 dashboards/dashboards/beats/53bff390-5027-11ef-b744-23222ad0b42a.json
 rename dashboards/dashboards/beats/{Filebeat-nginx-overview.json => 55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json} (57%)
 delete mode 100644 dashboards/dashboards/beats/Filebeat-nginx-logs.json

diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 1b8548b27..d78c6efb9 100644
--- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -112,7 +112,7 @@
       "version": "Wzc0MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
index 7e1c6df4a..e60a6a47c 100644
--- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
+++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
@@ -87,7 +87,7 @@
       "version": "Wzc5NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index 4359662f0..c7b019fab 100644
--- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -92,7 +92,7 @@
       "version": "Wzg3OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index b886de969..92c6efe09 100644
--- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index abe104c4f..b74ed6f47 100644
--- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -87,7 +87,7 @@
       "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 54a52681f..91a11e58f 100644
--- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -87,7 +87,7 @@
       "version": "Wzc5NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index cff8454a3..f54e45d6a 100644
--- a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index 39609ea04..18ec52165 100644
--- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 4e143685b..142b4adc3 100644
--- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -82,7 +82,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index 1a15e9b7b..a2215e655 100644
--- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
index 44a0e8231..3b06eef20 100644
--- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
+++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
@@ -82,7 +82,7 @@
       "version": "Wzc1NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index 9d29d5d34..e2cdd9f94 100644
--- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -127,7 +127,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
index fcd8b6a6a..74f8fb0aa 100644
--- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
+++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
@@ -92,7 +92,7 @@
       "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 1fe910058..7f1ab8fa7 100644
--- a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 81517ff8a..e292b3298 100644
--- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -72,7 +72,7 @@
       "version": "Wzc4NCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index 5b36aced7..e305726ca 100644
--- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -112,7 +112,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -624,7 +624,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index 990a0956d..d0112a7a6 100644
--- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -122,7 +122,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -678,7 +678,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
index fc0d3c29d..4a2a1c616 100644
--- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
+++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
@@ -122,7 +122,7 @@
       "version": "Wzg0OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index d2f40a6ca..31c806d12 100644
--- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -107,7 +107,7 @@
       "version": "Wzg3OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index eb0c70932..89ec527d8 100644
--- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -117,7 +117,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index bcd6b5ee6..853b211bb 100644
--- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -72,7 +72,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index cfd7012f1..00a6c4981 100644
--- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -92,7 +92,7 @@
       "version": "WzkyOSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index da2caaa25..5f8282a50 100644
--- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -127,7 +127,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index 92a846722..f3bba8680 100644
--- a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json b/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
index d09bf994f..b9933bd14 100644
--- a/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
+++ b/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
@@ -162,7 +162,7 @@
       "version": "WzkxNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 9825403ca..514921616 100644
--- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -102,7 +102,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index e534438e4..552ec76ed 100644
--- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
index ef5d30e15..c0d4369cd 100644
--- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
+++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
@@ -82,7 +82,7 @@
       "version": "Wzg4MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index afec24b5a..faf87068c 100644
--- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -97,7 +97,7 @@
       "version": "Wzg4OCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -447,7 +447,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 02da0c856..0e0307fc5 100644
--- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -87,7 +87,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index bb9b463df..60c9a655e 100644
--- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 20b1f3a71..bdef4b3f1 100644
--- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index b6adfbceb..13996bf11 100644
--- a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -47,7 +47,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
index 93985be75..03fd74a7d 100644
--- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
+++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
@@ -97,7 +97,7 @@
       "version": "Wzg2MSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index caecd428f..e1a2a9238 100644
--- a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index 5980f5917..cd1a92675 100644
--- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -77,7 +77,7 @@
       "version": "Wzc4NCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
index 06a3088ab..c45de9309 100644
--- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
+++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
@@ -122,7 +122,7 @@
       "version": "Wzg4NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -650,7 +650,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"tags:netbox OR ((source.segment:* OR destination.segment:*) AND (NOT (network.direction:external)))\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"tags:netbox OR ((source.segment:* OR destination.segment:*) AND (NOT (network.direction:external)))\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index a1d23dd8a..bf608fd03 100644
--- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -82,7 +82,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 023608ba5..096db88f3 100644
--- a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index 04ddf68dd..bc3b3c17f 100644
--- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 218212ed9..322eea8c8 100644
--- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -117,7 +117,7 @@
       "version": "Wzg1OCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index ebac43e5f..e11b1f480 100644
--- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index f3b7887fc..20d8b42fc 100644
--- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 69104c4cf..edebcf69f 100644
--- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 5c20800ed..07765dddb 100644
--- a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -62,7 +62,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
index 790ca8f43..8a86e2413 100644
--- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
+++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
@@ -102,7 +102,7 @@
       "version": "WzgzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 13e18509f..1b7ea148d 100644
--- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index 73c8287de..e6d5bd10a 100644
--- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -102,7 +102,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index 085de5b44..c299acb16 100644
--- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -122,7 +122,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index 3e476026e..4abfe5511 100644
--- a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
index 2bb2faa17..8aaa0560b 100644
--- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
+++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
@@ -82,7 +82,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index a32c7a731..eac725d51 100644
--- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -87,7 +87,7 @@
       "version": "Wzg2MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 70e3f286d..c271c8a5f 100644
--- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -167,7 +167,7 @@
       "version": "Wzc4NiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index b04cb2712..6d2a0bd8f 100644
--- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -87,7 +87,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index a334a8d2d..1d35f1ca1 100644
--- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index d0b14ce92..2ed3b4d80 100644
--- a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json b/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
index 5bbbde47e..3d389fcdd 100644
--- a/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
+++ b/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
@@ -92,7 +92,7 @@
       "version": "WzkxNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 5a2a6ba77..195a2565e 100644
--- a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 33a318225..07458e575 100644
--- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json b/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
new file mode 100644
index 000000000..bc33dfb0e
--- /dev/null
+++ b/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
@@ -0,0 +1,175 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "nginx logs, including from Malcolm's own nginx instance",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}"
+        },
+        "optionsJSON": "{\"darkTheme\":false}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":40,\"h\":26,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"log.level\",\"error.message\"],\"sort\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":29,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"url.original\",\"http.request.method\",\"http.response.status_code\",\"http.response.body.bytes\"],\"sort\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":18,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"4faa0787-af1b-4892-8ffd-a4da4c77a763\"},\"panelIndex\":\"4faa0787-af1b-4892-8ffd-a4da4c77a763\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "timeRestore": false,
+        "title": "nginx Access and Error Logs",
+        "version": 1
+      },
+      "id": "046212a0-a2a1-11e7-928f-5dbe6f6f5519",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519",
+          "name": "panel_0",
+          "type": "search"
+        },
+        {
+          "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519",
+          "name": "panel_1",
+          "type": "search"
+        },
+        {
+          "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519",
+          "name": "panel_2",
+          "type": "visualization"
+        },
+        {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+          "name": "panel_3",
+          "type": "visualization"
+        }
+      ],
+      "type": "dashboard",
+      "updated_at": "2025-01-07T15:39:55.813Z",
+      "version": "WzEwNjgsMV0="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "log.level",
+          "error.message"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":false,\"query\":{\"query\":\"event.module:nginx AND error.message:*\",\"language\":\"kuery\"},\"version\":true,\"highlight\":{\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false,\"fragment_size\":2147483647},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [
+          [
+            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
+            "desc"
+          ]
+        ],
+        "title": "nginx Error Logs",
+        "version": 1
+      },
+      "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:12.941Z",
+      "version": "WzEwMDIsMV0="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "url.original",
+          "http.request.method",
+          "http.response.status_code",
+          "http.response.body.bytes"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":false,\"query\":{\"query\":\"event.module:nginx AND url.original:*\",\"language\":\"kuery\"},\"version\":true,\"highlight\":{\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false,\"fragment_size\":2147483647},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [
+          [
+            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
+            "desc"
+          ]
+        ],
+        "title": "nginx Access Logs",
+        "version": 1
+      },
+      "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:12.941Z",
+      "version": "WzEwMDMsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{}"
+        },
+        "title": "nginx Access Over Time",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"1db649a0-a1f3-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"Access logs\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"annotations\":[{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"ignore_global_filters\":1,\"id\":\"970b1420-a1f3-11e7-a062-a1c3587f4874\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"icon\":\"fa-tag\",\"color\":\"#F00\",\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"3189aa80-a1f3-11e7-a062-a1c3587f4874\"}],\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Access Over Time\"}"
+      },
+      "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:12.941Z",
+      "version": "WzEwMDQsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    }
+  ],
+  "version": "2.18.0"
+}
diff --git a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
index aec5d3052..4836a1f35 100644
--- a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
+++ b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
@@ -1,209 +1,237 @@
 {
-  "version": "2.0.0",
   "objects": [
     {
-      "id": "0d4955f0-eb25-11ec-a6d4-b3526526c2c7",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzkxMSwyXQ==",
       "attributes": {
-        "title": "Hardware Temperature",
-        "hits": 0,
         "description": "Hardware component temperature summary, including from Malcolm sensors and aggregators",
-        "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"0a9ba334-b226-4245-b00e-ad8fcabf0e00\"},\"panelIndex\":\"0a9ba334-b226-4245-b00e-ad8fcabf0e00\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":35,\"h\":18,\"i\":\"47ef4d93-d7d5-41c3-a3f4-d3b543ad22bc\"},\"panelIndex\":\"47ef4d93-d7d5-41c3-a3f4-d3b543ad22bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":9,\"i\":\"970e9ca1-f3a4-4660-8f3e-8879e53cc63e\"},\"panelIndex\":\"970e9ca1-f3a4-4660-8f3e-8879e53cc63e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":15,\"i\":\"594e7e58-e32d-4a2d-b492-a97541a2a2d4\"},\"panelIndex\":\"594e7e58-e32d-4a2d-b492-a97541a2a2d4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"vis\":null},\"panelRefName\":\"panel_3\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":35,\"i\":\"aae9ec90-dea9-4a53-b4a7-99c5a6c91b55\"},\"panelIndex\":\"aae9ec90-dea9-4a53-b4a7-99c5a6c91b55\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":false}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":false}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"419ee528-16ba-483b-80ef-c96457ad1b89\"},\"panelIndex\":\"419ee528-16ba-483b-80ef-c96457ad1b89\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":11,\"i\":\"0a9ba334-b226-4245-b00e-ad8fcabf0e00\"},\"panelIndex\":\"0a9ba334-b226-4245-b00e-ad8fcabf0e00\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":21,\"i\":\"47ef4d93-d7d5-41c3-a3f4-d3b543ad22bc\"},\"panelIndex\":\"47ef4d93-d7d5-41c3-a3f4-d3b543ad22bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":11,\"w\":8,\"h\":10,\"i\":\"970e9ca1-f3a4-4660-8f3e-8879e53cc63e\"},\"panelIndex\":\"970e9ca1-f3a4-4660-8f3e-8879e53cc63e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":21,\"w\":40,\"h\":23,\"i\":\"594e7e58-e32d-4a2d-b492-a97541a2a2d4\"},\"panelIndex\":\"594e7e58-e32d-4a2d-b492-a97541a2a2d4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"vis\":null},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":27,\"i\":\"aae9ec90-dea9-4a53-b4a7-99c5a6c91b55\"},\"panelIndex\":\"aae9ec90-dea9-4a53-b4a7-99c5a6c91b55\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "timeRestore": false,
+        "title": "Hardware Temperature",
+        "version": 1
+      },
+      "id": "0d4955f0-eb25-11ec-a6d4-b3526526c2c7",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "d2e979c0-eb20-11ec-a6d4-b3526526c2c7"
+          "type": "visualization"
         },
         {
+          "id": "d2e979c0-eb20-11ec-a6d4-b3526526c2c7",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "6edfd120-eb22-11ec-a6d4-b3526526c2c7"
+          "type": "visualization"
         },
         {
+          "id": "6edfd120-eb22-11ec-a6d4-b3526526c2c7",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "ff1a4590-eb22-11ec-a6d4-b3526526c2c7"
+          "type": "visualization"
         },
         {
+          "id": "ff1a4590-eb22-11ec-a6d4-b3526526c2c7",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "71e9cae0-eb24-11ec-a6d4-b3526526c2c7"
+          "type": "visualization"
         },
         {
+          "id": "71e9cae0-eb24-11ec-a6d4-b3526526c2c7",
           "name": "panel_4",
-          "type": "search",
-          "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7"
+          "type": "visualization"
+        },
+        {
+          "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7",
+          "name": "panel_5",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T15:34:09.480Z",
+      "version": "WzEwNjYsMV0="
     },
     {
-      "id": "d2e979c0-eb20-11ec-a6d4-b3526526c2c7",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-13T13:57:55.163Z",
-      "version": "Wzg5NiwyXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Hardware Temperature - Host Chooser",
-        "visState": "{\"title\":\"Hardware Temperature - Host Chooser\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1655127648591\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host Chooser\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Hardware Temperature - Host Chooser",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Hardware Temperature - Host Chooser\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1655127648591\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host Chooser\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"
       },
+      "id": "d2e979c0-eb20-11ec-a6d4-b3526526c2c7",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "control_0_index_pattern",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:04.927Z",
+      "version": "Wzk0MywxXQ=="
     },
     {
-      "id": "6edfd120-eb22-11ec-a6d4-b3526526c2c7",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-13T14:26:58.711Z",
-      "version": "WzkwOCwyXQ==",
       "attributes": {
-        "title": "Hardware Temperature - Over Time",
-        "visState": "{\"title\":\"Hardware Temperature - Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"miscbeat.thermal.temp\",\"customLabel\":\"High °C\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"High °C\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":1.5,\"mode\":\"normal\",\"show\":true,\"showCircles\":false,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":true,\"style\":\"full\",\"value\":95,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\",\"setYExtents\":true,\"min\":35,\"max\":115},\"show\":true,\"style\":{},\"title\":{\"text\":\"High °C\"},\"type\":\"value\"}]}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Hardware Temperature - Over Time",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "version": 1,
+        "visState": "{\"title\":\"Hardware Temperature - Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"miscbeat.thermal.temp\",\"customLabel\":\"High °C\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":8,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"group\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":true,\"valueAxis\":\"ValueAxis-1\"},\"labels\":{},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"High °C\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":1.5,\"mode\":\"normal\",\"show\":true,\"showCircles\":false,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":true,\"style\":\"full\",\"value\":95,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"type\":\"linear\",\"setYExtents\":true,\"min\":35,\"max\":115},\"show\":true,\"style\":{},\"title\":{\"text\":\"High °C\"},\"type\":\"value\"}]}}"
+      },
+      "id": "6edfd120-eb22-11ec-a6d4-b3526526c2c7",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7",
           "name": "search_0",
-          "type": "search",
-          "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:04.927Z",
+      "version": "Wzk0NCwxXQ=="
     },
     {
-      "id": "ff1a4590-eb22-11ec-a6d4-b3526526c2c7",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-13T14:13:28.297Z",
-      "version": "WzkwNCwyXQ==",
       "attributes": {
-        "title": "Hardware Temperature - Sensor Chooser",
-        "visState": "{\"title\":\"Hardware Temperature - Sensor Chooser\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1655129580950\",\"fieldName\":\"miscbeat.thermal.type\",\"parent\":\"\",\"label\":\"Sensor Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Hardware Temperature - Sensor Chooser",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Hardware Temperature - Sensor Chooser\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1655129580950\",\"fieldName\":\"miscbeat.thermal.type\",\"parent\":\"\",\"label\":\"Sensor Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"
       },
+      "id": "ff1a4590-eb22-11ec-a6d4-b3526526c2c7",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "control_0_index_pattern",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:04.927Z",
+      "version": "Wzk0NSwxXQ=="
     },
     {
-      "id": "71e9cae0-eb24-11ec-a6d4-b3526526c2c7",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-13T14:24:35.386Z",
-      "version": "WzkwNiwyXQ==",
       "attributes": {
-        "title": "Hardware Temperature - Sensor Type",
-        "visState": "{\"title\":\"Hardware Temperature - Sensor Type\",\"type\":\"gauge\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"miscbeat.thermal.temp\",\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.thermal.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":6,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sensor Type\"},\"schema\":\"group\"}],\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":45},{\"from\":45,\"to\":60},{\"from\":60,\"to\":80},{\"from\":80,\"to\":90},{\"from\":90,\"to\":110}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60}}}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Hardware Temperature - Sensor Type",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Hardware Temperature - Sensor Type\",\"type\":\"gauge\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"miscbeat.thermal.temp\",\"customLabel\":\" \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.thermal.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":6,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sensor Type\"},\"schema\":\"group\"}],\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":45},{\"from\":45,\"to\":60},{\"from\":60,\"to\":80},{\"from\":80,\"to\":90},{\"from\":90,\"to\":110}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60}}}}"
+      },
+      "id": "71e9cae0-eb24-11ec-a6d4-b3526526c2c7",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7",
           "name": "search_0",
-          "type": "search",
-          "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:04.927Z",
+      "version": "Wzk0NiwxXQ=="
     },
     {
-      "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-13T14:01:12.279Z",
-      "version": "WzkwMSwyXQ==",
       "attributes": {
-        "title": "Hardware Temperature - Logs",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "miscbeat.thermal.type",
           "miscbeat.thermal.name",
           "miscbeat.thermal.temp"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.module:thermal\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Hardware Temperature - Logs",
+        "version": 1
       },
+      "id": "4866d670-eb21-11ec-a6d4-b3526526c2c7",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:04.927Z",
+      "version": "Wzk0NywxXQ=="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
index a6fc0dc8f..f2206aca4 100644
--- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
@@ -1,141 +1,169 @@
 {
-  "version": "2.12.0",
   "objects": [
     {
-      "id": "3768ef70-d819-11ee-820d-dd9fd73a3921",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzExMTEsMV0=",
       "attributes": {
-        "title": "Linux Kernel Messages",
-        "hits": 0,
         "description": "Linux kernel messages (kmsg), including from Malcolm sensors and aggregators",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"1c0ec894-1fd1-4a1a-8aa1-730e651ecca8\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"1c0ec894-1fd1-4a1a-8aa1-730e651ecca8\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"d395e5d6-8064-4226-b4bd-7c21db0d6cf5\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"d395e5d6-8064-4226-b4bd-7c21db0d6cf5\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"4178095b-48cb-4ce8-b79c-eea288285dd5\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"4178095b-48cb-4ce8-b79c-eea288285dd5\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_2\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":41,\"i\":\"91267bbd-52aa-4f2e-88e6-2382f891ecd9\"},\"panelIndex\":\"91267bbd-52aa-4f2e-88e6-2382f891ecd9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":16,\"i\":\"1c0ec894-1fd1-4a1a-8aa1-730e651ecca8\"},\"panelIndex\":\"1c0ec894-1fd1-4a1a-8aa1-730e651ecca8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":16,\"i\":\"d395e5d6-8064-4226-b4bd-7c21db0d6cf5\"},\"panelIndex\":\"d395e5d6-8064-4226-b4bd-7c21db0d6cf5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":16,\"w\":40,\"h\":25,\"i\":\"4178095b-48cb-4ce8-b79c-eea288285dd5\"},\"panelIndex\":\"4178095b-48cb-4ce8-b79c-eea288285dd5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
+        "timeRestore": false,
+        "title": "Linux Kernel Messages",
+        "version": 1
       },
+      "id": "3768ef70-d819-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "822595a0-d818-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
         },
         {
+          "id": "822595a0-d818-11ee-820d-dd9fd73a3921",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "ab235be0-d818-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
         },
         {
+          "id": "ab235be0-d818-11ee-820d-dd9fd73a3921",
           "name": "panel_2",
-          "type": "search",
-          "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
+        },
+        {
+          "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921",
+          "name": "panel_3",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T15:52:17.199Z",
+      "version": "WzEwNzAsMV0="
     },
     {
-      "id": "822595a0-d818-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-01T22:10:26.938Z",
-      "version": "WzExMDgsMV0=",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Linux Kernel Messages by Host",
-        "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Linux Kernel Messages by Host",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Linux Kernel Messages by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Kernel Message\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "822595a0-d818-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:05.763Z",
+      "version": "Wzk0OSwxXQ=="
     },
     {
-      "id": "ab235be0-d818-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-01T22:14:59.550Z",
-      "version": "WzExMTAsMV0=",
       "attributes": {
-        "title": "Linux Kernel Messages over Time",
-        "visState": "{\"title\":\"Linux Kernel Messages over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Message Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Messages over Time by Priority\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.kmsg.priority\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Priority\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Message Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Message Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Linux Kernel Messages over Time",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "version": 1,
+        "visState": "{\"title\":\"Linux Kernel Messages over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Message Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Messages over Time by Priority\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.kmsg.priority\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Priority\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Message Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Message Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "ab235be0-d818-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:05.763Z",
+      "version": "Wzk1MCwxXQ=="
     },
     {
-      "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-01T22:07:55.148Z",
-      "version": "WzExMDUsMV0=",
       "attributes": {
-        "title": "Linux Kernel Messages",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "miscbeat.kmsg.sequence",
           "miscbeat.kmsg.priority",
           "event.original"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.module:kmsg\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30m\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Linux Kernel Messages",
+        "version": 1
+      },
+      "id": "27ac44c0-d818-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "search": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:05.763Z",
+      "version": "Wzk1MSwxXQ=="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
index 844f7b378..b9ef83116 100644
--- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
+++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
@@ -1,217 +1,234 @@
 {
-  "version": "2.12.0",
   "objects": [
     {
-      "id": "4ca94c70-d7da-11ee-9ed3-e7afff29e59a",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzEwNjUsMV0=",
       "attributes": {
-        "title": "Packet Capture Statistics",
-        "hits": 0,
         "description": "Statistics and diagnostics for packet capture from Zeek and Suricata",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":15,\"i\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"w\":35,\"x\":13,\"y\":0},\"panelIndex\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"w\":13,\"x\":0,\"y\":15},\"panelIndex\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"w\":13,\"x\":13,\"y\":15},\"panelIndex\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"columns\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"host.name\",\"zeek.capture_loss.peer\",\"zeek.capture_loss.acks\",\"zeek.capture_loss.gaps\",\"zeek.capture_loss.percent_lost\"]},\"gridData\":{\"h\":20,\"i\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"w\":22,\"x\":26,\"y\":15},\"panelIndex\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"w\":13,\"x\":0,\"y\":25},\"panelIndex\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":false},\"gridData\":{\"h\":10,\"i\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"w\":13,\"x\":13,\"y\":25},\"panelIndex\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"w\":24,\"x\":0,\"y\":35},\"panelIndex\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"w\":48,\"x\":0,\"y\":50},\"panelIndex\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"w\":48,\"x\":0,\"y\":71},\"panelIndex\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"w\":13,\"x\":0,\"y\":92},\"panelIndex\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"w\":35,\"x\":13,\"y\":92},\"panelIndex\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"w\":16,\"x\":0,\"y\":112},\"panelIndex\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{\"columns\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"host.name\",\"zeek.reporter.level\",\"zeek.reporter.msg\",\"zeek.reporter.location\"]},\"gridData\":{\"h\":17,\"i\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"w\":32,\"x\":16,\"y\":112},\"panelIndex\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"w\":24,\"x\":24,\"y\":35},\"panelIndex\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"version\":\"2.12.0\",\"panelRefName\":\"panel_14\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"2f6e911c-f4e2-46b9-8fcd-782142363917\"},\"panelIndex\":\"2f6e911c-f4e2-46b9-8fcd-782142363917\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":15,\"i\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\"},\"panelIndex\":\"0c179e97-9bcf-4f72-b717-b7a93667c1a0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":15,\"i\":\"b483d809-a528-4280-b79e-aa7ada17d275\"},\"panelIndex\":\"b483d809-a528-4280-b79e-aa7ada17d275\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":15,\"w\":11,\"h\":10,\"i\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\"},\"panelIndex\":\"e10dc0a6-f197-4cbc-a1ad-e67194f95a63\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":19,\"y\":15,\"w\":11,\"h\":10,\"i\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\"},\"panelIndex\":\"01b20859-4d95-47e0-a536-6b1e9932c35b\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":30,\"y\":15,\"w\":18,\"h\":20,\"i\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\"},\"panelIndex\":\"8e013ce7-3205-4d06-a805-6285826c1c5d\",\"embeddableConfig\":{\"columns\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"host.name\",\"zeek.capture_loss.peer\",\"zeek.capture_loss.acks\",\"zeek.capture_loss.gaps\",\"zeek.capture_loss.percent_lost\"]},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":25,\"w\":11,\"h\":10,\"i\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\"},\"panelIndex\":\"147b45ae-804b-4d9e-a9a9-806772ad3b35\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":19,\"y\":25,\"w\":11,\"h\":10,\"i\":\"687597e3-4848-4629-8b85-45c0773efb79\"},\"panelIndex\":\"687597e3-4848-4629-8b85-45c0773efb79\",\"embeddableConfig\":{\"hidePanelTitles\":false},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":15,\"i\":\"0174654c-2010-463a-b49e-fa5759b61b9c\"},\"panelIndex\":\"0174654c-2010-463a-b49e-fa5759b61b9c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":15,\"i\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\"},\"panelIndex\":\"2ecc4ac3-d694-46ab-a6b1-9c86e5e9d394\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":21,\"i\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\"},\"panelIndex\":\"36e03a4a-e017-42b8-82cf-205d26b2ed6b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":21,\"i\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\"},\"panelIndex\":\"e1c0f1e0-de36-4527-bafa-a297fe9452a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":92,\"w\":13,\"h\":20,\"i\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\"},\"panelIndex\":\"74a841b8-2ffc-4f6d-8b5a-ca7960eb6b10\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":13,\"y\":92,\"w\":35,\"h\":20,\"i\":\"f15e46fe-040f-4602-ad13-01aab36b372a\"},\"panelIndex\":\"f15e46fe-040f-4602-ad13-01aab36b372a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":112,\"w\":16,\"h\":17,\"i\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\"},\"panelIndex\":\"bfdc6d50-66f1-4f9a-9ea5-cd30bc01099d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":112,\"w\":32,\"h\":17,\"i\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\"},\"panelIndex\":\"efbd7f15-5af7-4e39-9889-c1c944a40dc2\",\"embeddableConfig\":{\"columns\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"host.name\",\"zeek.reporter.level\",\"zeek.reporter.msg\",\"zeek.reporter.location\"]},\"panelRefName\":\"panel_15\"}]",
+        "timeRestore": false,
+        "title": "Packet Capture Statistics",
+        "version": 1
+      },
+      "id": "4ca94c70-d7da-11ee-9ed3-e7afff29e59a",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "a1480cb0-d7ff-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "a1480cb0-d7ff-11ee-b25e-e793ed358448",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "611a3e20-d7e0-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "611a3e20-d7e0-11ee-b25e-e793ed358448",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "13facbf0-d7e5-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "13facbf0-d7e5-11ee-b25e-e793ed358448",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "8051d2c0-d7e6-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "8051d2c0-d7e6-11ee-b25e-e793ed358448",
           "name": "panel_4",
-          "type": "search",
-          "id": "991158b0-d7d9-11ee-9ed3-e7afff29e59a"
+          "type": "visualization"
         },
         {
+          "id": "991158b0-d7d9-11ee-9ed3-e7afff29e59a",
           "name": "panel_5",
-          "type": "visualization",
-          "id": "cc976b70-d7fc-11ee-b25e-e793ed358448"
+          "type": "search"
         },
         {
+          "id": "cc976b70-d7fc-11ee-b25e-e793ed358448",
           "name": "panel_6",
-          "type": "visualization",
-          "id": "9833e6a0-d7fd-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "9833e6a0-d7fd-11ee-b25e-e793ed358448",
           "name": "panel_7",
-          "type": "visualization",
-          "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs"
+          "type": "visualization"
         },
         {
+          "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23",
           "name": "panel_8",
-          "type": "search",
-          "id": "9c6a1610-d7d8-11ee-9ed3-e7afff29e59a"
+          "type": "visualization"
         },
         {
+          "id": "089b85d0-1b16-11e7-b09e-037021c4f8df",
           "name": "panel_9",
-          "type": "search",
-          "id": "b0aabf40-d7fa-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "9c6a1610-d7d8-11ee-9ed3-e7afff29e59a",
           "name": "panel_10",
-          "type": "visualization",
-          "id": "abcfca50-d7dd-11ee-b25e-e793ed358448"
+          "type": "search"
         },
         {
+          "id": "b0aabf40-d7fa-11ee-b25e-e793ed358448",
           "name": "panel_11",
-          "type": "search",
-          "id": "351ef380-d7d9-11ee-9ed3-e7afff29e59a"
+          "type": "search"
         },
         {
+          "id": "abcfca50-d7dd-11ee-b25e-e793ed358448",
           "name": "panel_12",
-          "type": "visualization",
-          "id": "c75b6df0-d7e3-11ee-b25e-e793ed358448"
+          "type": "visualization"
         },
         {
+          "id": "351ef380-d7d9-11ee-9ed3-e7afff29e59a",
           "name": "panel_13",
-          "type": "search",
-          "id": "17619ea0-d7da-11ee-9ed3-e7afff29e59a"
+          "type": "search"
         },
         {
+          "id": "c75b6df0-d7e3-11ee-b25e-e793ed358448",
           "name": "panel_14",
-          "type": "visualization",
-          "id": "089b85d0-1b16-11e7-b09e-037021c4f8df-ecs"
+          "type": "visualization"
+        },
+        {
+          "id": "17619ea0-d7da-11ee-9ed3-e7afff29e59a",
+          "name": "panel_15",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T16:12:25.917Z",
+      "version": "WzEwNzksMV0="
     },
     {
-      "id": "a1480cb0-d7ff-11ee-b25e-e793ed358448",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg4NiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Last Capture Metric Timestamp by Host",
-        "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.kind:metric\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "title": "Last Capture Metric Timestamp by Host",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Last Capture Metric Timestamp by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Metric Timestamp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Capture Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.provider\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Other\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "a1480cb0-d7ff-11ee-b25e-e793ed358448",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1MywxXQ=="
     },
     {
-      "id": "611a3e20-d7e0-11ee-b25e-e793ed358448",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg4NywxXQ==",
       "attributes": {
-        "title": "Zeek and Suricata Capture Measurements ",
-        "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}",
-        "uiStateJSON": "{}",
         "description": "Positive values on the y-axis represent observed packets while negative values represent missing dropped packets and missing ACKs.\n\nThis data is logged by Zeek in stats.log (https://docs.zeek.org/en/master/scripts/policy/misc/stats.zeek.html#type-Stats::Info) and capture_loss.log (https://docs.zeek.org/en/master/scripts/policy/misc/capture-loss.zeek.html#type-CaptureLoss::Info), and by Suricata (https://docs.suricata.io/en/suricata-6.0.0/performance/statistics.html).",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
-        }
+        },
+        "title": "Zeek and Suricata Capture Measurements ",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Zeek and Suricata Capture Measurements \",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"32d1fca0-d7e1-11ee-ad81-217e54128a4b\",\"color\":\"rgba(33,150,243,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets seen\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"32d1fca1-d7e1-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"02bbf6a0-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"02bbf6a1-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.capture.kernel_packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets seen\",\"type\":\"timeseries\"},{\"id\":\"e4143600-d7e0-11ee-ad81-217e54128a4b\",\"color\":\"rgba(229,115,115,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"},{\"id\":\"f6df2790-d7e0-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"f8ee0a60-d7e0-11ee-ad81-217e54128a4b\",\"name\":\"packets\",\"field\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: packets dropped\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"e4143601-d7e0-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"20b9a420-d7df-11ee-ad81-217e54128a4b\",\"color\":\"rgba(211,96,134,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"},{\"id\":\"9a3afce0-d7df-11ee-ad81-217e54128a4b\",\"type\":\"math\",\"variables\":[{\"id\":\"9dece150-d7df-11ee-ad81-217e54128a4b\",\"name\":\"gaps\",\"field\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\"}],\"script\":\"params.gaps*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Zeek: ACKS missed\",\"type\":\"timeseries\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"20b9a421-d7df-11ee-ad81-217e54128a4b\",\"split_color_mode\":\"opensearchDashboards\"},{\"id\":\"cad40600-d7fb-11ee-a5f1-9ff9da698a18\",\"color\":\"rgba(255,171,145,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"unit\":\"\",\"id\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"positive_rate\",\"field\":\"suricata.stats.pkts_dropped\"},{\"id\":\"f5352cd0-d7fb-11ee-a5f1-9ff9da698a18\",\"type\":\"math\",\"variables\":[{\"id\":\"f79def70-d7fb-11ee-a5f1-9ff9da698a18\",\"name\":\"packets\",\"field\":\"cad40601-d7fb-11ee-a5f1-9ff9da698a18\"}],\"script\":\"params.packets*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Suricata: packets dropped\",\"type\":\"timeseries\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"filter\":{\"query\":\"(event.provider:zeek OR event.provider:suricata) AND event.kind:metric\",\"language\":\"kuery\"},\"legend_position\":\"right\",\"background_color\":null}}"
       },
-      "references": [],
+      "id": "611a3e20-d7e0-11ee-b25e-e793ed358448",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "13facbf0-d7e5-11ee-b25e-e793ed358448",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg4OCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1NCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Zeek Stats - Packets and Bytes",
-        "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
-        }
+        },
+        "title": "Zeek Stats - Packets and Bytes",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Zeek Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_link\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.stats.bytes_recv\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:stats\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"
       },
-      "references": [],
+      "id": "13facbf0-d7e5-11ee-b25e-e793ed358448",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "8051d2c0-d7e6-11ee-b25e-e793ed358448",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg4OSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1NSwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Zeek Stats - Capture Loss",
-        "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
-        }
+        },
+        "title": "Zeek Stats - Capture Loss",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Zeek Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"zeek.stats.pkts_dropped\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"sum\",\"field\":\"zeek.capture_loss.gaps\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ACKs Missed\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:zeek AND event.dataset:(stats OR capture_loss)\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"
       },
-      "references": [],
+      "id": "8051d2c0-d7e6-11ee-b25e-e793ed358448",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "991158b0-d7d9-11ee-9ed3-e7afff29e59a",
-      "type": "search",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5MCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1NiwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Packet Capture - Zeek capture_loss.log",
-        "description": "",
-        "hits": 0,
         "columns": [
           "zeek.capture_loss.ts_delta",
           "host.name",
@@ -220,104 +237,127 @@
           "zeek.capture_loss.gaps",
           "zeek.capture_loss.percent_lost"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:capture_loss\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Packet Capture - Zeek capture_loss.log",
+        "version": 1
       },
+      "id": "991158b0-d7d9-11ee-9ed3-e7afff29e59a",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1NywxXQ=="
     },
     {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Suricata Stats - Packets and Bytes",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"13bb68b0-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"16585ab0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"2174bec0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmin\",\"field\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\"}],\"script\":\"params.pmax - params.pmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"47a7cc40-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"54341400-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmax\",\"field\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\"},{\"id\":\"58165740-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmin\",\"field\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.bmax - params.bmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"
+      },
       "id": "cc976b70-d7fc-11ee-b25e-e793ed358448",
-      "type": "visualization",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T15:07:20.325Z",
-      "version": "WzEwMzYsMV0=",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1OCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Suricata Stats - Packets and Bytes",
-        "visState": "{\"title\":\"Suricata Stats - Packets and Bytes\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"unit\":\"\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.capture.kernel_packets\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"13bb68b0-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"16585ab0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"2174bec0-e14b-11ee-81dc-175f4f602399\",\"name\":\"pmin\",\"field\":\"fdc32c00-e14a-11ee-81dc-175f4f602399\"}],\"script\":\"params.pmax - params.pmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Packets Seen\"},{\"id\":\"bd4560e0-d7e4-11ee-ad81-217e54128a4b\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.decoder.bytes\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"47a7cc40-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"54341400-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmax\",\"field\":\"bd4560e1-d7e4-11ee-ad81-217e54128a4b\"},{\"id\":\"58165740-e14b-11ee-81dc-175f4f602399\",\"name\":\"bmin\",\"field\":\"3b878cc0-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.bmax - params.bmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Bytes Seen\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
-        }
+        },
+        "title": "Suricata Stats - Capture Loss",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"b3188730-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"c4eedf90-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"c7577b20-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"cabd6270-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmin\",\"field\":\"b3188730-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.dmax-params.dmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}"
       },
-      "references": [],
+      "id": "9833e6a0-d7fd-11ee-b25e-e793ed358448",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "9833e6a0-d7fd-11ee-b25e-e793ed358448",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T15:10:35.540Z",
-      "version": "WzEwNjIsMV0=",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk1OSwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Suricata Stats - Capture Loss",
-        "visState": "{\"title\":\"Suricata Stats - Capture Loss\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"min\",\"order\":\"asc\",\"id\":\"b3188730-e14b-11ee-81dc-175f4f602399\",\"type\":\"top_hit\",\"field\":\"suricata.stats.pkts_dropped\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"c4eedf90-e14b-11ee-81dc-175f4f602399\",\"type\":\"math\",\"variables\":[{\"id\":\"c7577b20-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmax\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"cabd6270-e14b-11ee-81dc-175f4f602399\",\"name\":\"dmin\",\"field\":\"b3188730-e14b-11ee-81dc-175f4f602399\"}],\"script\":\"params.dmax-params.dmin\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Packets Dropped\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"28bcc800-d7e4-11ee-ad81-217e54128a4b\"}],\"filter\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "title": "Network Traffic (Packets)",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}"
       },
-      "references": [],
+      "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:37.927Z",
-      "version": "Wzk0MSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:14.991Z",
+      "version": "WzEwMTcsMV0="
+    },
+    {
       "attributes": {
-        "title": "Network Traffic (Packets)",
-        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Network Traffic (Bytes)",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}"
       },
-      "references": [],
+      "id": "089b85d0-1b16-11e7-b09e-037021c4f8df",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "9c6a1610-d7d8-11ee-9ed3-e7afff29e59a",
-      "type": "search",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5NCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:14.991Z",
+      "version": "WzEwMTgsMV0="
+    },
+    {
       "attributes": {
-        "title": "Packet Capture - Zeek stats.log",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "zeek.stats.peer",
@@ -331,35 +371,35 @@
           "zeek.stats.icmp_conns",
           "zeek.stats.files"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:stats\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Packet Capture - Zeek stats.log",
+        "version": 1
       },
+      "id": "9c6a1610-d7d8-11ee-9ed3-e7afff29e59a",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk2MSwxXQ=="
     },
     {
-      "id": "b0aabf40-d7fa-11ee-b25e-e793ed358448",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5NSwxXQ==",
       "attributes": {
-        "title": "Packet Capture - Suricata Stats",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "suricata.stats.capture.kernel_packets",
@@ -372,65 +412,65 @@
           "suricata.stats.detect.engines.rules_loaded",
           "suricata.stats.detect.alert"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:suricata AND event.kind:metric\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30m\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Packet Capture - Suricata Stats",
+        "version": 1
+      },
+      "id": "b0aabf40-d7fa-11ee-b25e-e793ed358448",
+      "migrationVersion": {
+        "search": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk2MiwxXQ=="
     },
     {
-      "id": "abcfca50-d7dd-11ee-b25e-e793ed358448",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5NiwxXQ==",
       "attributes": {
-        "title": "Zeek Analyzer Messages",
-        "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Zeek Analyzer Messages",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Zeek Analyzer Messages\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.cause\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Cause\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_kind\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Class\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.analyzer.analyzer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Analyzer\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
+      "id": "abcfca50-d7dd-11ee-b25e-e793ed358448",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "351ef380-d7d9-11ee-9ed3-e7afff29e59a",
           "name": "search_0",
-          "type": "search",
-          "id": "351ef380-d7d9-11ee-9ed3-e7afff29e59a"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk2MywxXQ=="
     },
     {
-      "id": "351ef380-d7d9-11ee-9ed3-e7afff29e59a",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5NywxXQ==",
       "attributes": {
-        "title": "Packet Capture - Zeek analyzer.log",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "zeek.analyzer.analyzer_kind",
@@ -441,110 +481,98 @@
           "destination.ip",
           "event.id"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:analyzer\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"firstPacket\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:analyzer\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [],
+        "title": "Packet Capture - Zeek analyzer.log",
+        "version": 1
+      },
+      "id": "351ef380-d7d9-11ee-9ed3-e7afff29e59a",
+      "migrationVersion": {
+        "search": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk2NCwxXQ=="
     },
     {
-      "id": "c75b6df0-d7e3-11ee-b25e-e793ed358448",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5OCwxXQ==",
       "attributes": {
-        "title": "Zeek - Reporter Categories",
-        "visState": "{\"title\":\"Zeek - Reporter Categories\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.reporter.level\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Zeek - Reporter Categories",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Zeek - Reporter Categories\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.reporter.level\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
       },
+      "id": "c75b6df0-d7e3-11ee-b25e-e793ed358448",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "17619ea0-d7da-11ee-9ed3-e7afff29e59a",
           "name": "search_0",
-          "type": "search",
-          "id": "17619ea0-d7da-11ee-9ed3-e7afff29e59a"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk2NSwxXQ=="
     },
     {
-      "id": "17619ea0-d7da-11ee-9ed3-e7afff29e59a",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-03-13T14:23:31.845Z",
-      "version": "Wzg5OSwxXQ==",
       "attributes": {
-        "title": "Packet Capture - Zeek reporter.log",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "zeek.reporter.level",
           "zeek.reporter.location",
           "zeek.reporter.msg"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.provider:zeek and event.dataset:reporter\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Packet Capture - Zeek reporter.log",
+        "version": 1
       },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
-        }
-      ],
+      "id": "17619ea0-d7da-11ee-9ed3-e7afff29e59a",
       "migrationVersion": {
         "search": "7.9.3"
-      }
-    },
-    {
-      "id": "089b85d0-1b16-11e7-b09e-037021c4f8df-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-03-13T14:23:37.927Z",
-      "version": "Wzk0MiwxXQ==",
-      "attributes": {
-        "title": "Network Traffic (Bytes)",
-        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+      "references": [
+        {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
         }
-      },
-      "references": [],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      ],
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:06.861Z",
+      "version": "Wzk2NiwxXQ=="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/53bff390-5027-11ef-b744-23222ad0b42a.json b/dashboards/dashboards/beats/53bff390-5027-11ef-b744-23222ad0b42a.json
deleted file mode 100644
index 00b2005c7..000000000
--- a/dashboards/dashboards/beats/53bff390-5027-11ef-b744-23222ad0b42a.json
+++ /dev/null
@@ -1,131 +0,0 @@
-{
-  "version": "2.15.0",
-  "objects": [
-    {
-      "id": "53bff390-5027-11ef-b744-23222ad0b42a",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T16:58:51.081Z",
-      "version": "WzEwNTgsMV0=",
-      "attributes": {
-        "title": "Windows Resource Utilization",
-        "hits": 0,
-        "description": "",
-        "panelsJSON": "[{\"version\":\"2.15.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"8596e887-a23b-4e4f-af00-358b985a2334\"},\"panelIndex\":\"8596e887-a23b-4e4f-af00-358b985a2334\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"7159396e-9b4d-4f15-9d81-b6deeb894013\"},\"panelIndex\":\"7159396e-9b4d-4f15-9d81-b6deeb894013\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":20,\"i\":\"a770e839-1f2c-4564-ba56-8f3ace18df48\"},\"panelIndex\":\"a770e839-1f2c-4564-ba56-8f3ace18df48\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"}]",
-        "optionsJSON": "{\"useMargins\":true,\"hidePanelTitles\":false}",
-        "version": 1,
-        "timeRestore": false,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
-      },
-      "references": [
-        {
-          "name": "panel_0",
-          "type": "visualization",
-          "id": "008fb710-d817-11ee-820d-dd9fd73a3921"
-        },
-        {
-          "name": "panel_1",
-          "type": "visualization",
-          "id": "7e9a8500-d816-11ee-820d-dd9fd73a3921"
-        },
-        {
-          "name": "panel_2",
-          "type": "search",
-          "id": "3770db80-d815-11ee-820d-dd9fd73a3921"
-        }
-      ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
-    },
-    {
-      "id": "008fb710-d817-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzNCwxXQ==",
-      "attributes": {
-        "title": "Windows CPU Usage",
-        "visState": "{\"title\":\"Windows CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"noop\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.cpu_utilization\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"00\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"CPU Usage\",\"value_template\":\"{{value}}%\",\"filter\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"terms_field\":\"host.name\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"gauge_color_rules\":[{\"id\":\"a50173c0-d816-11ee-a6da-0f56a6d37163\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"100\",\"time_range_mode\":\"entire_time_range\"}}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
-      },
-      "references": [],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "7e9a8500-d816-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzMywxXQ==",
-      "attributes": {
-        "title": "Windows RAM Usage",
-        "visState": "{\"title\":\"Windows RAM Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"gauge\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#54B399\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.physical_used\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"size\":1,\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e4b6eb90-d815-11ee-a6da-0f56a6d37163\",\"type\":\"top_hit\",\"field\":\"miscbeat.winstat.physical_total\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"},{\"id\":\"fe21e0d0-d815-11ee-a6da-0f56a6d37163\",\"type\":\"math\",\"variables\":[{\"id\":\"01e57880-d816-11ee-a6da-0f56a6d37163\",\"name\":\"used\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"},{\"id\":\"082756a0-d816-11ee-a6da-0f56a6d37163\",\"name\":\"total\",\"field\":\"e4b6eb90-d815-11ee-a6da-0f56a6d37163\"}],\"script\":\"(params.used/params.total)*100\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"00.\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"host.name\",\"label\":\"RAM Usage\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"firstPacket\",\"isModelInvalid\":false,\"gauge_color_rules\":[{\"id\":\"8db33970-d815-11ee-a6da-0f56a6d37163\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"filter\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"gauge_max\":\"100\"}}",
-        "uiStateJSON": "{}",
-        "description": "",
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
-      },
-      "references": [],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "3770db80-d815-11ee-820d-dd9fd73a3921",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzNiwxXQ==",
-      "attributes": {
-        "title": "Windows Resource Utilization",
-        "description": "",
-        "hits": 0,
-        "columns": [
-          "host.name",
-          "miscbeat.winstat.cpu_utilization",
-          "miscbeat.winstat.physical_total",
-          "miscbeat.winstat.physical_used",
-          "miscbeat.winstat.physical_available",
-          "miscbeat.winstat.processes",
-          "miscbeat.winstat.threads",
-          "miscbeat.winstat.handles"
-        ],
-        "sort": [],
-        "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:winstat\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
-    }
-  ]
-}
\ No newline at end of file
diff --git a/dashboards/dashboards/beats/Filebeat-nginx-overview.json b/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
similarity index 57%
rename from dashboards/dashboards/beats/Filebeat-nginx-overview.json
rename to dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
index e9b625dd4..be7415292 100644
--- a/dashboards/dashboards/beats/Filebeat-nginx-overview.json
+++ b/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
@@ -1,80 +1,72 @@
 {
-  "version": "2.0.0",
   "objects": [
     {
-      "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "Wzg0NywxXQ==",
       "attributes": {
         "description": "nginx logs, including from Malcolm's own nginx instance",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"version\":true,\"highlightAll\":false}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}"
         },
-        "optionsJSON": "{\"darkTheme\": false}",
-        "panelsJSON": "[{\"panelIndex\":\"3\",\"panelRefName\":\"panel_0\",\"version\":\"7.3.0\",\"gridData\":{\"x\":36,\"y\":44,\"w\":12,\"h\":12,\"i\":\"3\"},\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"panelRefName\":\"panel_1\",\"version\":\"7.3.0\",\"gridData\":{\"x\":24,\"y\":44,\"w\":12,\"h\":12,\"i\":\"4\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}}},{\"panelIndex\":\"8\",\"panelRefName\":\"panel_2\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":16,\"i\":\"8\"},\"embeddableConfig\":{\"mapZoom\":2,\"mapBounds\":{\"bottom_right\":{\"lat\":-7.362466865535738,\"lon\":245.39062500000003},\"top_left\":{\"lat\":77.07878389624943,\"lon\":-245.74218750000003}},\"mapCenter\":[50.51342652633956,-0.17578125],\"mapCollar\":{\"bottom_right\":{\"lat\":-49.583095,\"lon\":180},\"zoom\":2,\"top_left\":{\"lat\":90,\"lon\":-180}}}},{\"panelIndex\":\"13\",\"panelRefName\":\"panel_3\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":20,\"w\":48,\"h\":12,\"i\":\"13\"},\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"panelRefName\":\"panel_4\",\"version\":\"7.3.0\",\"gridData\":{\"x\":24,\"y\":32,\"w\":24,\"h\":12,\"i\":\"14\"},\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"panelRefName\":\"panel_5\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":24,\"h\":12,\"i\":\"15\"},\"embeddableConfig\":{}},{\"panelIndex\":\"16\",\"panelRefName\":\"panel_6\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":24,\"h\":12,\"i\":\"16\"},\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"panelRefName\":\"panel_7\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"17\"},\"embeddableConfig\":{}}]",
+        "optionsJSON": "{\"darkTheme\":false}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":36,\"y\":61,\"w\":12,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":61,\"w\":12,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":24,\"h\":35,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"mapZoom\":2,\"mapBounds\":{\"bottom_right\":{\"lat\":-7.362466865535738,\"lon\":245.39062500000003},\"top_left\":{\"lat\":77.07878389624943,\"lon\":-245.74218750000003}},\"mapCenter\":[50.51342652633956,-0.17578125],\"mapCollar\":{\"bottom_right\":{\"lat\":-49.583095,\"lon\":180},\"zoom\":2,\"top_left\":{\"lat\":90,\"lon\":-180}}},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":40,\"h\":14,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":44,\"w\":24,\"h\":17,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":14,\"w\":40,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":15,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":44,\"i\":\"112714a2-60cd-4060-ac12-7068fd05cf23\"},\"panelIndex\":\"112714a2-60cd-4060-ac12-7068fd05cf23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
         "timeRestore": false,
         "title": "nginx Overview",
         "version": 1
       },
+      "id": "55a9e6e0-a29e-11e7-928f-5dbe6f6f5519",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "Nginx-Access-Browsers",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "Nginx-Access-Browsers-ecs"
+          "type": "visualization"
         },
         {
+          "id": "Nginx-Access-OSes",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "Nginx-Access-OSes-ecs"
+          "type": "visualization"
         },
         {
+          "id": "Nginx-Access-Map",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "Nginx-Access-Map-ecs"
+          "type": "visualization"
         },
         {
+          "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs"
+          "type": "visualization"
         },
         {
+          "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519",
           "name": "panel_4",
-          "type": "visualization",
-          "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs"
+          "type": "visualization"
         },
         {
+          "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519",
           "name": "panel_5",
-          "type": "visualization",
-          "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs"
+          "type": "visualization"
         },
         {
+          "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519",
           "name": "panel_6",
-          "type": "visualization",
-          "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs"
+          "type": "visualization"
         },
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_7",
-          "type": "visualization",
-          "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs"
+          "type": "visualization"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T15:37:36.799Z",
+      "version": "WzEwNjcsMV0="
     },
     {
-      "id": "Nginx-Access-Browsers-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "WzgzOCwxXQ==",
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
@@ -85,84 +77,84 @@
         "version": 1,
         "visState": "{\"type\":\"pie\",\"listeners\":{},\"params\":{\"legendPosition\":\"bottom\",\"isDonut\":true,\"addTooltip\":true,\"addLegend\":true,\"shareYAxis\":true},\"aggs\":[{\"type\":\"count\",\"enabled\":true,\"id\":\"1\",\"schema\":\"metric\",\"params\":{}},{\"type\":\"terms\",\"enabled\":true,\"id\":\"2\",\"schema\":\"segment\",\"params\":{\"orderBy\":\"1\",\"size\":5,\"order\":\"desc\",\"field\":\"user_agent.name\"}},{\"type\":\"terms\",\"enabled\":true,\"id\":\"3\",\"schema\":\"segment\",\"params\":{\"orderBy\":\"1\",\"size\":5,\"order\":\"desc\",\"field\":\"user_agent.version\"}}],\"title\":\"nginx Browsers\"}"
       },
+      "id": "Nginx-Access-Browsers",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMDcsMV0="
     },
     {
-      "id": "Nginx-Access-OSes-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:44:51.836Z",
-      "version": "WzEwMTYsMV0=",
       "attributes": {
-        "title": "nginx Operating Systems",
-        "visState": "{\"title\":\"nginx Operating Systems\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user_agent.os.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user_agent.os.version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown version\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottom\",\"isDonut\":true,\"addTooltip\":true,\"addLegend\":true,\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "title": "nginx Operating Systems",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"nginx Operating Systems\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user_agent.os.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user_agent.os.version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown version\"},\"schema\":\"segment\"}],\"params\":{\"legendPosition\":\"bottom\",\"isDonut\":true,\"addTooltip\":true,\"addLegend\":true,\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
       },
+      "id": "Nginx-Access-OSes",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMDgsMV0="
     },
     {
-      "id": "Nginx-Access-Map-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0MCwxXQ==",
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"filter\":[]}"
         },
+        "savedSearchRefName": "search_0",
         "title": "nginx Access Map",
         "uiStateJSON": "{\"mapCenter\": [12.039320557540572, -0.17578125]}",
         "version": 1,
-        "visState": "{\"type\":\"tile_map\",\"listeners\":{},\"params\":{\"heatNormalizeData\":true,\"mapType\":\"Scaled Circle Markers\",\"heatRadius\":25,\"mapZoom\":2,\"heatMinOpacity\":0.1,\"addTooltip\":true,\"heatBlur\":15,\"wms\":{\"options\":{\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"format\":\"image/png\",\"version\":\"1.3.0\",\"attribution\":\"Maps provided by USGS\"},\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"},\"heatMaxZoom\":16,\"legendPosition\":\"bottomright\",\"mapCenter\":[15,5],\"isDesaturated\":true},\"aggs\":[{\"type\":\"count\",\"enabled\":true,\"id\":\"1\",\"schema\":\"metric\",\"params\":{}},{\"type\":\"geohash_grid\",\"enabled\":true,\"id\":\"2\",\"schema\":\"segment\",\"params\":{\"autoPrecision\":true,\"field\":\"source.geo.location\"}}],\"title\":\"nginx Access Map\"}",
-        "savedSearchRefName": "search_0"
+        "visState": "{\"type\":\"tile_map\",\"listeners\":{},\"params\":{\"heatNormalizeData\":true,\"mapType\":\"Scaled Circle Markers\",\"heatRadius\":25,\"mapZoom\":2,\"heatMinOpacity\":0.1,\"addTooltip\":true,\"heatBlur\":15,\"wms\":{\"options\":{\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"format\":\"image/png\",\"version\":\"1.3.0\",\"attribution\":\"Maps provided by USGS\"},\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"},\"heatMaxZoom\":16,\"legendPosition\":\"bottomright\",\"mapCenter\":[15,5],\"isDesaturated\":true},\"aggs\":[{\"type\":\"count\",\"enabled\":true,\"id\":\"1\",\"schema\":\"metric\",\"params\":{}},{\"type\":\"geohash_grid\",\"enabled\":true,\"id\":\"2\",\"schema\":\"segment\",\"params\":{\"autoPrecision\":true,\"field\":\"source.geo.location\"}}],\"title\":\"nginx Access Map\"}"
       },
+      "id": "Nginx-Access-Map",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
-          "type": "search",
+          "id": "Filebeat-Nginx-module",
           "name": "search_0",
-          "id": "Filebeat-Nginx-module-ecs"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMDksMV0="
     },
     {
-      "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0MSwxXQ==",
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
@@ -173,19 +165,19 @@
         "version": 1,
         "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"bar\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"query\":\"http.response.status_code:[200 TO 299]\",\"language\":\"lucene\"},\"label\":\"200s\",\"id\":\"5acdc750-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(252,196,0,1)\",\"filter\":{\"query\":\"http.response.status_code:[300 TO 399]\",\"language\":\"lucene\"},\"label\":\"300s\",\"id\":\"6efd2ae0-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(211,49,21,1)\",\"filter\":{\"query\":\"http.response.status_code:[400 TO 499]\",\"language\":\"lucene\"},\"label\":\"400s\",\"id\":\"76089a90-a29d-11e7-a062-a1c3587f4874\"},{\"color\":\"rgba(171,20,158,1)\",\"filter\":{\"query\":\"http.response.status_code:[500 TO 599]\",\"language\":\"lucene\"},\"label\":\"500s\",\"id\":\"7c7929d0-a29d-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"\",\"axis_position\":\"right\",\"split_mode\":\"filters\",\"fill\":0.5,\"stacked\":\"stacked\",\"terms_field\":\"http.response.status_code\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Response Codes Over Time\"}"
       },
-      "references": [],
+      "id": "b70b1b20-a1f4-11e7-928f-5dbe6f6f5519",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0MiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMTAsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
@@ -196,19 +188,19 @@
         "version": 1,
         "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"value_template\":\"\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"axis_position\":\"right\",\"split_mode\":\"terms\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"top_n\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"id\":\"6252c320-a1f5-11e7-92ba-5d0b8663aece\"}],\"interval\":\"auto\"},\"aggs\":[],\"title\":\"nginx Top Pages\"}"
       },
-      "references": [],
+      "id": "9184fa00-a1f5-11e7-928f-5dbe6f6f5519",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0MywxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMTEsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
@@ -219,19 +211,19 @@
         "version": 1,
         "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"bar\",\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"axis_position\":\"right\",\"split_mode\":\"terms\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"log.level\",\"color\":\"rgba(211,49,21,1)\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:error\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Errors Over Time\"}"
       },
-      "references": [],
+      "id": "46322e50-a1f6-11e7-928f-5dbe6f6f5519",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0NCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMTIsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
@@ -242,42 +234,42 @@
         "version": 1,
         "visState": "{\"type\":\"metrics\",\"params\":{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"formatter\":\"bytes\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"filter\":{\"query\":\"http.response.status_code:[200 TO 299]\",\"language\":\"lucene\"},\"label\":\"200s\",\"id\":\"7c343c20-a29e-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"sum\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"field\":\"http.response.body.bytes\"}],\"label\":\"\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":null,\"color\":\"#68BC00\",\"line_width\":1,\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module: nginx AND fileset.name: access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Data Volume\"}"
       },
-      "references": [],
+      "id": "0dd6f320-a29f-11e7-928f-5dbe6f6f5519",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMTMsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{}"
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "title": "nginx Dashboards",
+        "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"type\":\"markdown\",\"params\":{\"markdown\":\"[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)\",\"fontSize\":12},\"aggs\":[],\"title\":\"nginx Dashboards\"}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
-      "references": [],
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "Filebeat-Nginx-module-ecs",
-      "type": "search",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0NiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
         "columns": [
           "url.original",
@@ -300,16 +292,24 @@
         "title": "nginx Access Logs",
         "version": 1
       },
+      "id": "Filebeat-Nginx-module",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:13.963Z",
+      "version": "WzEwMTUsMV0="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
index aadb80b83..4e2b9d16d 100644
--- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
@@ -1,298 +1,315 @@
 {
-  "version": "2.15.0",
   "objects": [
     {
-      "id": "79202ee0-d811-11ee-820d-dd9fd73a3921",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T15:32:35.352Z",
-      "version": "WzEwNDksMV0=",
       "attributes": {
-        "title": "Windows Events",
-        "hits": 0,
         "description": "Windows event logs",
-        "panelsJSON": "[{\"version\":\"2.15.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":18,\"h\":19,\"i\":\"346bb696-5fa2-4504-a1d8-5a6f51244c7b\"},\"panelIndex\":\"346bb696-5fa2-4504-a1d8-5a6f51244c7b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_0\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":19,\"i\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\"},\"panelIndex\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":0,\"y\":19,\"w\":30,\"h\":36,\"i\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\"},\"panelIndex\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":30,\"y\":19,\"w\":18,\"h\":15,\"i\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\"},\"panelIndex\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"table\":null,\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_3\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":30,\"y\":34,\"w\":18,\"h\":21,\"i\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\"},\"panelIndex\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_4\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":0,\"y\":55,\"w\":16,\"h\":39,\"i\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\"},\"panelIndex\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":16,\"y\":55,\"w\":32,\"h\":39,\"i\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\"},\"panelIndex\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\",\"embeddableConfig\":{\"sort\":[[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]]},\"panelRefName\":\"panel_6\"},{\"version\":\"2.15.0\",\"gridData\":{\"x\":0,\"y\":94,\"w\":48,\"h\":30,\"i\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\"},\"panelIndex\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"43028c5f-84f4-44fd-af4b-45103d59b07f\"},\"panelIndex\":\"43028c5f-84f4-44fd-af4b-45103d59b07f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":20,\"i\":\"346bb696-5fa2-4504-a1d8-5a6f51244c7b\"},\"panelIndex\":\"346bb696-5fa2-4504-a1d8-5a6f51244c7b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":20,\"i\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\"},\"panelIndex\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":20,\"w\":18,\"h\":34,\"i\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\"},\"panelIndex\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":20,\"w\":22,\"h\":34,\"i\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\"},\"panelIndex\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":35,\"w\":8,\"h\":19,\"i\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\"},\"panelIndex\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"table\":null,\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":54,\"w\":16,\"h\":39,\"i\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\"},\"panelIndex\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":54,\"w\":32,\"h\":39,\"i\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\"},\"panelIndex\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\",\"embeddableConfig\":{\"sort\":[[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]]},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":93,\"w\":48,\"h\":30,\"i\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\"},\"panelIndex\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "timeRestore": false,
+        "title": "Windows Events",
+        "version": 1
       },
+      "id": "79202ee0-d811-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "0100b010-d811-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
         },
         {
+          "id": "0100b010-d811-11ee-820d-dd9fd73a3921",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "6a4710f0-d811-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
         },
         {
+          "id": "6a4710f0-d811-11ee-820d-dd9fd73a3921",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "db80a970-d811-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
         },
         {
+          "id": "a874fee0-2763-11ef-8343-1b5148c9ff83",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "4d51c700-d812-11ee-820d-dd9fd73a3921"
+          "type": "visualization"
         },
         {
+          "id": "db80a970-d811-11ee-820d-dd9fd73a3921",
           "name": "panel_4",
-          "type": "visualization",
-          "id": "a874fee0-2763-11ef-8343-1b5148c9ff83"
+          "type": "visualization"
         },
         {
+          "id": "4d51c700-d812-11ee-820d-dd9fd73a3921",
           "name": "panel_5",
-          "type": "visualization",
-          "id": "853142d0-5018-11ef-b744-23222ad0b42a"
+          "type": "visualization"
         },
         {
+          "id": "853142d0-5018-11ef-b744-23222ad0b42a",
           "name": "panel_6",
-          "type": "search",
-          "id": "af406720-501a-11ef-b744-23222ad0b42a"
+          "type": "visualization"
         },
         {
+          "id": "af406720-501a-11ef-b744-23222ad0b42a",
           "name": "panel_7",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
+        },
+        {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
+          "name": "panel_8",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T16:03:35.952Z",
+      "version": "WzEwNzUsMV0="
     },
     {
-      "id": "0100b010-d811-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkyOCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Windows Events by Host",
-        "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Origin\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Windows Events by Host",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Origin\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "0100b010-d811-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk3MywxXQ=="
     },
     {
-      "id": "6a4710f0-d811-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkyOSwxXQ==",
       "attributes": {
-        "title": "Windows Events over Time",
-        "visState": "{\"title\":\"Windows Events over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Windows Events over Time",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
+        "version": 1,
+        "visState": "{\"title\":\"Windows Events over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now/d\",\"to\":\"now/d\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
       },
+      "id": "6a4710f0-d811-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk3NCwxXQ=="
     },
     {
-      "id": "db80a970-d811-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzMCwxXQ==",
       "attributes": {
-        "title": "Windows Event Provider",
-        "visState": "{\"title\":\"Windows Event Provider\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.ProviderName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Provider\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.ProviderName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Provider\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":50},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Windows Event Users",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Windows Event Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":20,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "a874fee0-2763-11ef-8343-1b5148c9ff83",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:02:27.195Z",
+      "version": "WzEwNzQsMV0="
     },
     {
-      "id": "4d51c700-d812-11ee-820d-dd9fd73a3921",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzMSwxXQ==",
       "attributes": {
-        "title": "Windows Event Results",
-        "visState": "{\"title\":\"Windows Event Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Windows Event Provider",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Windows Event Provider\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.ProviderName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Provider\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.winlog.ProviderName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Provider\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":50},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "db80a970-d811-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk3NSwxXQ=="
     },
     {
-      "id": "a874fee0-2763-11ef-8343-1b5148c9ff83",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzMiwxXQ==",
       "attributes": {
-        "title": "Windows Event Users",
-        "visState": "{\"title\":\"Windows Event Users\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Windows Event Results",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Windows Event Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "4d51c700-d812-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk3NiwxXQ=="
     },
     {
-      "id": "853142d0-5018-11ef-b744-23222ad0b42a",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T15:30:06.733Z",
-      "version": "WzEwNDcsMV0=",
       "attributes": {
-        "title": "Windows Process Executable",
-        "visState": "{\"title\":\"Windows Process Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.executable\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Windows Process Executable",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Windows Process Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.executable\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
+      "id": "853142d0-5018-11ef-b744-23222ad0b42a",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
           "name": "search_0",
-          "type": "search",
-          "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk3OCwxXQ=="
     },
     {
-      "id": "af406720-501a-11ef-b744-23222ad0b42a",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T15:28:21.137Z",
-      "version": "WzEwNDYsMV0=",
       "attributes": {
-        "title": "Windows Event Logs - Process Command Line",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "related.user",
           "process.command_line"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:(winlog OR winevtlog) AND process.command_line:*\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:(winlog OR winevtlog) AND process.command_line:*\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [],
+        "title": "Windows Event Logs - Process Command Line",
+        "version": 1
       },
+      "id": "af406720-501a-11ef-b744-23222ad0b42a",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk3OSwxXQ=="
     },
     {
-      "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-08-01T14:12:11.552Z",
-      "version": "WzkzNSwxXQ==",
       "attributes": {
-        "title": "Windows Event Logs",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "event.dataset",
@@ -301,22 +318,33 @@
           "related.user",
           "event.result"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"event.module:(winlog OR winevtlog)\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30s\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Windows Event Logs",
+        "version": 1
+      },
+      "id": "be2f24d0-d809-11ee-820d-dd9fd73a3921",
+      "migrationVersion": {
+        "search": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:08.874Z",
+      "version": "Wzk4MCwxXQ=="
     }
-  ]
-}
\ No newline at end of file
+  ],
+  "version": "2.18.0"
+}
diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
index ca947ed1c..503bb1577 100644
--- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
+++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
@@ -1,252 +1,269 @@
 {
-  "version": "2.0.0",
   "objects": [
     {
-      "id": "7a7e0a60-e8e8-11ec-b9d4-4569bb965430",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzkyNSwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs",
-        "hits": 0,
         "description": "auditd logs from Malcolm sensors",
-        "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":16,\"i\":\"fa287c8f-3598-4790-b4bc-c4eb9720312a\"},\"panelIndex\":\"fa287c8f-3598-4790-b4bc-c4eb9720312a\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":9,\"h\":16,\"i\":\"6314eaf8-023d-49dd-974e-bb745958db0b\"},\"panelIndex\":\"6314eaf8-023d-49dd-974e-bb745958db0b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":16,\"i\":\"40d3f96f-00e8-4137-b76c-b29002d572a4\"},\"panelIndex\":\"40d3f96f-00e8-4137-b76c-b29002d572a4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":34,\"h\":32,\"i\":\"48c93940-44c6-4ae1-94f9-c1030b6ff349\"},\"panelIndex\":\"48c93940-44c6-4ae1-94f9-c1030b6ff349\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":34,\"y\":16,\"w\":14,\"h\":16,\"i\":\"5d0e478d-9e6a-4024-9a4b-f96daa6c41a5\"},\"panelIndex\":\"5d0e478d-9e6a-4024-9a4b-f96daa6c41a5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":34,\"y\":32,\"w\":14,\"h\":16,\"i\":\"c93ce18b-3f75-4096-b3c3-7c4ee1129d6d\"},\"panelIndex\":\"c93ce18b-3f75-4096-b3c3-7c4ee1129d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":48,\"h\":25,\"i\":\"7bc79245-f1e3-47fd-a7de-d58a97ee8161\"},\"panelIndex\":\"7bc79245-f1e3-47fd-a7de-d58a97ee8161\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":32,\"i\":\"ba9f89da-81aa-4657-8e3f-f67ff9d73560\"},\"panelIndex\":\"ba9f89da-81aa-4657-8e3f-f67ff9d73560\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":13,\"h\":16,\"i\":\"fa287c8f-3598-4790-b4bc-c4eb9720312a\"},\"panelIndex\":\"fa287c8f-3598-4790-b4bc-c4eb9720312a\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":21,\"y\":0,\"w\":27,\"h\":16,\"i\":\"40d3f96f-00e8-4137-b76c-b29002d572a4\"},\"panelIndex\":\"40d3f96f-00e8-4137-b76c-b29002d572a4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":16,\"w\":26,\"h\":33,\"i\":\"48c93940-44c6-4ae1-94f9-c1030b6ff349\"},\"panelIndex\":\"48c93940-44c6-4ae1-94f9-c1030b6ff349\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":34,\"y\":16,\"w\":14,\"h\":16,\"i\":\"5d0e478d-9e6a-4024-9a4b-f96daa6c41a5\"},\"panelIndex\":\"5d0e478d-9e6a-4024-9a4b-f96daa6c41a5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":32,\"w\":8,\"h\":17,\"i\":\"6314eaf8-023d-49dd-974e-bb745958db0b\"},\"panelIndex\":\"6314eaf8-023d-49dd-974e-bb745958db0b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":34,\"y\":32,\"w\":14,\"h\":17,\"i\":\"c93ce18b-3f75-4096-b3c3-7c4ee1129d6d\"},\"panelIndex\":\"c93ce18b-3f75-4096-b3c3-7c4ee1129d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":25,\"i\":\"7bc79245-f1e3-47fd-a7de-d58a97ee8161\"},\"panelIndex\":\"7bc79245-f1e3-47fd-a7de-d58a97ee8161\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]",
+        "timeRestore": false,
+        "title": "Malcolm Sensor Audit Logs",
+        "version": 1
+      },
+      "id": "7a7e0a60-e8e8-11ec-b9d4-4569bb965430",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "5240ca70-e8e7-11ec-b9d4-4569bb965430"
+          "type": "visualization"
         },
         {
+          "id": "5240ca70-e8e7-11ec-b9d4-4569bb965430",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "6a601060-e8e8-11ec-b9d4-4569bb965430"
+          "type": "visualization"
         },
         {
+          "id": "103beef0-e8e9-11ec-b9d4-4569bb965430",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "103beef0-e8e9-11ec-b9d4-4569bb965430"
+          "type": "visualization"
         },
         {
+          "id": "a2ca0240-e8e7-11ec-b9d4-4569bb965430",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "a2ca0240-e8e7-11ec-b9d4-4569bb965430"
+          "type": "visualization"
         },
         {
+          "id": "c97e4db0-e8e7-11ec-b9d4-4569bb965430",
           "name": "panel_4",
-          "type": "visualization",
-          "id": "c97e4db0-e8e7-11ec-b9d4-4569bb965430"
+          "type": "visualization"
         },
         {
+          "id": "6a601060-e8e8-11ec-b9d4-4569bb965430",
           "name": "panel_5",
-          "type": "visualization",
-          "id": "f9b1a0e0-e8e7-11ec-b9d4-4569bb965430"
+          "type": "visualization"
         },
         {
+          "id": "f9b1a0e0-e8e7-11ec-b9d4-4569bb965430",
           "name": "panel_6",
-          "type": "search",
-          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430"
+          "type": "visualization"
+        },
+        {
+          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
+          "name": "panel_7",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T16:09:27.271Z",
+      "version": "WzEwNzcsMV0="
     },
     {
-      "id": "5240ca70-e8e7-11ec-b9d4-4569bb965430",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-10T18:01:15.671Z",
-      "version": "WzkxOCwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs - Host",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
-      "references": [
-        {
-          "name": "search_0",
-          "type": "search",
-          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430"
-        }
-      ],
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "6a601060-e8e8-11ec-b9d4-4569bb965430",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-10T18:09:05.638Z",
-      "version": "WzkyMiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs - Account",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor Audit Logs - Host",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Audit Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "5240ca70-e8e7-11ec-b9d4-4569bb965430",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
           "name": "search_0",
-          "type": "search",
-          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4MiwxXQ=="
     },
     {
-      "id": "103beef0-e8e9-11ec-b9d4-4569bb965430",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-10T18:13:43.902Z",
-      "version": "WzkyNCwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs - Logs Over Time by Type",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Logs Over Time by Type\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"miscbeat.auditlog.type\",\"terms_size\":\"20\",\"hide_in_legend\":0,\"label\":\"\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"filter\":{\"query\":\"event.module:auditlog AND miscbeat.auditlog:*\",\"language\":\"kuery\"},\"legend_position\":\"right\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Malcolm Sensor Audit Logs - Logs Over Time by Type",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Logs Over Time by Type\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"miscbeat.auditlog.type\",\"terms_size\":\"20\",\"hide_in_legend\":0,\"label\":\"\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"filter\":{\"query\":\"event.module:auditlog AND miscbeat.auditlog:*\",\"language\":\"kuery\"},\"legend_position\":\"right\"}}"
       },
-      "references": [],
+      "id": "103beef0-e8e9-11ec-b9d4-4569bb965430",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "a2ca0240-e8e7-11ec-b9d4-4569bb965430",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-10T18:03:30.788Z",
-      "version": "WzkxOSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4NCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs - Audit Log Type",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Audit Log Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Audit Log Type\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Audit Log Type\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"row\":true}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor Audit Logs - Audit Log Type",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Audit Log Type\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Audit Log Type\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Audit Log Type\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"row\":true}}"
+      },
+      "id": "a2ca0240-e8e7-11ec-b9d4-4569bb965430",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
           "name": "search_0",
-          "type": "search",
-          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4NSwxXQ=="
     },
     {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor Audit Logs - Syscall",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Syscall\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.SYSCALL\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syscall\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
       "id": "c97e4db0-e8e7-11ec-b9d4-4569bb965430",
-      "type": "visualization",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-10T18:04:35.723Z",
-      "version": "WzkyMCwxXQ==",
+      "references": [
+        {
+          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4NiwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs - Syscall",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Syscall\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.SYSCALL\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syscall\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor Audit Logs - Account",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Account\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.acct\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Effective Account\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.UID\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "6a601060-e8e8-11ec-b9d4-4569bb965430",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
           "name": "search_0",
-          "type": "search",
-          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4MywxXQ=="
     },
     {
-      "id": "f9b1a0e0-e8e7-11ec-b9d4-4569bb965430",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-10T18:05:56.590Z",
-      "version": "WzkyMSwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor Audit Logs - Executable",
-        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.exe\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor Audit Logs - Executable",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor Audit Logs - Executable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.auditlog.exe\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Executable\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
+      "id": "f9b1a0e0-e8e7-11ec-b9d4-4569bb965430",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
           "name": "search_0",
-          "type": "search",
-          "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4NywxXQ=="
     },
     {
-      "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-10T17:59:34.034Z",
-      "version": "WzkxNywxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor Audit Log - Logs",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "miscbeat.auditlog.ses",
@@ -257,22 +274,33 @@
           "miscbeat.auditlog.exe",
           "miscbeat.auditlog.success"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.module:auditlog AND miscbeat.auditlog:*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Malcolm Sensor Audit Log - Logs",
+        "version": 1
+      },
+      "id": "15ac5e30-e8e7-11ec-b9d4-4569bb965430",
+      "migrationVersion": {
+        "search": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:09.897Z",
+      "version": "Wzk4OCwxXQ=="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
index dc15ffb48..eebf8bed5 100644
--- a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
+++ b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
@@ -8,7 +8,7 @@
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
         },
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":17,\"h\":42,\"i\":\"9643084c-c5e9-48fb-bcec-3c19ebbc8824\"},\"panelIndex\":\"9643084c-c5e9-48fb-bcec-3c19ebbc8824\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":17,\"y\":0,\"w\":31,\"h\":17,\"i\":\"15e304ad-7203-4256-baa4-6c68d81e0974\"},\"panelIndex\":\"15e304ad-7203-4256-baa4-6c68d81e0974\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":17,\"y\":17,\"w\":17,\"h\":25,\"i\":\"5ba24512-ebab-4755-8ff7-5488ef313c93\"},\"panelIndex\":\"5ba24512-ebab-4755-8ff7-5488ef313c93\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":34,\"y\":17,\"w\":14,\"h\":25,\"i\":\"86c420e1-adbf-42b4-97a2-7a6d61bdbaba\"},\"panelIndex\":\"86c420e1-adbf-42b4-97a2-7a6d61bdbaba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":42,\"w\":48,\"h\":33,\"i\":\"c42bd9aa-75b6-47ea-894b-0207558efa09\"},\"panelIndex\":\"c42bd9aa-75b6-47ea-894b-0207558efa09\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":31,\"i\":\"f5790774-84d9-4f44-a504-deaf8bfc9922\"},\"panelIndex\":\"f5790774-84d9-4f44-a504-deaf8bfc9922\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":15,\"h\":31,\"i\":\"5ba24512-ebab-4755-8ff7-5488ef313c93\"},\"panelIndex\":\"5ba24512-ebab-4755-8ff7-5488ef313c93\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":31,\"i\":\"15e304ad-7203-4256-baa4-6c68d81e0974\"},\"panelIndex\":\"15e304ad-7203-4256-baa4-6c68d81e0974\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":23,\"h\":37,\"i\":\"9643084c-c5e9-48fb-bcec-3c19ebbc8824\"},\"panelIndex\":\"9643084c-c5e9-48fb-bcec-3c19ebbc8824\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":23,\"y\":31,\"w\":25,\"h\":37,\"i\":\"86c420e1-adbf-42b4-97a2-7a6d61bdbaba\"},\"panelIndex\":\"86c420e1-adbf-42b4-97a2-7a6d61bdbaba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":33,\"i\":\"c42bd9aa-75b6-47ea-894b-0207558efa09\"},\"panelIndex\":\"c42bd9aa-75b6-47ea-894b-0207558efa09\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
         "timeRestore": false,
         "title": "Syslog",
         "version": 1
@@ -22,34 +22,62 @@
       ],
       "references": [
         {
-          "id": "e84615e0-cc72-11ef-bae9-0d6b8da935ba",
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
           "type": "visualization"
         },
         {
-          "id": "20d4e2f0-cc74-11ef-bae9-0d6b8da935ba",
+          "id": "9587fcb0-cc72-11ef-bae9-0d6b8da935ba",
           "name": "panel_1",
           "type": "visualization"
         },
         {
-          "id": "9587fcb0-cc72-11ef-bae9-0d6b8da935ba",
+          "id": "20d4e2f0-cc74-11ef-bae9-0d6b8da935ba",
           "name": "panel_2",
           "type": "visualization"
         },
         {
-          "id": "60ad2500-cc73-11ef-bae9-0d6b8da935ba",
+          "id": "e84615e0-cc72-11ef-bae9-0d6b8da935ba",
           "name": "panel_3",
           "type": "visualization"
         },
         {
-          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "id": "60ad2500-cc73-11ef-bae9-0d6b8da935ba",
           "name": "panel_4",
+          "type": "visualization"
+        },
+        {
+          "id": "97dabbc0-cc71-11ef-bae9-0d6b8da935ba",
+          "name": "panel_5",
           "type": "search"
         }
       ],
       "type": "dashboard",
-      "updated_at": "2025-01-06T21:23:55.412Z",
-      "version": "WzEwNzQsMV0="
+      "updated_at": "2025-01-07T15:57:05.140Z",
+      "version": "WzEwNzMsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
     },
     {
       "attributes": {
@@ -58,12 +86,12 @@
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
         "savedSearchRefName": "search_0",
-        "title": "Syslog Facility",
+        "title": "Syslog Severity",
         "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "version": 1,
-        "visState": "{\"title\":\"Syslog Facility\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.facility.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Syslog Facility\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.facility.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Syslog Facility\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+        "visState": "{\"title\":\"Syslog Severity\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.severity.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Severity\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
       },
-      "id": "e84615e0-cc72-11ef-bae9-0d6b8da935ba",
+      "id": "9587fcb0-cc72-11ef-bae9-0d6b8da935ba",
       "migrationVersion": {
         "visualization": "7.10.0"
       },
@@ -78,8 +106,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-06T21:22:44.702Z",
-      "version": "WzEwNzMsMV0="
+      "updated_at": "2025-01-07T15:10:10.932Z",
+      "version": "Wzk5MiwxXQ=="
     },
     {
       "attributes": {
@@ -108,8 +136,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-06T21:21:01.087Z",
-      "version": "WzEwNzEsMV0="
+      "updated_at": "2025-01-07T15:10:10.932Z",
+      "version": "Wzk5MSwxXQ=="
     },
     {
       "attributes": {
@@ -118,12 +146,12 @@
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
         "savedSearchRefName": "search_0",
-        "title": "Syslog Severity",
+        "title": "Syslog Facility",
         "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "version": 1,
-        "visState": "{\"title\":\"Syslog Severity\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.severity.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Severity\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
+        "visState": "{\"title\":\"Syslog Facility\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.facility.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Syslog Facility\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.facility.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Syslog Facility\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
       },
-      "id": "9587fcb0-cc72-11ef-bae9-0d6b8da935ba",
+      "id": "e84615e0-cc72-11ef-bae9-0d6b8da935ba",
       "migrationVersion": {
         "visualization": "7.10.0"
       },
@@ -138,8 +166,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-06T21:09:57.882Z",
-      "version": "WzEwNjQsMV0="
+      "updated_at": "2025-01-07T15:10:10.932Z",
+      "version": "Wzk5MCwxXQ=="
     },
     {
       "attributes": {
@@ -151,7 +179,7 @@
         "title": "Syslog Hosts and Processes",
         "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
         "version": 1,
-        "visState": "{\"title\":\"Syslog Hosts and Processes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.appname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+        "visState": "{\"title\":\"Syslog Hosts and Processes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.syslog.appname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":500,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
       "id": "60ad2500-cc73-11ef-bae9-0d6b8da935ba",
       "migrationVersion": {
@@ -168,7 +196,7 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-06T21:21:49.012Z",
+      "updated_at": "2025-01-07T15:56:27.613Z",
       "version": "WzEwNzIsMV0="
     },
     {
@@ -184,7 +212,7 @@
         "description": "",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:syslog\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"365d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:syslog\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"365d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "sort": [],
         "title": "Syslog",
@@ -205,8 +233,8 @@
         }
       ],
       "type": "search",
-      "updated_at": "2025-01-06T21:02:52.283Z",
-      "version": "WzEwNjMsMV0="
+      "updated_at": "2025-01-07T15:10:10.932Z",
+      "version": "Wzk5NCwxXQ=="
     }
   ],
   "version": "2.18.0"
diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
index 878cfba0d..9f8de2bfa 100644
--- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
+++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
@@ -1,188 +1,205 @@
 {
-  "version": "2.0.0",
   "objects": [
     {
-      "id": "903f42c0-f634-11ec-828d-2fb7a4a26e1f",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "Wzk0NywxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor File/Directory Integrity",
-        "hits": 0,
         "description": "AIDE file/directory integrity report for Malcolm sensors and aggregators",
-        "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":18,\"h\":7,\"i\":\"1b520d1b-b30e-4216-8c83-3eff88564503\"},\"panelIndex\":\"1b520d1b-b30e-4216-8c83-3eff88564503\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":14,\"i\":\"1a09a091-d27c-48df-a145-5a33ecc33ffb\"},\"panelIndex\":\"1a09a091-d27c-48df-a145-5a33ecc33ffb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":18,\"h\":28,\"i\":\"4c570390-7394-4129-b637-81e58e3fa066\"},\"panelIndex\":\"4c570390-7394-4129-b637-81e58e3fa066\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":18,\"y\":14,\"w\":30,\"h\":21,\"i\":\"3e3af3d3-f0e6-4472-b27a-a0cc71db516b\"},\"panelIndex\":\"3e3af3d3-f0e6-4472-b27a-a0cc71db516b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":22,\"i\":\"93ccff9d-7037-4a11-9478-ee6f5341831e\"},\"panelIndex\":\"93ccff9d-7037-4a11-9478-ee6f5341831e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":36,\"i\":\"2d47d63b-c1e9-4b00-a21f-28c553cd7548\"},\"panelIndex\":\"2d47d63b-c1e9-4b00-a21f-28c553cd7548\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":14,\"h\":8,\"i\":\"1b520d1b-b30e-4216-8c83-3eff88564503\"},\"panelIndex\":\"1b520d1b-b30e-4216-8c83-3eff88564503\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":15,\"i\":\"1a09a091-d27c-48df-a145-5a33ecc33ffb\"},\"panelIndex\":\"1a09a091-d27c-48df-a145-5a33ecc33ffb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":14,\"h\":28,\"i\":\"4c570390-7394-4129-b637-81e58e3fa066\"},\"panelIndex\":\"4c570390-7394-4129-b637-81e58e3fa066\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":22,\"y\":15,\"w\":26,\"h\":21,\"i\":\"3e3af3d3-f0e6-4472-b27a-a0cc71db516b\"},\"panelIndex\":\"3e3af3d3-f0e6-4472-b27a-a0cc71db516b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":36,\"w\":48,\"h\":22,\"i\":\"93ccff9d-7037-4a11-9478-ee6f5341831e\"},\"panelIndex\":\"93ccff9d-7037-4a11-9478-ee6f5341831e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "timeRestore": false,
+        "title": "Malcolm Sensor File/Directory Integrity",
+        "version": 1
+      },
+      "id": "903f42c0-f634-11ec-828d-2fb7a4a26e1f",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "e9be4000-f632-11ec-828d-2fb7a4a26e1f"
+          "type": "visualization"
         },
         {
+          "id": "e9be4000-f632-11ec-828d-2fb7a4a26e1f",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "50e28ff0-f64e-11ec-bc92-999adcbc4e7d"
+          "type": "visualization"
         },
         {
+          "id": "50e28ff0-f64e-11ec-bc92-999adcbc4e7d",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "b44fb3d0-f633-11ec-828d-2fb7a4a26e1f"
+          "type": "visualization"
         },
         {
+          "id": "b44fb3d0-f633-11ec-828d-2fb7a4a26e1f",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "7381c720-f634-11ec-828d-2fb7a4a26e1f"
+          "type": "visualization"
         },
         {
+          "id": "7381c720-f634-11ec-828d-2fb7a4a26e1f",
           "name": "panel_4",
-          "type": "search",
-          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f"
+          "type": "visualization"
+        },
+        {
+          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f",
+          "name": "panel_5",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T16:06:23.537Z",
+      "version": "WzEwNzYsMV0="
     },
     {
-      "id": "e9be4000-f632-11ec-828d-2fb7a4a26e1f",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-27T18:37:24.902Z",
-      "version": "WzgzMywxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Malcolm Sensor File Integrity - Host Chooser",
-        "visState": "{\"title\":\"Malcolm Sensor File Integrity - Host Chooser\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1656345860825\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Malcolm Sensor File Integrity - Host Chooser",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor File Integrity - Host Chooser\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1656345860825\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"
       },
+      "id": "e9be4000-f632-11ec-828d-2fb7a4a26e1f",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "control_0_index_pattern",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:11.933Z",
+      "version": "Wzk5NiwxXQ=="
     },
     {
-      "id": "50e28ff0-f64e-11ec-bc92-999adcbc4e7d",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-27T19:28:35.199Z",
-      "version": "Wzk0NSwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor File/Directory Integrity - Host Check Summary",
-        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor File/Directory Integrity - Host Check Summary",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Host Check Summary\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.changed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Changes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.removed\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Removals\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.added\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Additions\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"miscbeat.aide.number_of_entries.total\",\"aggregate\":\"max\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Files/Directories Checked\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":5,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "50e28ff0-f64e-11ec-bc92-999adcbc4e7d",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f",
           "name": "search_0",
-          "type": "search",
-          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:11.933Z",
+      "version": "Wzk5NywxXQ=="
     },
     {
-      "id": "b44fb3d0-f633-11ec-828d-2fb7a4a26e1f",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-27T18:37:24.902Z",
-      "version": "WzgzNSwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor File/Directory Integrity - Event Type",
-        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Event Type\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File/Directory Event\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor File/Directory Integrity - Event Type",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Event Type\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File/Directory Event\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
+      },
+      "id": "b44fb3d0-f633-11ec-828d-2fb7a4a26e1f",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f",
           "name": "search_0",
-          "type": "search",
-          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:11.933Z",
+      "version": "Wzk5OCwxXQ=="
     },
     {
-      "id": "7381c720-f634-11ec-828d-2fb7a4a26e1f",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-27T18:37:24.902Z",
-      "version": "WzgzNiwxXQ==",
       "attributes": {
-        "title": "Malcolm Sensor File/Directory Integrity - Path",
-        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Malcolm Sensor File/Directory Integrity - Path",
+        "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Malcolm Sensor File/Directory Integrity - Path\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"First Reported\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"unknown\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"customLabel\":\"Last Reported\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "7381c720-f634-11ec-828d-2fb7a4a26e1f",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f",
           "name": "search_0",
-          "type": "search",
-          "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:11.933Z",
+      "version": "Wzk5OSwxXQ=="
     },
     {
-      "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-27T18:37:24.902Z",
-      "version": "WzgzNywxXQ==",
       "attributes": {
-        "title": "AIDE File Integrity Check - Logs",
-        "description": "",
-        "hits": 0,
         "columns": [
           "host.name",
           "miscbeat.aide.number_of_entries.total",
@@ -192,22 +209,33 @@
           "miscbeat.aide.number_of_entries.removed",
           "file.path"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"query\":\"event.module:aide\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "AIDE File Integrity Check - Logs",
+        "version": 1
+      },
+      "id": "d0d5ddb0-f631-11ec-828d-2fb7a4a26e1f",
+      "migrationVersion": {
+        "search": "7.9.3"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:11.933Z",
+      "version": "WzEwMDAsMV0="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/Filebeat-nginx-logs.json b/dashboards/dashboards/beats/Filebeat-nginx-logs.json
deleted file mode 100644
index d21f9861b..000000000
--- a/dashboards/dashboards/beats/Filebeat-nginx-logs.json
+++ /dev/null
@@ -1,175 +0,0 @@
-{
-  "version": "2.0.0",
-  "objects": [
-    {
-      "id": "046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzEwMTgsMV0=",
-      "attributes": {
-        "title": "nginx Access and Error Logs",
-        "description": "",
-        "hits": 0,
-        "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"log.level\",\"error.message\"],\"sort\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"url.original\",\"http.request.method\",\"http.response.status_code\",\"http.response.body.bytes\"],\"sort\":[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":12,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
-        "optionsJSON": "{\"darkTheme\":false}",
-        "version": 1,
-        "timeRestore": false,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}"
-        }
-      },
-      "references": [
-        {
-          "name": "panel_0",
-          "type": "search",
-          "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs"
-        },
-        {
-          "name": "panel_1",
-          "type": "search",
-          "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs"
-        },
-        {
-          "name": "panel_2",
-          "type": "visualization",
-          "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs"
-        },
-        {
-          "name": "panel_3",
-          "type": "visualization",
-          "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs"
-        }
-      ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
-    },
-    {
-      "id": "9eb25600-a1f0-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:22.455Z",
-      "version": "WzgzMywxXQ==",
-      "attributes": {
-        "columns": [
-          "log.level",
-          "error.message"
-        ],
-        "description": "",
-        "hits": 0,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":false,\"query\":{\"query\":\"event.module:nginx AND error.message:*\",\"language\":\"kuery\"},\"version\":true,\"highlight\":{\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false,\"fragment_size\":2147483647},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "sort": [
-          [
-            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
-            "desc"
-          ]
-        ],
-        "title": "nginx Error Logs",
-        "version": 1
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
-    },
-    {
-      "id": "6d9e66d0-a1f0-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:22.455Z",
-      "version": "WzgzNCwxXQ==",
-      "attributes": {
-        "columns": [
-          "url.original",
-          "http.request.method",
-          "http.response.status_code",
-          "http.response.body.bytes"
-        ],
-        "description": "",
-        "hits": 0,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"filter\":[],\"highlightAll\":false,\"query\":{\"query\":\"event.module:nginx AND url.original:*\",\"language\":\"kuery\"},\"version\":true,\"highlight\":{\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false,\"fragment_size\":2147483647},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        },
-        "sort": [
-          [
-            "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
-            "desc"
-          ]
-        ],
-        "title": "nginx Access Logs",
-        "version": 1
-      },
-      "references": [
-        {
-          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
-        }
-      ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
-    },
-    {
-      "id": "1cfb1a80-a1f4-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:22.455Z",
-      "version": "WzgzNSwxXQ==",
-      "attributes": {
-        "description": "",
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{}"
-        },
-        "title": "nginx Access Over Time",
-        "uiStateJSON": "{}",
-        "version": 1,
-        "visState": "{\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"series\":[{\"formatter\":\"number\",\"chart_type\":\"line\",\"split_filters\":[{\"color\":\"#68BC00\",\"id\":\"1db649a0-a1f3-11e7-a062-a1c3587f4874\"}],\"seperate_axis\":0,\"point_size\":1,\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"metrics\":[{\"type\":\"count\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"label\":\"Access logs\",\"axis_position\":\"right\",\"split_mode\":\"everything\",\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"url.original\",\"color\":\"#68BC00\",\"line_width\":1,\"terms_order_by\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"split_color_mode\":\"gradient\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"event.module:nginx AND fileset.name:access\",\"language\":\"lucene\"},\"show_grid\":1,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"show_legend\":1,\"type\":\"timeseries\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_position\":\"left\",\"annotations\":[{\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"ignore_global_filters\":1,\"id\":\"970b1420-a1f3-11e7-a062-a1c3587f4874\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"icon\":\"fa-tag\",\"color\":\"#F00\",\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"3189aa80-a1f3-11e7-a062-a1c3587f4874\"}],\"interval\":\"auto\",\"legend_position\":\"bottom\"},\"aggs\":[],\"title\":\"nginx Access Over Time\"}"
-      },
-      "references": [],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "97109780-a2a5-11e7-928f-5dbe6f6f5519-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-01T19:41:23.453Z",
-      "version": "Wzg0NSwxXQ==",
-      "attributes": {
-        "description": "",
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{}"
-        },
-        "title": "nginx Dashboards",
-        "uiStateJSON": "{}",
-        "version": 1,
-        "visState": "{\"type\":\"markdown\",\"params\":{\"markdown\":\"[Nginx logs overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) | [Nginx access and error logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)\",\"fontSize\":12},\"aggs\":[],\"title\":\"nginx Dashboards\"}"
-      },
-      "references": [],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
-    }
-  ]
-}
diff --git a/dashboards/dashboards/beats/Metricbeat-host-overview.json b/dashboards/dashboards/beats/Metricbeat-host-overview.json
index 64512d4d5..3b7e24c05 100644
--- a/dashboards/dashboards/beats/Metricbeat-host-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-host-overview.json
@@ -1,507 +1,507 @@
 {
-  "version": "2.0.0",
   "objects": [
     {
-      "id": "79ffd6e0-faa0-11e6-947f-177f697178b8-ecs",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzEwMzgsMV0=",
       "attributes": {
-        "title": "Resources - Hosts Overview",
-        "hits": 0,
         "description": "System resources hosts' level overview, including Malcolm sensors and aggregators",
-        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"1\",\"w\":24,\"x\":24,\"y\":57},\"panelIndex\":\"1\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":57},\"panelIndex\":\"3\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":22},\"panelIndex\":\"4\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":17,\"i\":\"7\",\"w\":24,\"x\":24,\"y\":5},\"panelIndex\":\"7\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":39},\"panelIndex\":\"8\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"10\",\"w\":12,\"x\":0,\"y\":5},\"panelIndex\":\"10\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"11\",\"w\":12,\"x\":12,\"y\":5},\"panelIndex\":\"11\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"12\",\"w\":12,\"x\":0,\"y\":30},\"panelIndex\":\"12\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"13\",\"w\":12,\"x\":12,\"y\":30},\"panelIndex\":\"13\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"16\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"16\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":12,\"i\":\"21\",\"w\":8,\"x\":0,\"y\":18},\"panelIndex\":\"21\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":12,\"i\":\"22\",\"w\":8,\"x\":8,\"y\":18},\"panelIndex\":\"22\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":12,\"i\":\"23\",\"w\":8,\"x\":16,\"y\":18},\"panelIndex\":\"23\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"27\",\"w\":24,\"x\":0,\"y\":75},\"panelIndex\":\"27\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"28\",\"w\":24,\"x\":24,\"y\":75},\"panelIndex\":\"28\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_14\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"30\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"30\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_15\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":14,\"i\":\"b751999d-6577-4995-95e6-b7276ab6388d\",\"w\":24,\"x\":0,\"y\":43},\"panelIndex\":\"b751999d-6577-4995-95e6-b7276ab6388d\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_16\"}]",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
         "optionsJSON": "{\"darkTheme\":false}",
-        "version": 1,
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":18,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":17,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":18,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":6,\"w\":8,\"h\":12,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":8,\"h\":12,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":16,\"h\":11,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":39,\"w\":16,\"h\":11,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":19,\"w\":8,\"h\":9,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":12,\"w\":8,\"h\":7,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":8,\"h\":10,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":64,\"w\":24,\"h\":12,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":76,\"w\":24,\"h\":12,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":50,\"i\":\"ab038fe2-7471-4b68-8224-4068e582e07b\"},\"panelIndex\":\"ab038fe2-7471-4b68-8224-4068e582e07b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":6,\"i\":\"1f3e5864-3762-486b-add6-b7707f67498a\"},\"panelIndex\":\"1f3e5864-3762-486b-add6-b7707f67498a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_15\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":50,\"w\":24,\"h\":14,\"i\":\"b751999d-6577-4995-95e6-b7276ab6388d\"},\"panelIndex\":\"b751999d-6577-4995-95e6-b7276ab6388d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"}]",
         "timeRestore": false,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"host.name:*\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}"
-        }
+        "title": "Resources - Hosts Overview",
+        "version": 1
       },
+      "id": "Miscbeat-host-overview",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs"
+          "type": "visualization"
         },
         {
+          "id": "089b85d0-1b16-11e7-b09e-037021c4f8df",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "089b85d0-1b16-11e7-b09e-037021c4f8df-ecs"
+          "type": "visualization"
         },
         {
+          "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs"
+          "type": "visualization"
         },
         {
+          "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs"
+          "type": "visualization"
         },
         {
+          "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df",
           "name": "panel_4",
-          "type": "visualization",
-          "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs"
+          "type": "visualization"
         },
         {
+          "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_5",
-          "type": "visualization",
-          "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_6",
-          "type": "visualization",
-          "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_7",
-          "type": "visualization",
-          "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "1aae9140-1b93-11e7-8ada-3df93aab833e",
           "name": "panel_8",
-          "type": "visualization",
-          "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs"
+          "type": "visualization"
         },
         {
+          "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec",
           "name": "panel_9",
-          "type": "visualization",
-          "id": "System-Navigation-ecs"
+          "type": "visualization"
         },
         {
+          "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6",
           "name": "panel_10",
-          "type": "visualization",
-          "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs"
+          "type": "visualization"
         },
         {
+          "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32",
           "name": "panel_11",
-          "type": "visualization",
-          "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs"
+          "type": "visualization"
         },
         {
+          "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b",
           "name": "panel_12",
-          "type": "visualization",
-          "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs"
+          "type": "visualization"
         },
         {
+          "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b",
           "name": "panel_13",
-          "type": "visualization",
-          "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_14",
-          "type": "visualization",
-          "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "fc003640-cd1e-11ef-82c0-51a1fffd4269",
           "name": "panel_15",
-          "type": "visualization",
-          "id": "3d65d450-a9c3-11e7-af20-67db8aecb295-ecs"
+          "type": "visualization"
         },
         {
+          "id": "1a357a70-ebf5-11ec-a044-713f3297b517",
           "name": "panel_16",
-          "type": "visualization",
-          "id": "1a357a70-ebf5-11ec-a044-713f3297b517"
+          "type": "visualization"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T17:49:03.941Z",
+      "version": "WzEwNjgsMV0="
     },
     {
-      "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-30T17:52:42.303Z",
-      "version": "WzEwMjgsMV0=",
       "attributes": {
-        "title": "Network Traffic (Packets)",
-        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Network Traffic (Packets)",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Network Traffic (Packets)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"'0a'\",\"id\":\"49931900-ebf3-11ec-a401-f5db2d59e6af\",\"label\":\"Inbound\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"49931901-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"75fba890-ebf3-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.packets.tx\"},{\"id\":\"96daba60-ebf3-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"98e138c0-ebf3-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"75fba891-ebf3-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"'0a'\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}"
       },
-      "references": [],
+      "id": "6b7b9a40-faa1-11e6-86b1-cd7735ff7e23",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "089b85d0-1b16-11e7-b09e-037021c4f8df-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg1NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMjAsMV0="
+    },
+    {
       "attributes": {
-        "title": "Network Traffic (Bytes)",
-        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Network Traffic (Bytes)",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Network Traffic (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"language\":\"lucene\",\"query\":\"\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,133,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"6d8b8ab0-ebf1-11ec-a401-f5db2d59e6af\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"id\":\"6d8b8ab1-ebf1-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.rx\"}],\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"label\":\"Inbound\",\"type\":\"timeseries\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"value_template\":\"{{value}}/s\",\"split_color_mode\":\"gradient\"},{\"id\":\"b5977de0-ebf2-11ec-a401-f5db2d59e6af\",\"color\":\"rgba(13,212,26,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"positive_rate\",\"field\":\"miscbeat.network.bytes.tx\"},{\"id\":\"cdfb1540-ebf2-11ec-a401-f5db2d59e6af\",\"type\":\"math\",\"variables\":[{\"id\":\"d1b9caf0-ebf2-11ec-a401-f5db2d59e6af\",\"name\":\"rate\",\"field\":\"b5977de1-ebf2-11ec-a401-f5db2d59e6af\"}],\"script\":\"params.rate*-1\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"none\",\"label\":\"Outbound\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"terms_size\":\"3\",\"terms_order_by\":\"_key\",\"terms_field\":\"miscbeat.network.interface\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\"}}"
       },
-      "references": [],
+      "id": "089b85d0-1b16-11e7-b09e-037021c4f8df",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg1NiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMjEsMV0="
+    },
+    {
       "attributes": {
-        "title": "Memory Usage",
-        "visState": "{\"title\":\"Memory Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"32f46f40-1b16-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"4ff61fd0-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used\",\"type\":\"avg\"},{\"id\":\"3150c580-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"34e66f60-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"usedkb\",\"field\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.usedkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Used\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"753a6080-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(0,156,224,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"4f1bb980-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"52c168f0-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"swapkb\",\"field\":\"753a6081-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.swapkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Swap\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"32f46f41-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.free\",\"type\":\"avg\"},{\"id\":\"61b8e450-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"6458bc80-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"freekb\",\"field\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.freekb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Free\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Memory Usage",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Memory Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"32f46f40-1b16-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"4ff61fd0-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used\",\"type\":\"avg\"},{\"id\":\"3150c580-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"34e66f60-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"usedkb\",\"field\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.usedkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Used\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"753a6080-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(0,156,224,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"4f1bb980-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"52c168f0-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"swapkb\",\"field\":\"753a6081-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.swapkb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Swap\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"32f46f41-1b16-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.free\",\"type\":\"avg\"},{\"id\":\"61b8e450-eb54-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"6458bc80-eb54-11ec-ae08-f703744a0ba1\",\"name\":\"freekb\",\"field\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\"}],\"script\":\"params.freekb * 1000\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"Free\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "bfa5e400-1b16-11e7-b09e-037021c4f8df",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg1NywxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMjIsMV0="
+    },
+    {
       "attributes": {
-        "title": "CPU Usage",
-        "visState": "{\"title\":\"CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"80a04950-1b19-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"993acf30-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"993acf31-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.system_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"system\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"},{\"id\":\"80a04951-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"80a04952-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.user_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"0.9\",\"line_width\":1,\"label\":\"user\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\"},{\"id\":\"4eb3d7b0-eb9b-11ec-8afc-039f20728581\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(46,88,242,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4eb3d7b1-eb9b-11ec-8afc-039f20728581\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"total\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\",\"hidden\":false}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "CPU Usage",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"CPU Usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"80a04950-1b19-11e7-b09e-037021c4f8df\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"993acf30-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(211,49,21,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"993acf31-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.system_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"system\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"},{\"id\":\"80a04951-1b19-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"80a04952-1b19-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.user_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"0.9\",\"line_width\":1,\"label\":\"user\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\"},{\"id\":\"4eb3d7b0-eb9b-11ec-8afc-039f20728581\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(46,88,242,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"metrics\":[{\"id\":\"4eb3d7b1-eb9b-11ec-8afc-039f20728581\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\"}],\"formatter\":\"'0.'\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"total\",\"stacked\":\"stacked\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\",\"steps\":0,\"value_template\":\"{{value}}%\",\"hidden\":false}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "ab2d1e90-1b1a-11e7-b09e-037021c4f8df",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg1OCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMjMsMV0="
+    },
+    {
       "attributes": {
-        "title": "Disk IO (Bytes)",
-        "visState": "{\"title\":\"Disk IO (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(22,165,165,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.read_size\",\"type\":\"sum\"},{\"id\":\"3be3ef00-eb99-11ec-8afc-039f20728581\",\"type\":\"math\",\"variables\":[{\"id\":\"40f00c40-eb99-11ec-8afc-039f20728581\",\"name\":\"readsize\",\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\"}],\"script\":\"0 - params.readsize\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"reads\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(251,158,0,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.write_size\",\"type\":\"sum\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"writes\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Disk IO (Bytes)",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Disk IO (Bytes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(22,165,165,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.read_size\",\"type\":\"sum\"},{\"id\":\"3be3ef00-eb99-11ec-8afc-039f20728581\",\"type\":\"math\",\"variables\":[{\"id\":\"40f00c40-eb99-11ec-8afc-039f20728581\",\"name\":\"readsize\",\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\"}],\"script\":\"0 - params.readsize\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"reads\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"},{\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"rgba(251,158,0,1)\",\"axis_position\":\"right\",\"point_size\":\"0\",\"value_template\":\"{{value}}\",\"metrics\":[{\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.disk.write_size\",\"type\":\"sum\"}],\"formatter\":\"bytes\",\"split_mode\":\"everything\",\"fill\":\"1\",\"line_width\":1,\"label\":\"writes\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"type\":\"timeseries\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"type\":\"timeseries\",\"show_grid\":1,\"show_legend\":1,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "4e4bb1e0-1b1b-11e7-b09e-037021c4f8df",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg4MSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMjQsMV0="
+    },
+    {
       "attributes": {
-        "title": "CPU Usage Gauge",
-        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "CPU Usage Gauge",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}"
       },
-      "references": [],
+      "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg4MCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:32.497Z",
+      "version": "WzEwNDcsMV0="
+    },
+    {
       "attributes": {
-        "title": "Memory Usage Gauge",
-        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Memory Usage Gauge",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:36:06.418Z",
-      "version": "Wzk0OCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:32.497Z",
+      "version": "WzEwNDYsMV0="
+    },
+    {
       "attributes": {
-        "title": "Inbound Traffic",
-        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Inbound Traffic",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"
       },
-      "references": [],
+      "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:36:35.836Z",
-      "version": "Wzk1NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:32.497Z",
+      "version": "WzEwNDMsMV0="
+    },
+    {
       "attributes": {
-        "title": "Outbound Traffic",
-        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Outbound Traffic",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "1aae9140-1b93-11e7-8ada-3df93aab833e",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "System-Navigation-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg3MiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:32.497Z",
+      "version": "WzEwNDQsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\": {\"query\": \"\", \"language\": \"kuery\"}, \"filter\": []}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "title": "System Navigation",
+        "title": "Swap usage",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"aggs\":[],\"title\":\"System Navigation\",\"params\":{\"markdown\":\"[System Overview](#/dashboard/Metricbeat-system-overview-ecs)  | [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)\",\"fontSize\":12},\"type\":\"markdown\"}"
+        "visState": "{\"title\":\"Swap usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"filter\":\"\",\"series\":[{\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.mem.Swap.total\"},{\"id\":\"a4743e90-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"a62793e0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"used\",\"field\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\"},{\"id\":\"aaa023b0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"total\",\"field\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\"}],\"script\":\"params.used / params.total\"}],\"formatter\":\"percent\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Swap usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "19e123b0-4d5a-11e7-aee5-fdc812cc3bec-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg2NCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMzAsMV0="
+    },
+    {
       "attributes": {
-        "title": "Swap usage",
-        "visState": "{\"title\":\"Swap usage\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"filter\":\"\",\"series\":[{\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"field\":\"miscbeat.mem.Swap.used\",\"type\":\"avg\"},{\"id\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.mem.Swap.total\"},{\"id\":\"a4743e90-eb52-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"a62793e0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"used\",\"field\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\"},{\"id\":\"aaa023b0-eb52-11ec-ae08-f703744a0ba1\",\"name\":\"total\",\"field\":\"9cd408f0-eb52-11ec-ae08-f703744a0ba1\"}],\"script\":\"params.used / params.total\"}],\"formatter\":\"percent\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Swap usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Memory usage vs total",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Memory usage vs total\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.used\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"647ab8e0-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"674d39d0-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memusedkb\",\"field\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memusedkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"83f4bc70-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"9ea2b900-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memtotalkb\",\"field\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memtotalkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "d2e80340-4d5c-11e7-aa29-87a97a796de6-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg2NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMzEsMV0="
+    },
+    {
       "attributes": {
-        "title": "Memory usage vs total",
-        "visState": "{\"title\":\"Memory usage vs total\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.used\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"647ab8e0-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"674d39d0-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memusedkb\",\"field\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memusedkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"miscbeat.mem.Mem.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"},{\"id\":\"83f4bc70-eb53-11ec-ae08-f703744a0ba1\",\"type\":\"math\",\"variables\":[{\"id\":\"9ea2b900-eb53-11ec-ae08-f703744a0ba1\",\"name\":\"memtotalkb\",\"field\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\"}],\"script\":\"params.memtotalkb * 1000\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Disk used",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}"
       },
-      "references": [],
+      "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:48:30.917Z",
-      "version": "Wzk3NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:32.497Z",
+      "version": "WzEwNDUsMV0="
+    },
+    {
       "attributes": {
-        "title": "Disk used",
-        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Interfaces by Incoming traffic",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Interfaces by Incoming traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"42ceae90-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.rx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Incoming traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"44596d40-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "99381c80-4d60-11e7-9a4c-ed99bbcaa42b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:53:35.199Z",
-      "version": "WzEwMzQsMV0=",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMzMsMV0="
+    },
+    {
       "attributes": {
-        "title": "Interfaces by Incoming traffic",
-        "visState": "{\"title\":\"Interfaces by Incoming traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"42ceae90-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.rx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Incoming traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"44596d40-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Interfaces by Outgoing traffic",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Interfaces by Outgoing traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9cdba910-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"9cdba911-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Outgoing traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"9db20be0-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:53:54.433Z",
-      "version": "WzEwMzcsMV0=",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMzQsMV0="
+    },
+    {
       "attributes": {
-        "title": "Interfaces by Outgoing traffic",
-        "visState": "{\"title\":\"Interfaces by Outgoing traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9cdba910-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"series\":[{\"id\":\"9cdba911-4d60-11e7-9a4c-ed99bbcaa42b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Interfaces by Outgoing traffic\",\"terms_order_by\":\"_count\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"10\"}],\"interval\":\"auto\",\"axis_formatter\":\"number\",\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_position\":\"left\",\"type\":\"top_n\",\"show_grid\":1,\"bar_color_rules\":[{\"id\":\"9db20be0-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
-      "references": [],
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "3d65d450-a9c3-11e7-af20-67db8aecb295-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:26.499Z",
-      "version": "Wzg2OSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:33.586Z",
+      "version": "WzEwNTAsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "title": "Tip",
+        "title": "Resources - Host Overview Tip",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"aggs\":[],\"title\":\"Tip\",\"params\":{\"markdown\":\"**TIP:** To select another host, go to the [System Overview](#/dashboard/Metricbeat-system-overview-ecs) dashboard and click a host name.\",\"fontSize\":12},\"type\":\"markdown\"}"
+        "visState": "{\"title\":\"Resources - Host Overview Tip\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"To view another host's resources, return to the [System Overview](#/dashboard/Metricbeat-system-overview) and click on its name.\"}}"
       },
-      "references": [],
+      "id": "fc003640-cd1e-11ef-82c0-51a1fffd4269",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "1a357a70-ebf5-11ec-a044-713f3297b517",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:52:11.947Z",
-      "version": "WzEwMjUsMV0=",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:44:03.235Z",
+      "version": "WzEwNjYsMV0="
+    },
+    {
       "attributes": {
-        "title": "Network Traffic (Drops and Errors)",
-        "visState": "{\"title\":\"Network Traffic (Drops and Errors)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"table\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"color_rules\":[{\"id\":\"77170e30-ebf4-11ec-a401-f5db2d59e6af\"}],\"label\":\"Drops In\"},{\"id\":\"e5fec770-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e5fec771-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors In\"},{\"id\":\"ce173de0-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"ce173de1-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.tx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Drops Out\",\"color_rules\":[{\"id\":\"e3795510-ebf4-11ec-a401-f5db2d59e6af\"}]},{\"id\":\"f381f250-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"f381f251-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.tx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors Out\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"bar_color_rules\":[{\"id\":\"5eab8790-ebf4-11ec-a401-f5db2d59e6af\"}],\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"pivot_label\":\"Interface\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Network Traffic (Drops and Errors)",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Network Traffic (Drops and Errors)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"table\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"opensearchDashboards\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"color_rules\":[{\"id\":\"77170e30-ebf4-11ec-a401-f5db2d59e6af\"}],\"label\":\"Drops In\"},{\"id\":\"e5fec770-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"e5fec771-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors In\"},{\"id\":\"ce173de0-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"ce173de1-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.drops.tx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Drops Out\",\"color_rules\":[{\"id\":\"e3795510-ebf4-11ec-a401-f5db2d59e6af\"}]},{\"id\":\"f381f250-ebf4-11ec-a401-f5db2d59e6af\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"f381f251-ebf4-11ec-a401-f5db2d59e6af\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.errors.tx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Errors Out\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"bar_color_rules\":[{\"id\":\"5eab8790-ebf4-11ec-a401-f5db2d59e6af\"}],\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"pivot_label\":\"Interface\"}}"
       },
-      "references": [],
+      "id": "1a357a70-ebf5-11ec-a044-713f3297b517",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T17:27:31.490Z",
+      "version": "WzEwMzYsMV0="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/Metricbeat-system-overview.json b/dashboards/dashboards/beats/Metricbeat-system-overview.json
index 069bc3d8f..3c39d59a6 100644
--- a/dashboards/dashboards/beats/Metricbeat-system-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-system-overview.json
@@ -1,90 +1,87 @@
 {
-  "version": "2.0.0",
   "objects": [
     {
-      "id": "Metricbeat-system-overview-ecs",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "Wzk2NCwxXQ==",
       "attributes": {
-        "title": "Resources - System Overview",
-        "hits": 0,
         "description": "System resources overview, including Malcolm sensors and aggregators",
-        "panelsJSON": "[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"9\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"11\",\"w\":8,\"x\":0,\"y\":5},\"panelIndex\":\"11\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":13},\"panelIndex\":\"12\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":13},\"panelIndex\":\"13\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0% - 15%\":\"rgb(247,252,245)\",\"15% - 30%\":\"rgb(199,233,192)\",\"30% - 45%\":\"rgb(116,196,118)\",\"45% - 60%\":\"rgb(35,139,69)\"}}},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":33},\"panelIndex\":\"14\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":13,\"i\":\"16\",\"w\":8,\"x\":32,\"y\":0},\"panelIndex\":\"16\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"17\",\"w\":8,\"x\":40,\"y\":0},\"panelIndex\":\"17\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"18\",\"w\":8,\"x\":24,\"y\":0},\"panelIndex\":\"18\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"19\",\"w\":8,\"x\":16,\"y\":0},\"panelIndex\":\"19\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":13,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"20\",\"version\":\"2.0.0\",\"panelRefName\":\"panel_9\"}]",
-        "optionsJSON": "{\"darkTheme\":false}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true,\"highlightAll\":false,\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"darkTheme\":false}",
+        "panelsJSON": "[{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":5,\"i\":\"9\",\"w\":10,\"x\":8,\"y\":0},\"panelIndex\":\"9\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":13,\"i\":\"11\",\"w\":10,\"x\":8,\"y\":5},\"panelIndex\":\"11\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":26,\"i\":\"12\",\"w\":20,\"x\":28,\"y\":18},\"panelIndex\":\"12\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"13\",\"w\":20,\"x\":8,\"y\":18},\"panelIndex\":\"13\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0% - 15%\":\"rgb(247,252,245)\",\"15% - 30%\":\"rgb(199,233,192)\",\"30% - 45%\":\"rgb(116,196,118)\",\"45% - 60%\":\"rgb(35,139,69)\"}}},\"gridData\":{\"h\":27,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":44},\"panelIndex\":\"14\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"hidePanelTitles\":true,\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":18,\"i\":\"16\",\"w\":6,\"x\":36,\"y\":0},\"panelIndex\":\"16\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":18,\"i\":\"17\",\"w\":6,\"x\":42,\"y\":0},\"panelIndex\":\"17\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":18,\"i\":\"18\",\"w\":6,\"x\":30,\"y\":0},\"panelIndex\":\"18\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":18,\"i\":\"19\",\"w\":6,\"x\":24,\"y\":0},\"panelIndex\":\"19\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"hidePanelTitles\":true},\"gridData\":{\"h\":18,\"i\":\"20\",\"w\":6,\"x\":18,\"y\":0},\"panelIndex\":\"20\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":44,\"i\":\"08479cc5-6e60-4ec0-b1f3-37afa7ae4712\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"08479cc5-6e60-4ec0-b1f3-37afa7ae4712\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_10\"}]",
+        "timeRestore": false,
+        "title": "Resources - System Overview",
+        "version": 1
       },
+      "id": "Metricbeat-system-overview",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "System-Navigation",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "System-Navigation-ecs"
+          "type": "visualization"
         },
         {
+          "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs"
+          "type": "visualization"
         },
         {
+          "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "855899e0-1b1c-11e7-b09e-037021c4f8df",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "855899e0-1b1c-11e7-b09e-037021c4f8df-ecs"
+          "type": "visualization"
         },
         {
+          "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9",
           "name": "panel_4",
-          "type": "visualization",
-          "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs"
+          "type": "visualization"
         },
         {
+          "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_5",
-          "type": "visualization",
-          "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "1aae9140-1b93-11e7-8ada-3df93aab833e",
           "name": "panel_6",
-          "type": "visualization",
-          "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs"
+          "type": "visualization"
         },
         {
+          "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32",
           "name": "panel_7",
-          "type": "visualization",
-          "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs"
+          "type": "visualization"
         },
         {
+          "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_8",
-          "type": "visualization",
-          "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
         },
         {
+          "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b",
           "name": "panel_9",
-          "type": "visualization",
-          "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs"
+          "type": "visualization"
+        },
+        {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+          "name": "panel_10",
+          "type": "visualization"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T16:33:50.556Z",
+      "version": "WzEwNDksMV0="
     },
     {
-      "id": "System-Navigation-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg3MiwxXQ==",
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
@@ -93,31 +90,38 @@
         "title": "System Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"aggs\":[],\"title\":\"System Navigation\",\"params\":{\"markdown\":\"[System Overview](#/dashboard/Metricbeat-system-overview-ecs)  | [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)\",\"fontSize\":12},\"type\":\"markdown\"}"
+        "visState": "{\"aggs\":[],\"title\":\"System Navigation\",\"params\":{\"markdown\":\"[System Overview](#/dashboard/Metricbeat-system-overview)  | [Host Overview](#/dashboard/Miscbeat-host-overview)\",\"fontSize\":12},\"type\":\"markdown\"}"
       },
-      "references": [],
+      "id": "System-Navigation",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg3MywxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:09.471Z",
+      "version": "WzEwMjAsMV0="
+    },
+    {
       "attributes": {
         "description": "",
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\", \"filter\": [], \"query\": {\"query\": \"\", \"language\": \"kuery\"}}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"miscbeat.mem:* OR miscbeat.cpu:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "title": "Number of hosts",
-        "uiStateJSON": "{\"vis\": {\"defaultColors\": {\"0 - 100\": \"rgb(0,104,55)\"}}}",
+        "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
         "version": 1,
-        "visState": "{\"aggs\":[{\"enabled\":true,\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Number of hosts\"},\"id\":\"1\",\"type\":\"cardinality\"}],\"title\":\"Number of hosts\",\"params\":{\"type\":\"gauge\",\"gauge\":{\"orientation\":\"vertical\",\"gaugeColorMode\":\"None\",\"style\":{\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#000\",\"bgColor\":false,\"fontSize\":\"63\"},\"colorsRange\":[{\"to\":100,\"from\":0}],\"autoExtend\":false,\"invertColors\":false,\"scale\":{\"width\":2,\"show\":false,\"labels\":false,\"color\":\"#333\"},\"verticalSplit\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"type\":\"simple\",\"gaugeStyle\":\"Full\",\"useRange\":false,\"gaugeType\":\"Metric\",\"percentageMode\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\"},\"addTooltip\":true,\"addLegend\":false},\"type\":\"metric\"}"
+        "visState": "{\"title\":\"Number of hosts\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Number of hosts\"},\"schema\":\"metric\"}],\"params\":{\"type\":\"metric\",\"addTooltip\":true,\"addLegend\":false,\"metric\":{\"style\":{\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#000\",\"bgColor\":false,\"fontSize\":\"63\"},\"colorsRange\":[{\"to\":100,\"from\":0}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"useRange\":false,\"percentageMode\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\"}}}"
       },
+      "id": "c6f2ffd0-4d17-11e7-a196-69b9a7a020a9",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
           "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
@@ -125,199 +129,223 @@
           "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:32:50.909Z",
+      "version": "WzEwNDcsMV0="
     },
     {
-      "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg3NCwxXQ==",
       "attributes": {
-        "title": "Top Hosts By Memory",
-        "visState": "{\"title\":\"Top Hosts By Memory\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Top Hosts By Memory",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Top Hosts By Memory\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":{\"query\":\"miscbeat.mem.Mem.used_p:*\",\"language\":\"kuery\"},\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/Miscbeat-host-overview?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "fe064790-1b1f-11e7-bec4-a5e9ec5cab8b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "855899e0-1b1c-11e7-b09e-037021c4f8df-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg3NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:32:08.368Z",
+      "version": "WzEwNDYsMV0="
+    },
+    {
       "attributes": {
-        "title": "Top Hosts By CPU",
-        "visState": "{\"title\":\"Top Hosts By CPU\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":\"\",\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Top Hosts By CPU",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Top Hosts By CPU\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"filter\":{\"query\":\"miscbeat.cpu.cpu_p:*\",\"language\":\"kuery\"},\"series\":[{\"terms_size\":\"10\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"host.name\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"3\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"field\":\"miscbeat.cpu.cpu_p\",\"type\":\"avg\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"'0.'\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"value_template\":\"{{value}}%\"}],\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"axis_formatter\":\"number\",\"drilldown_url\":\"../app/dashboards#/dashboard/Miscbeat-host-overview?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"show_grid\":1,\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"axis_position\":\"left\",\"type\":\"top_n\",\"bar_color_rules\":[{\"operator\":\"gte\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"value\":0,\"bar_color\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"bar_color\":\"rgba(211,49,21,1)\"}],\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_NETWORK_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "855899e0-1b1c-11e7-b09e-037021c4f8df",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg3NiwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:31:38.776Z",
+      "version": "WzEwNDQsMV0="
+    },
+    {
       "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"miscbeat.cpu.cpu_p:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
         "title": "Hosts histogram by CPU usage",
-        "visState": "{\"title\":\"Hosts histogram by CPU usage\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"params\":{\"field\":\"miscbeat.cpu.cpu_p\",\"customLabel\":\"CPU usage %\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-30m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hosts\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"colorsNumber\":4,\"colorsRange\":[],\"invertColors\":false,\"setColorRange\":false,\"enableHover\":true,\"valueAxes\":[{\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"id\":\"ValueAxis-1\",\"labels\":{\"rotate\":0,\"show\":false,\"color\":\"#555\",\"overwriteColor\":false},\"show\":false,\"type\":\"value\"}],\"type\":\"heatmap\",\"times\":[],\"percentageMode\":true,\"colorSchema\":\"Greens\",\"addLegend\":true,\"legendPosition\":\"bottom\"}}",
         "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0% - 5%\":\"rgb(247,252,245)\",\"10% - 15%\":\"rgb(116,196,118)\",\"15% - 20%\":\"rgb(35,139,69)\",\"5% - 10%\":\"rgb(199,233,192)\"}}}",
-        "description": "",
         "version": 1,
-        "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        "visState": "{\"title\":\"Hosts histogram by CPU usage\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"params\":{\"field\":\"miscbeat.cpu.cpu_p\",\"customLabel\":\"CPU usage %\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hosts\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"colorsNumber\":4,\"colorsRange\":[],\"invertColors\":false,\"setColorRange\":false,\"enableHover\":true,\"valueAxes\":[{\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"id\":\"ValueAxis-1\",\"labels\":{\"rotate\":0,\"show\":false,\"color\":\"#555\",\"overwriteColor\":false},\"show\":false,\"type\":\"value\"}],\"type\":\"heatmap\",\"times\":[],\"percentageMode\":true,\"colorSchema\":\"Greens\",\"addLegend\":true,\"legendPosition\":\"bottom\"}}"
+      },
+      "id": "7cdb1330-4d1a-11e7-a196-69b9a7a020a9",
+      "migrationVersion": {
+        "visualization": "7.10.0"
       },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:33:33.051Z",
+      "version": "WzEwNDgsMV0="
     },
     {
-      "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "title": "Inbound Traffic",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}"
+      },
+      "id": "522ee670-1b92-11e7-bec4-a5e9ec5cab8b",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:36:06.418Z",
-      "version": "Wzk0OCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:09.471Z",
+      "version": "WzEwMjUsMV0="
+    },
+    {
       "attributes": {
-        "title": "Inbound Traffic",
-        "visState": "{\"title\":\"Inbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"bar_color_rules\":[{\"id\":\"a6f39dd0-eb4f-11ec-ae08-f703744a0ba1\"}],\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"interval\":\"auto\",\"isModelInvalid\":false,\"pivot_id\":\"miscbeat.network.interface\",\"pivot_type\":\"string\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"unit\":\"1s\",\"field\":\"miscbeat.network.bytes.rx\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"percentiles\":[{\"id\":\"2bd83990-eb4e-11ec-ae08-f703744a0ba1\",\"mode\":\"line\",\"shade\":0.2,\"value\":50}],\"type\":\"positive_rate\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"miscbeat.network.interface\",\"terms_order_by\":\"_count\",\"terms_size\":\"3\",\"value_template\":\"{{value}}/s\",\"color_rules\":[{\"id\":\"b3b298e0-eb50-11ec-ae08-f703744a0ba1\"}]},{\"id\":\"697b0130-eb51-11ec-ae08-f703744a0ba1\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"697b0131-eb51-11ec-ae08-f703744a0ba1\",\"type\":\"top_hit\",\"field\":\"miscbeat.network.bytes.rx\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Total Transferred\",\"terms_field\":\"miscbeat.network.interface\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Outbound Traffic",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "1aae9140-1b93-11e7-8ada-3df93aab833e",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "1aae9140-1b93-11e7-8ada-3df93aab833e-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:36:35.836Z",
-      "version": "Wzk1NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:09.471Z",
+      "version": "WzEwMjYsMV0="
+    },
+    {
       "attributes": {
-        "title": "Outbound Traffic",
-        "visState": "{\"title\":\"Outbound Traffic\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"filter\":{\"query\":\"\",\"language\":\"lucene\"},\"series\":[{\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}/s\",\"metrics\":[{\"unit\":\"1s\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"positive_rate\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Outbound Traffic\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"},{\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"terms_field\":\"miscbeat.network.interface\",\"axis_position\":\"right\",\"point_size\":1,\"value_template\":\"{{value}}\",\"metrics\":[{\"size\":\"1\",\"agg_with\":\"max\",\"order\":\"desc\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.network.bytes.tx\",\"type\":\"top_hit\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\"}],\"formatter\":\"bytes\",\"split_mode\":\"terms\",\"fill\":0.5,\"line_width\":1,\"label\":\"Total Transferred\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"terms_size\":\"3\",\"terms_order_by\":\"_count\"}],\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_legend\":1,\"interval\":\"auto\",\"type\":\"metric\",\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Disk used",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}"
       },
-      "references": [],
+      "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "825fdb80-4d1d-11e7-b5f2-2b7c1895bf32-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T17:48:30.917Z",
-      "version": "Wzk3NSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:09.471Z",
+      "version": "WzEwMjcsMV0="
+    },
+    {
       "attributes": {
-        "title": "Disk used",
-        "visState": "{\"title\":\"Disk used\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"filter\":\"\",\"interval\":\"auto\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"time_range_mode\":\"entire_time_range\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"1\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"operator\":\"gte\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.7,\"gauge\":\"rgba(251,158,0,1)\"},{\"operator\":\"gte\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"value\":0.85,\"gauge\":\"rgba(211,49,21,1)\"}],\"gauge_inner_width\":10,\"series\":[{\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.used\"},{\"size\":\"1\",\"agg_with\":\"avg\",\"order\":\"desc\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order_by\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"type\":\"top_hit\",\"field\":\"miscbeat.disk.df.size\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"variables\":[{\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}],\"script\":\"params.used/params.total \",\"type\":\"math\"}],\"formatter\":\"'0%'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Disk used\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\"}],\"isModelInvalid\":false,\"axis_scale\":\"normal\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"tooltip_mode\":\"show_all\"}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "Memory Usage Gauge",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}"
       },
-      "references": [],
+      "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "d3166e80-1b91-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg4MCwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:09.471Z",
+      "version": "WzEwMjgsMV0="
+    },
+    {
       "attributes": {
-        "title": "Memory Usage Gauge",
-        "visState": "{\"title\":\"Memory Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"field\":\"miscbeat.mem.Mem.used_p\",\"type\":\"avg\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"Memory Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+        },
+        "title": "CPU Usage Gauge",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}"
       },
-      "references": [],
+      "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
-    },
-    {
-      "id": "83e12df0-1b91-11e7-bec4-a5e9ec5cab8b-ecs",
-      "type": "visualization",
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2022-06-30T16:19:27.512Z",
-      "version": "Wzg4MSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:09.471Z",
+      "version": "WzEwMjksMV0="
+    },
+    {
       "attributes": {
-        "title": "CPU Usage Gauge",
-        "visState": "{\"title\":\"CPU Usage Gauge\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"filter\":\"\",\"series\":[{\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"chart_type\":\"line\",\"seperate_axis\":0,\"color\":\"#68BC00\",\"axis_position\":\"right\",\"point_size\":1,\"metrics\":[{\"id\":\"114cd270-eb49-11ec-ae08-f703744a0ba1\",\"type\":\"avg\",\"field\":\"miscbeat.cpu.cpu_p\"}],\"formatter\":\"'0'\",\"split_mode\":\"everything\",\"fill\":0.5,\"line_width\":1,\"label\":\"CPU Usage\",\"stacked\":\"none\",\"split_color_mode\":\"gradient\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"value_template\":\"{{value}}%\"}],\"gauge_inner_width\":10,\"axis_formatter\":\"number\",\"show_legend\":1,\"axis_position\":\"left\",\"index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"show_grid\":1,\"time_field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"gauge_max\":\"100\",\"gauge_color_rules\":[{\"operator\":\"gte\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"value\":0,\"gauge\":\"rgba(104,188,0,1)\"},{\"value\":70,\"operator\":\"gte\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(254,146,0,1)\"},{\"value\":85,\"operator\":\"gte\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"gauge\":\"rgba(211,49,21,1)\"}],\"interval\":\"auto\",\"type\":\"gauge\",\"gauge_style\":\"half\",\"gauge_width\":10,\"axis_scale\":\"normal\",\"tooltip_mode\":\"show_all\",\"default_index_pattern\":\"MALCOLM_OTHER_INDEX_PATTERN_REPLACER\",\"default_timefield\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"64e19c90-eb49-11ec-ae08-f703744a0ba1\"}],\"bar_color_rules\":[{\"id\":\"65456770-eb49-11ec-ae08-f703744a0ba1\"}]}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
-        }
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
-      "references": [],
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
         "visualization": "7.10.0"
-      }
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T16:26:10.488Z",
+      "version": "WzEwMzIsMV0="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
index 35d980a49..40dd005fe 100644
--- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
+++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
@@ -1,224 +1,241 @@
 {
-  "version": "2.11.1",
   "objects": [
     {
-      "id": "f6600310-9943-11ee-a029-e973f4774355",
-      "type": "dashboard",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2024-04-29T15:49:16.000Z",
-      "version": "WzkzOCwxXQ==",
       "attributes": {
-        "title": "Journald Logs",
-        "hits": 0,
         "description": "Messages from Systemd's Journald daemon on Linux environments, including Malcolm sensors and aggregators",
-        "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":19,\"i\":\"b514b4e8-689b-465e-8335-ca20c20d46fe\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"b514b4e8-689b-465e-8335-ca20c20d46fe\",\"version\":\"2.11.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7a7cfec2-8688-45a7-9790-66b3f0e9fd7e\",\"w\":11,\"x\":14,\"y\":0},\"panelIndex\":\"7a7cfec2-8688-45a7-9790-66b3f0e9fd7e\",\"version\":\"2.11.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"2143906d-7adb-4de7-8484-2f87c8c98332\",\"w\":23,\"x\":25,\"y\":0},\"panelIndex\":\"2143906d-7adb-4de7-8484-2f87c8c98332\",\"version\":\"2.11.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"bb4d56fd-b110-4d58-b6aa-e4189bdba918\",\"w\":24,\"x\":0,\"y\":19},\"panelIndex\":\"bb4d56fd-b110-4d58-b6aa-e4189bdba918\",\"version\":\"2.11.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"4e4780cd-add6-4dbe-95ac-d11afbcd630c\",\"w\":24,\"x\":24,\"y\":19},\"panelIndex\":\"4e4780cd-add6-4dbe-95ac-d11afbcd630c\",\"version\":\"2.11.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":32,\"i\":\"77bbae8a-66cd-4e30-9b90-c7ab7c271320\",\"w\":48,\"x\":0,\"y\":37},\"panelIndex\":\"77bbae8a-66cd-4e30-9b90-c7ab7c271320\",\"version\":\"2.11.1\",\"panelRefName\":\"panel_5\"}]",
-        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "version": 1,
-        "timeRestore": false,
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
-        }
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":37,\"i\":\"27b84693-c9ce-4a89-a43e-534eb4c0c0d0\"},\"panelIndex\":\"27b84693-c9ce-4a89-a43e-534eb4c0c0d0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":19,\"i\":\"b514b4e8-689b-465e-8335-ca20c20d46fe\"},\"panelIndex\":\"b514b4e8-689b-465e-8335-ca20c20d46fe\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":19,\"y\":0,\"w\":10,\"h\":19,\"i\":\"7a7cfec2-8688-45a7-9790-66b3f0e9fd7e\"},\"panelIndex\":\"7a7cfec2-8688-45a7-9790-66b3f0e9fd7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":19,\"i\":\"2143906d-7adb-4de7-8484-2f87c8c98332\"},\"panelIndex\":\"2143906d-7adb-4de7-8484-2f87c8c98332\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":19,\"w\":21,\"h\":18,\"i\":\"bb4d56fd-b110-4d58-b6aa-e4189bdba918\"},\"panelIndex\":\"bb4d56fd-b110-4d58-b6aa-e4189bdba918\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":29,\"y\":19,\"w\":19,\"h\":18,\"i\":\"4e4780cd-add6-4dbe-95ac-d11afbcd630c\"},\"panelIndex\":\"4e4780cd-add6-4dbe-95ac-d11afbcd630c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":37,\"w\":48,\"h\":32,\"i\":\"77bbae8a-66cd-4e30-9b90-c7ab7c271320\"},\"panelIndex\":\"77bbae8a-66cd-4e30-9b90-c7ab7c271320\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
+        "timeRestore": false,
+        "title": "Journald Logs",
+        "version": 1
       },
+      "id": "f6600310-9943-11ee-a029-e973f4774355",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
           "name": "panel_0",
-          "type": "visualization",
-          "id": "82e154f0-99e5-11ee-a12e-a134fdba98ea"
+          "type": "visualization"
         },
         {
+          "id": "82e154f0-99e5-11ee-a12e-a134fdba98ea",
           "name": "panel_1",
-          "type": "visualization",
-          "id": "5a3cb5c0-99e6-11ee-a12e-a134fdba98ea"
+          "type": "visualization"
         },
         {
+          "id": "5a3cb5c0-99e6-11ee-a12e-a134fdba98ea",
           "name": "panel_2",
-          "type": "visualization",
-          "id": "02c189b0-99e6-11ee-a12e-a134fdba98ea"
+          "type": "visualization"
         },
         {
+          "id": "02c189b0-99e6-11ee-a12e-a134fdba98ea",
           "name": "panel_3",
-          "type": "visualization",
-          "id": "81e6b660-99e7-11ee-a12e-a134fdba98ea"
+          "type": "visualization"
         },
         {
+          "id": "81e6b660-99e7-11ee-a12e-a134fdba98ea",
           "name": "panel_4",
-          "type": "visualization",
-          "id": "9601eb20-99e6-11ee-a12e-a134fdba98ea"
+          "type": "visualization"
         },
         {
+          "id": "9601eb20-99e6-11ee-a12e-a134fdba98ea",
           "name": "panel_5",
-          "type": "search",
-          "id": "c79c1e60-9943-11ee-a029-e973f4774355"
+          "type": "visualization"
+        },
+        {
+          "id": "c79c1e60-9943-11ee-a029-e973f4774355",
+          "name": "panel_6",
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "dashboard": "7.9.3"
-      }
+      "type": "dashboard",
+      "updated_at": "2025-01-07T15:45:40.604Z",
+      "version": "WzEwNjksMV0="
     },
     {
-      "id": "82e154f0-99e5-11ee-a12e-a134fdba98ea",
-      "type": "visualization",
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
       "namespaces": [
         "default"
       ],
-      "updated_at": "2023-12-14T22:33:38.334Z",
-      "version": "WzkzOSwxXQ==",
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:03.736Z",
+      "version": "WzkyOCwxXQ=="
+    },
+    {
       "attributes": {
-        "title": "Journald - Logger",
-        "visState": "{\"title\":\"Journald - Logger\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.logger\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}",
-        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Journald - Logger",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Journald - Logger\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"log.logger\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
       },
+      "id": "82e154f0-99e5-11ee-a12e-a134fdba98ea",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "c79c1e60-9943-11ee-a029-e973f4774355",
           "name": "search_0",
-          "type": "search",
-          "id": "c79c1e60-9943-11ee-a029-e973f4774355"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:17.095Z",
+      "version": "WzEwNDYsMV0="
     },
     {
-      "id": "5a3cb5c0-99e6-11ee-a12e-a134fdba98ea",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2023-12-14T22:50:36.981Z",
-      "version": "Wzk1NSwxXQ==",
       "attributes": {
-        "title": "Journald - Process UID",
-        "visState": "{\"title\":\"Journald - Process UID\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.user.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Journald - Process UID",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Journald - Process UID\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Host\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.user.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process UID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
+      "id": "5a3cb5c0-99e6-11ee-a12e-a134fdba98ea",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "c79c1e60-9943-11ee-a029-e973f4774355",
           "name": "search_0",
-          "type": "search",
-          "id": "c79c1e60-9943-11ee-a029-e973f4774355"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:17.095Z",
+      "version": "WzEwNDcsMV0="
     },
     {
-      "id": "02c189b0-99e6-11ee-a12e-a134fdba98ea",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2023-12-14T22:33:38.334Z",
-      "version": "Wzk0MSwxXQ==",
       "attributes": {
-        "title": "Journald - Logs by Host Over Time",
-        "visState": "{\"title\":\"Journald - Logs by Host Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Journald Host\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Journald - Logs by Host Over Time",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Journald - Logs by Host Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.hostname\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Journald Host\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
       },
+      "id": "02c189b0-99e6-11ee-a12e-a134fdba98ea",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "c79c1e60-9943-11ee-a029-e973f4774355",
           "name": "search_0",
-          "type": "search",
-          "id": "c79c1e60-9943-11ee-a029-e973f4774355"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:17.095Z",
+      "version": "WzEwNDgsMV0="
     },
     {
-      "id": "81e6b660-99e7-11ee-a12e-a134fdba98ea",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2023-12-14T22:33:38.334Z",
-      "version": "Wzk0MiwxXQ==",
       "attributes": {
-        "title": "Journald - Systemd Unit",
-        "visState": "{\"title\":\"Journald - Systemd Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Unit\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd User Unit\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User Unit\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}",
-        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Journald - Systemd Unit",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Journald - Systemd Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd Unit\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.systemd_user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Systemd User Unit\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"miscbeat.systemd.user_unit\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"User Unit\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
+      "id": "81e6b660-99e7-11ee-a12e-a134fdba98ea",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "c79c1e60-9943-11ee-a029-e973f4774355",
           "name": "search_0",
-          "type": "search",
-          "id": "c79c1e60-9943-11ee-a029-e973f4774355"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:17.095Z",
+      "version": "WzEwNDksMV0="
     },
     {
-      "id": "9601eb20-99e6-11ee-a12e-a134fdba98ea",
-      "type": "visualization",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2023-12-14T22:33:38.334Z",
-      "version": "Wzk0MywxXQ==",
       "attributes": {
-        "title": "Journald - Process Name",
-        "visState": "{\"title\":\"Journald - Process Name\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}",
-        "uiStateJSON": "{}",
         "description": "",
-        "version": 1,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
-        "savedSearchRefName": "search_0"
+        "savedSearchRefName": "search_0",
+        "title": "Journald - Process Name",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Journald - Process Name\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"process.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false}}"
       },
+      "id": "9601eb20-99e6-11ee-a12e-a134fdba98ea",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "c79c1e60-9943-11ee-a029-e973f4774355",
           "name": "search_0",
-          "type": "search",
-          "id": "c79c1e60-9943-11ee-a029-e973f4774355"
+          "type": "search"
         }
       ],
-      "migrationVersion": {
-        "visualization": "7.10.0"
-      }
+      "type": "visualization",
+      "updated_at": "2025-01-07T15:10:17.095Z",
+      "version": "WzEwNTAsMV0="
     },
     {
-      "id": "c79c1e60-9943-11ee-a029-e973f4774355",
-      "type": "search",
-      "namespaces": [
-        "default"
-      ],
-      "updated_at": "2023-12-14T22:33:38.334Z",
-      "version": "Wzk0NCwxXQ==",
       "attributes": {
-        "title": "Journald - Logs",
-        "description": "",
-        "hits": 0,
         "columns": [
           "MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER",
           "miscbeat.systemd.hostname",
@@ -230,22 +247,33 @@
           "miscbeat.systemd.systemd_user_unit",
           "log.logger"
         ],
-        "sort": [],
-        "version": 1,
+        "description": "",
+        "hits": 0,
         "kibanaSavedObjectMeta": {
           "searchSourceJSON": "{\"query\":{\"query\":\"miscbeat.systemd:*\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"calendar_interval\":\"1w\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
-        }
+        },
+        "sort": [],
+        "title": "Journald - Logs",
+        "version": 1
       },
+      "id": "c79c1e60-9943-11ee-a029-e973f4774355",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
       "references": [
         {
+          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER",
           "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
-          "type": "index-pattern",
-          "id": "MALCOLM_OTHER_INDEX_PATTERN_REPLACER"
+          "type": "index-pattern"
         }
       ],
-      "migrationVersion": {
-        "search": "7.9.3"
-      }
+      "type": "search",
+      "updated_at": "2025-01-07T15:10:17.095Z",
+      "version": "WzEwNTEsMV0="
     }
-  ]
+  ],
+  "version": "2.18.0"
 }
diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index fc1d849b4..7227ebb8f 100644
--- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -72,7 +72,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
index 04ce976bd..23850346b 100644
--- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
+++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
@@ -82,7 +82,7 @@
       "version": "WzY5MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
index 539aa8471..d0317e3bb 100644
--- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
+++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
@@ -77,7 +77,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
index 43542d1b8..8502e9cbd 100644
--- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
+++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index cc018dc9c..2a0fe675a 100644
--- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
index 2d4747a48..255af61e6 100644
--- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
+++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
@@ -112,7 +112,7 @@
       "version": "WzczOSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index f81e16734..ea0a95ffa 100644
--- a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 0d71c4bfd..7edd857ba 100644
--- a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
index 58a136fa4..1915bb579 100644
--- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
+++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
@@ -107,7 +107,7 @@
       "version": "WzgzOCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 46b24e2fe..228706bb6 100644
--- a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json b/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
index 10c215df4..478f6e695 100644
--- a/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
+++ b/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
@@ -127,7 +127,7 @@
       "version": "Wzg3NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index 128be831c..a1b6fde84 100644
--- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -97,7 +97,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
@@ -596,7 +596,7 @@
         "sort": [],
         "version": 1,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"threat.framework:\\\"MITRE ATT&CK for ICS\\\"\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         }
       },
       "references": [
diff --git a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index c4f0415d5..7dcda552d 100644
--- a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -47,7 +47,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 20b6d2d85..fd6660caf 100644
--- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -137,7 +137,7 @@
       "version": "Wzg2MSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 2c6e42db1..1784b7895 100644
--- a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index d12be8426..d0b5abd05 100644
--- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 079fc82ff..b2dd8a422 100644
--- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -77,7 +77,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
index 1b9d541f7..f59e64de4 100644
--- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
+++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
@@ -102,7 +102,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview-ecs) / [Host Overview](#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519-ecs) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519-ecs)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,

From 9256719d786f0069f7683bbffba5abe4f7359a8b Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 11:00:05 -0700
Subject: [PATCH 06/53] bump jinja to 3.1.5

---
 hedgehog-iso/interface/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hedgehog-iso/interface/requirements.txt b/hedgehog-iso/interface/requirements.txt
index 19124e269..5cc9e8436 100644
--- a/hedgehog-iso/interface/requirements.txt
+++ b/hedgehog-iso/interface/requirements.txt
@@ -6,7 +6,7 @@ Flask-Cors==5.0.0
 gunicorn==22.0.0
 idna==3.7
 itsdangerous==2.1.2
-Jinja2==3.1.4
+Jinja2==3.1.5
 MarkupSafe==2.1.2
 psutil==5.9.4
 python-dotenv==1.0.0

From d021eaafb07c346e02fe5a6561282fcc5b0968e4 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 12:01:18 -0700
Subject: [PATCH 07/53] Documentation for cisagov/Malcolm#354, syslog

---
 docs/malcolm-config.md                   | 7 +++++++
 docs/malcolm-hedgehog-e2e-iso-install.md | 6 +++++-
 docs/third-party-logs.md                 | 8 ++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md
index a361a9743..1ea05d896 100644
--- a/docs/malcolm-config.md
+++ b/docs/malcolm-config.md
@@ -40,6 +40,13 @@ Although the configuration script automates many of the following configuration
     - `OPENSEARCH_INDEX_SIZE_PRUNE_LIMIT` - the maximum cumulative size of OpenSearch indices are allowed to consume before the oldest indices are deleted, see [**Managing disk usage**](#DiskUsage) below
 * **`filebeat.env`** - settings specific to [Filebeat](https://www.elastic.co/products/beats/filebeat), particularly for how Filebeat watches for new log files to parse and how it receives and stores [third-Party logs](third-party-logs.md#ThirdPartyLogs)
     - `LOG_CLEANUP_MINUTES` and `ZIP_CLEANUP_MINUTES` - these variables deal cleaning up already-processed log files, see [**Managing disk usage**](#DiskUsage) below
+    - The following variables configure Malcolm's ability to [accept syslog](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html) messages:
+        + `FILEBEAT_SYSLOG_TCP_LISTEN` and `FILEBEAT_SYSLOG_UDP_LISTEN` - if set to `true`, Malcolm will accept syslog messages over TCP and/or UDP, respectively
+        + `FILEBEAT_SYSLOG_TCP_PORT` and `FILEBEAT_SYSLOG_UDP_PORT` - the port on which Malcolm will accept syslog messages over TCP and/or UDP, respectively
+        + `FILEBEAT_SYSLOG_TCP_FORMAT` and `FILEBEAT_SYSLOG_UDP_FORMAT` - one of `auto`, `rfc3164`, or `rfc5424`, to specify the allowed [format](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html#_format_2) for syslog messages over TCP and/or UDP, respectively (default `auto`)
+        + `FILEBEAT_SYSLOG_TCP_MAX_MESSAGE_SIZE` and `FILEBEAT_SYSLOG_UDP_MAX_MESSAGE_SIZE` - defines the maximum message size of the message received over TCP and/or UDP, respectively (default: `10KiB` for UDP, `20MiB` for TCP)
+        + `FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS` - specifies the maximum current number of TCP [connections](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html#filebeat-input-syslog-tcp-max-connections) for syslog messages
+        + `FILEBEAT_SYSLOG_TCP_SSL` - if set to `true`, syslog messages over TCP will require the use of TLS. When [`./scripts/auth_setup`](authsetup.md#AuthSetup) is run, self-signed certificates are generated which may be used by remote log forwarders. Located in the `filebeat/certs/` directory, the certificate authority and client certificate and key files should be copied to the host on which the forwarder is running and used when defining its settings for connecting to Malcolm.
 * **`logstash.env`** - settings specific to [Logstash](https://www.elastic.co/products/logstash)
     - `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`)
     - `LOGSTASH_REVERSE_DNS` – if set to `true`, Logstash will perform a reverse DNS lookup for all external source and destination IP address values when analyzing Zeek logs (default `false`)
diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md
index 3ac4019f1..8bd9e0e5e 100644
--- a/docs/malcolm-hedgehog-e2e-iso-install.md
+++ b/docs/malcolm-hedgehog-e2e-iso-install.md
@@ -216,7 +216,7 @@ The [configuration and tuning](malcolm-config.md#ConfigAndTuning) wizard's quest
 * **Perform string randomness scoring on some fields?**
     - If enabled, domain names observed in network traffic (from DNS queries and SSL server names) will be assigned entropy scores as calculated by [`freq`](https://github.com/MarkBaggett/freq). Users probably want to answer **Y** to this question.
 * **Should Malcolm accept logs and metrics from a Hedgehog Linux sensor or other forwarder?**
-    - Answer **yes** or **no** in order for Malcolm's firewall to allow or block connections for OpenSearch, Logstash, and Filebeat TCP, bypassing the following several questions in this list. Answer **customize** to proceed to answer the following related questions individually.
+    - Answer **yes** or **no** in order for Malcolm's firewall to allow or block connections for OpenSearch, Logstash, and Filebeat TCP, bypassing the following several questions in this list. Answer **customize** to proceed to answer the following related questions individually:
     - **Expose OpenSearch port to external hosts?**
         + Answer **Y** in order for Malcolm's firewall to allow connections from a remote log forwarder (such as Hedgehog Linux) to TCP port 9200 so that Arkime sessions can be written to Malcolm's OpenSearch database.
     - **Expose Logstash port to external hosts?**
@@ -237,6 +237,10 @@ The [configuration and tuning](malcolm-config.md#ConfigAndTuning) wizard's quest
         + The default is `_malcolm_beats`, which is used by Malcolm to recognize and parse metrics sent from Hedgehog Linux.
     - **Expose SFTP server (for PCAP upload) to external hosts?**
         + Users should answer **N** unless they plan to use SFTP/SCP to [upload](upload.md#Upload) PCAP files to Malcolm; answering **Y** will expose TCP port 8022 in Malcolm's firewall for SFTP/SCP connections
+    - **Accept standard syslog messages?**
+        + Answer **Y** for Malcolm to accept syslog messages according to the RFC3164 and RFC5424 standards over TCP or UDP.
+            * **Enter port for syslog over TCP (e.g., 514) or 0 to disable** and **Enter port for syslog over UDP (e.g., 514) or 0 to disable**
+                - Specify the port numbers on which to accept syslog messages for TCP or UDP, respectively. Other options for configuring how Malcolm accepts and processes syslog messages can be configured via environment variables in [`filebeat.env`](malcolm-config.md#MalcolmConfigEnvVars).
 * **Enable file extraction with Zeek?**
     - Answer **Y** to indicate that Zeek should [extract files](file-scanning.md#ZeekFileExtraction) transfered in observed network traffic.
     - **Select file extraction behavior**
diff --git a/docs/third-party-logs.md b/docs/third-party-logs.md
index 03184b7d9..5c37e0d5c 100644
--- a/docs/third-party-logs.md
+++ b/docs/third-party-logs.md
@@ -15,12 +15,14 @@ Malcolm uses [OpenSearch](https://opensearch.org/) and [OpenSearch Dashboards](h
 The types of third-party logs and metrics discussed in this document are *not* the same as the network session metadata provided by Arkime, Zeek, and Suricata. Please refer to the [Malcolm Contributor Guide](contributing-guide.md) for information on integrating a new network traffic analysis provider.
 
 <a name="ThirdPartyLogsTableOfContents"></a>
+
 * [Configuring Malcolm](#Malcolm)
     - [Secure communication](#MalcolmTLS)
 * [Fluent Bit](#FluentBit)
     - [Convenience Script for Linux/macOS](#FluentBitBash)
     - [Convenience Script for Windows](#FluentBitPowerShell)
 * [Beats](#Beats)
+* [Syslog](#Syslog)
 * [Uploading Third-Party Logs](#ThirdPartyUpload)
 * [Data Format and Visualization](#Data)
 * [Document Indices](#Indices)
@@ -309,6 +311,12 @@ The important bits to note in this example are the settings under [`output.logst
 
 Most Beats forwarders can use [processors](https://www.elastic.co/guide/en/beats/filebeat/current/defining-processors.html) to filter, transform, and enhance data prior to sending it to Malcolm. Consult each forwarder's [documentation](https://www.elastic.co/beats/) to learn more about what processors are available and how to configure them. Use the [Console output](https://www.elastic.co/guide/en/beats/filebeat/current/console-output.html) for debugging and experimenting with how Beats forwarders format the logs they generate.
 
+## <a name="Syslog"></a>Syslog
+
+Malcolm can accept [syslog](https://en.wikipedia.org/wiki/Syslog) messages directly. During [configuration](malcolm-hedgehog-e2e-iso-install.md#MalcolmConfig), select **customize** when prompted **Should Malcolm accept logs and metrics from a Hedgehog Linux sensor or other forwarder?** to specify whether Malcolm should accept syslog over TCP, UDP, or both, and the respective ports on which the messages should be accepted.
+
+Other options for configuring how Malcolm accepts and processes syslog messages can be configured via environment variables in [`filebeat.env`](malcolm-config.md#MalcolmConfigEnvVars).
+
 ## <a name="ThirdPartyUpload"></a>Uploading Third-Party Logs
 
 ### Microsoft Windows Event Logs

From f8217e007897cb75acd9561dfe61b72d904f4e26 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 13:27:33 -0700
Subject: [PATCH 08/53] replace old filebeat input for syslog with tcp/udp
 input and syslog processor, for cisagov/Malcolm#354

---
 config/filebeat.env.example                 |  4 ++--
 docs/malcolm-config.md                      |  6 +++---
 filebeat/filebeat-syslog-tcp.yml            | 13 ++++++-------
 filebeat/filebeat-syslog-udp.yml            | 13 ++++++-------
 logstash/pipelines/beats/11_beats_logs.conf | 21 ++-------------------
 5 files changed, 19 insertions(+), 38 deletions(-)

diff --git a/config/filebeat.env.example b/config/filebeat.env.example
index 61e161552..dbec57bb8 100644
--- a/config/filebeat.env.example
+++ b/config/filebeat.env.example
@@ -35,12 +35,12 @@ FILEBEAT_TCP_PARSE_DROP_FIELD=message
 # Tag to append to events sent to the filebeat TCP input listener
 FILEBEAT_TCP_TAG=_malcolm_beats
 # Whether or not to expose a filebeat UDP syslog listener (see
-#    https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html)
+#    https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html)
 FILEBEAT_SYSLOG_UDP_LISTEN=false
 # UDP port on which to listen for standard syslog messages
 FILEBEAT_SYSLOG_UDP_PORT=0
 # Whether or not to expose a filebeat TCP syslog listener (see
-#    https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html)
+#    https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html)
 FILEBEAT_SYSLOG_TCP_LISTEN=false
 # TCP port on which to listen for standard syslog messages
 FILEBEAT_SYSLOG_TCP_PORT=0
diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md
index 1ea05d896..3e34206ba 100644
--- a/docs/malcolm-config.md
+++ b/docs/malcolm-config.md
@@ -40,12 +40,12 @@ Although the configuration script automates many of the following configuration
     - `OPENSEARCH_INDEX_SIZE_PRUNE_LIMIT` - the maximum cumulative size of OpenSearch indices are allowed to consume before the oldest indices are deleted, see [**Managing disk usage**](#DiskUsage) below
 * **`filebeat.env`** - settings specific to [Filebeat](https://www.elastic.co/products/beats/filebeat), particularly for how Filebeat watches for new log files to parse and how it receives and stores [third-Party logs](third-party-logs.md#ThirdPartyLogs)
     - `LOG_CLEANUP_MINUTES` and `ZIP_CLEANUP_MINUTES` - these variables deal cleaning up already-processed log files, see [**Managing disk usage**](#DiskUsage) below
-    - The following variables configure Malcolm's ability to [accept syslog](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html) messages:
+    - The following variables configure Malcolm's ability to [accept syslog](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html) messages:
         + `FILEBEAT_SYSLOG_TCP_LISTEN` and `FILEBEAT_SYSLOG_UDP_LISTEN` - if set to `true`, Malcolm will accept syslog messages over TCP and/or UDP, respectively
         + `FILEBEAT_SYSLOG_TCP_PORT` and `FILEBEAT_SYSLOG_UDP_PORT` - the port on which Malcolm will accept syslog messages over TCP and/or UDP, respectively
-        + `FILEBEAT_SYSLOG_TCP_FORMAT` and `FILEBEAT_SYSLOG_UDP_FORMAT` - one of `auto`, `rfc3164`, or `rfc5424`, to specify the allowed [format](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html#_format_2) for syslog messages over TCP and/or UDP, respectively (default `auto`)
+        + `FILEBEAT_SYSLOG_TCP_FORMAT` and `FILEBEAT_SYSLOG_UDP_FORMAT` - one of `auto`, `rfc3164`, or `rfc5424`, to specify the allowed [format](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html#_format_2) for syslog messages over TCP and/or UDP, respectively (default `auto`)
         + `FILEBEAT_SYSLOG_TCP_MAX_MESSAGE_SIZE` and `FILEBEAT_SYSLOG_UDP_MAX_MESSAGE_SIZE` - defines the maximum message size of the message received over TCP and/or UDP, respectively (default: `10KiB` for UDP, `20MiB` for TCP)
-        + `FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS` - specifies the maximum current number of TCP [connections](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html#filebeat-input-syslog-tcp-max-connections) for syslog messages
+        + `FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS` - specifies the maximum current number of TCP [connections](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html#filebeat-input-syslog-tcp-max-connections) for syslog messages
         + `FILEBEAT_SYSLOG_TCP_SSL` - if set to `true`, syslog messages over TCP will require the use of TLS. When [`./scripts/auth_setup`](authsetup.md#AuthSetup) is run, self-signed certificates are generated which may be used by remote log forwarders. Located in the `filebeat/certs/` directory, the certificate authority and client certificate and key files should be copied to the host on which the forwarder is running and used when defining its settings for connecting to Malcolm.
 * **`logstash.env`** - settings specific to [Logstash](https://www.elastic.co/products/logstash)
     - `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`)
diff --git a/filebeat/filebeat-syslog-tcp.yml b/filebeat/filebeat-syslog-tcp.yml
index 9ba5cf863..8ceb8369b 100644
--- a/filebeat/filebeat-syslog-tcp.yml
+++ b/filebeat/filebeat-syslog-tcp.yml
@@ -2,19 +2,15 @@
 
 name: "${PCAP_NODE_NAME:malcolm}"
 
-logging:
-  to_console: false
-  metrics.enabled: false
+logging.metrics.enabled: false
 
 #================================ Inputs =======================================
 
 filebeat.inputs:
-- type: syslog
-  format: ${FILEBEAT_SYSLOG_TCP_FORMAT:auto}
+- type: tcp
+  host: "0.0.0.0:${FILEBEAT_SYSLOG_TCP_PORT:514}"
   max_message_size: ${FILEBEAT_SYSLOG_TCP_MAX_MESSAGE_SIZE:20MiB}
   max_connections: ${FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS:1024}
-  protocol.tcp:
-    host: "0.0.0.0:${FILEBEAT_SYSLOG_TCP_PORT:514}"
   ssl.enabled: ${FILEBEAT_SYSLOG_TCP_SSL:false}
   ssl.certificate_authorities: ["/certs/ca.crt"]
   ssl.certificate: "/certs/client.crt"
@@ -24,6 +20,9 @@ filebeat.inputs:
 
 #================================ Processors ===================================
 processors:
+  - syslog:
+      field: message
+      format: ${FILEBEAT_SYSLOG_TCP_FORMAT:auto}
   - add_tags:
       tags: [ "${FILEBEAT_TCP_TAG:_malcolm_beats}" ]
 
diff --git a/filebeat/filebeat-syslog-udp.yml b/filebeat/filebeat-syslog-udp.yml
index 21c70b8f7..5942d1cc0 100644
--- a/filebeat/filebeat-syslog-udp.yml
+++ b/filebeat/filebeat-syslog-udp.yml
@@ -2,21 +2,20 @@
 
 name: "${PCAP_NODE_NAME:malcolm}"
 
-logging:
-  to_console: false
-  metrics.enabled: false
+logging.metrics.enabled: false
 
 #================================ Inputs =======================================
 
 filebeat.inputs:
-- type: syslog
-  format: ${FILEBEAT_SYSLOG_UDP_FORMAT:auto}
+- type: udp
+  host: "0.0.0.0:${FILEBEAT_SYSLOG_UDP_PORT:514}"
   max_message_size: ${FILEBEAT_SYSLOG_UDP_MAX_MESSAGE_SIZE:10KiB}
-  protocol.udp:
-    host: "0.0.0.0:${FILEBEAT_SYSLOG_UDP_PORT:514}"
 
 #================================ Processors ===================================
 processors:
+  - syslog:
+      field: message
+      format: ${FILEBEAT_SYSLOG_UDP_FORMAT:auto}
   - add_tags:
       tags: [ "${FILEBEAT_TCP_TAG:_malcolm_beats}" ]
 
diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index d58266cf2..546439ec0 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -832,9 +832,9 @@ filter {
 
     } # [miscbeat][winstat]
 
-  } else if ([agent][type] == "filebeat") and ([input][type] == "syslog") {
+  } else if ([agent][type] == "filebeat") and ([log][syslog]) {
     #-------------------------------------------------
-    # syslog direct to Malcolm - https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-syslog.html
+    # syslog direct to Malcolm - https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html
 
     mutate { id => "mutate_replace_syslog_direct_event_module"
              replace => { "[event][module]" => "syslog" } }
@@ -843,23 +843,6 @@ filter {
     if ([hostname]) {
       mutate { id => "mutate_syslog_direct_add_ecs_hostname"
                add_field => { "[log][syslog][hostname]" => "%{[hostname]}" } }
-      mutate {
-        id => "mutate_syslog_direct_replace_hostname"
-        replace => { "[host][name]" => "%{[hostname]}" }
-        remove_field => [ "[hostname]" ]
-      }
-    }
-
-    # rename syslog fields according to ECS
-    # https://www.elastic.co/guide/en/ecs/current/ecs-log.html#field-log-syslog
-    mutate { id => "mutate_rename_direct_syslog"
-             rename => { "[event][severity]" => "[log][syslog][severity][code]" }
-             rename => { "[process][pid]" => "[log][syslog][procid]" }
-             rename => { "[process][program]" => "[log][syslog][appname]" }
-             rename => { "[syslog][facility]" => "[log][syslog][facility][code]" }
-             rename => { "[syslog][facility_label]" => "[log][syslog][facility][name]" }
-             rename => { "[syslog][priority]" => "[log][syslog][priority]" }
-             rename => { "[syslog][severity_label]" => "[log][syslog][severity][name]" }
     }
 
     if (![event][hash]) {

From 64612218dca87c426a8483ca03118b80f87de426 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 13:39:27 -0700
Subject: [PATCH 09/53] Documentation for cisagov/Malcolm#354, syslog

---
 docs/malcolm-config.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md
index 3e34206ba..e967e0194 100644
--- a/docs/malcolm-config.md
+++ b/docs/malcolm-config.md
@@ -43,9 +43,9 @@ Although the configuration script automates many of the following configuration
     - The following variables configure Malcolm's ability to [accept syslog](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html) messages:
         + `FILEBEAT_SYSLOG_TCP_LISTEN` and `FILEBEAT_SYSLOG_UDP_LISTEN` - if set to `true`, Malcolm will accept syslog messages over TCP and/or UDP, respectively
         + `FILEBEAT_SYSLOG_TCP_PORT` and `FILEBEAT_SYSLOG_UDP_PORT` - the port on which Malcolm will accept syslog messages over TCP and/or UDP, respectively
-        + `FILEBEAT_SYSLOG_TCP_FORMAT` and `FILEBEAT_SYSLOG_UDP_FORMAT` - one of `auto`, `rfc3164`, or `rfc5424`, to specify the allowed [format](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html#_format_2) for syslog messages over TCP and/or UDP, respectively (default `auto`)
+        + `FILEBEAT_SYSLOG_TCP_FORMAT` and `FILEBEAT_SYSLOG_UDP_FORMAT` - one of `auto`, `rfc3164`, or `rfc5424`, to specify the allowed format for syslog messages over TCP and/or UDP, respectively (default `auto`)
         + `FILEBEAT_SYSLOG_TCP_MAX_MESSAGE_SIZE` and `FILEBEAT_SYSLOG_UDP_MAX_MESSAGE_SIZE` - defines the maximum message size of the message received over TCP and/or UDP, respectively (default: `10KiB` for UDP, `20MiB` for TCP)
-        + `FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS` - specifies the maximum current number of TCP [connections](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html#filebeat-input-syslog-tcp-max-connections) for syslog messages
+        + `FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS` - specifies the maximum current number of TCP connections for syslog messages
         + `FILEBEAT_SYSLOG_TCP_SSL` - if set to `true`, syslog messages over TCP will require the use of TLS. When [`./scripts/auth_setup`](authsetup.md#AuthSetup) is run, self-signed certificates are generated which may be used by remote log forwarders. Located in the `filebeat/certs/` directory, the certificate authority and client certificate and key files should be copied to the host on which the forwarder is running and used when defining its settings for connecting to Malcolm.
 * **`logstash.env`** - settings specific to [Logstash](https://www.elastic.co/products/logstash)
     - `LOGSTASH_OUI_LOOKUP` – if set to `true`, Logstash will map MAC addresses to vendors for all source and destination MAC addresses when analyzing Zeek logs (default `true`)

From 83d7485f46d2bf24370df0e2b2481b75214dc067 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 13:55:31 -0700
Subject: [PATCH 10/53] install.py tweak for cisagov/Malcolm#354

---
 scripts/install.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install.py b/scripts/install.py
index 8ff887531..9ac1ddbe7 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -4440,7 +4440,7 @@ def main():
         default=False,
         help="Expose SFTP server (for PCAP upload) to external hosts",
     )
-    logstashArgGroup.add_argument(
+    openPortsArgGroup.add_argument(
         '--syslog-tcp-port',
         dest='syslogTcpPort',
         required=False,
@@ -4449,7 +4449,7 @@ def main():
         default=0,
         help='Listen for Syslog (TCP) on this port',
     )
-    logstashArgGroup.add_argument(
+    openPortsArgGroup.add_argument(
         '--syslog-udp-port',
         dest='syslogUdpPort',
         required=False,

From 0f69adbb504bc7ad814bd4126bb7596018645701 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 7 Jan 2025 14:31:11 -0700
Subject: [PATCH 11/53] minor fix for for cisagov/Malcolm#354, set host.name
 correctly

---
 logstash/pipelines/beats/11_beats_logs.conf | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index 546439ec0..f2f79c995 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -840,10 +840,9 @@ filter {
              replace => { "[event][module]" => "syslog" } }
 
     # store the originating host name as host.name as it's probably what people will want to search by
-    if ([hostname]) {
-      mutate { id => "mutate_syslog_direct_add_ecs_hostname"
-               add_field => { "[log][syslog][hostname]" => "%{[hostname]}" } }
-    }
+    if ([log][syslog][hostname]) { mutate { id => "mutate_syslog_direct_replace_hostname"
+                                            replace => { "[host][name]" => "%{[log][syslog][hostname]}" }
+                                            remove_field => [ "[hostname]" ] } }
 
     if (![event][hash]) {
       fingerprint {

From 329de6f695633df8a0530c5bcd5aab2f22758395 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 8 Jan 2025 06:50:06 -0700
Subject: [PATCH 12/53] bump netbox to v4.11.1 and elasticsearch-dsl to v8.17.1

---
 Dockerfiles/netbox.Dockerfile | 2 +-
 api/requirements.txt          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile
index b3e4a12b0..37c1b5944 100644
--- a/Dockerfiles/netbox.Dockerfile
+++ b/Dockerfiles/netbox.Dockerfile
@@ -1,4 +1,4 @@
-FROM netboxcommunity/netbox:v4.1.10
+FROM netboxcommunity/netbox:v4.1.11
 
 # Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
diff --git a/api/requirements.txt b/api/requirements.txt
index ff4ea06eb..5a7d49ad5 100644
--- a/api/requirements.txt
+++ b/api/requirements.txt
@@ -6,5 +6,5 @@ requests==2.32.0
 regex==2022.3.2
 dateparser==1.1.1
 elasticsearch==8.17.0
-elasticsearch-dsl==8.17.0
+elasticsearch-dsl==8.17.1
 psutil==5.9.8
\ No newline at end of file

From fa6807b66b83359814f3e8962f0ffa418a7c9245 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 8 Jan 2025 10:34:04 -0700
Subject: [PATCH 13/53] start of cisagov/Malcolm#356, normalize winlogbeats

---
 .../composable/component/miscbeat.json        |  4 +-
 logstash/pipelines/beats/11_beats_logs.conf   | 99 ++++++++++++++++++-
 2 files changed, 100 insertions(+), 3 deletions(-)

diff --git a/dashboards/templates/composable/component/miscbeat.json b/dashboards/templates/composable/component/miscbeat.json
index cdbbc0a6b..aa422f13b 100644
--- a/dashboards/templates/composable/component/miscbeat.json
+++ b/dashboards/templates/composable/component/miscbeat.json
@@ -269,14 +269,14 @@
                 "EventType" : { "type": "keyword" },
                 "Keywords" : { "type": "keyword" },
                 "Level" : { "type": "integer" },
-                "Opcode" : { "type": "integer" },
+                "Opcode" : { "type": "keyword" },
                 "ProviderGuid" : { "type": "keyword" },
                 "ProviderName" : { "type": "keyword" },
                 "Qualifiers" : { "type": "integer" },
                 "RelatedActivityID" : { "type": "keyword" },
                 "Sid" : { "type": "keyword" },
                 "StringInserts" : { "type": "keyword", "ignore_above": 1024, "fields": { "text": { "type": "text" } } },
-                "Task" : { "type": "integer" },
+                "Task" : { "type": "keyword" },
                 "TimeGenerated" : { "type": "date" },
                 "TimeWritten" : { "type": "date" },
                 "UserID" : { "type": "keyword" },
diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index f2f79c995..ac90a3439 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -832,6 +832,101 @@ filter {
 
     } # [miscbeat][winstat]
 
+  } else if ([agent][type] == "winlogbeat") and ([winlog]) {
+    #-------------------------------------------------
+    # Winlogbeat - https://www.elastic.co/guide/en/beats/winlogbeat/current/_winlogbeat_overview.html
+    # Normalize to match evtx upload and fluentbit windows event logs
+
+    mutate { id => "mutate_rename_winlogbeat_under_miscbeat"
+             rename => { "[winlog]" => "[miscbeat][winlog]" } }
+
+    mutate { id => "mutate_replace_winlogbeat_event_module"
+             replace => { "[event][module]" => "winlog" } }
+
+    mutate { id => "mutate_add_field_os_family_winlogbeat"
+             add_field => { "[os][family]" => "windows" } }
+    mutate { id => "mutate_add_field_os_type_winlogbeat"
+             add_field => { "[os][type]" => "windows" } }
+
+    mutate { id => "mutate_rename_winlogbeat"
+             rename => { "[log][level]" => "[miscbeat][winlog][EventType]" }
+             rename => { "[miscbeat][winlog][event_id]" => "[event][id]" }
+             rename => { "[miscbeat][winlog][channel]" => "[event][dataset]" }
+             rename => { "[miscbeat][winlog][opcode]" => "[miscbeat][winlog][Opcode]" }
+             rename => { "[miscbeat][winlog][provider_guid]" => "[miscbeat][winlog][ProviderGuid]" }
+             rename => { "[miscbeat][winlog][provider_name]" => "[miscbeat][winlog][ProviderName]" }
+             rename => { "[miscbeat][winlog][keywords]" => "[miscbeat][winlog][Keywords]" }
+             rename => { "[miscbeat][winlog][computer_name]" => "[miscbeat][winlog][Computer]" }
+             rename => { "[miscbeat][winlog][record_id]" => "[miscbeat][winlog][EventRecordID]" }
+             rename => { "[miscbeat][winlog][task]" => "[miscbeat][winlog][Task]" }
+             rename => { "[miscbeat][winlog][activity_id]" => "[miscbeat][winlog][ActivityID]" }
+             rename => { "[miscbeat][winlog][process][pid]" => "[process][pid]" }
+             rename => { "[miscbeat][winlog][process][thread][id]" => "[process][thread][id]" }
+             rename => { "[miscbeat][winlog][version]" => "[miscbeat][winlog][Version]" }
+             rename => { "[miscbeat][winlog][time_created]" => "[miscbeat][winlog][TimeGenerated]" }
+    }
+
+    if ([miscbeat][winlog][EventType]) {
+      mutate { id => "mutate_merge_winlogbeat_eventtype_to_result"
+               merge => { "[event][result]" => "[miscbeat][winlog][EventType]" } } }
+
+    if ([winlog][computer_name]) {
+      mutate { id => "mutate_replace_winlogbeat_computer_name"
+               replace => { "[host][name]" => "%{[winlog][computer_name]}" } }
+    }
+
+    if ([miscbeat][winlog][TimeGenerated]) {
+      date { id => "date_winlogbeat_timegenerated"
+             match => [ "[miscbeat][winlog][TimeGenerated]", "yyyy-MM-dd HH:mm:ss Z" ]
+             target => "[miscbeat][winlog][TimeGenerated]" }
+    }
+
+    if ([miscbeat][winlog][event_data][ProcessName]) {
+      mutate { id => "mutate_winlogbeat_process_name"
+               merge => { "[process][executable]" => "[miscbeat][winlog][event_data][ProcessName]" } }
+    }
+    if ([miscbeat][winlog][event_data][SubjectUserName]) {
+      mutate { id => "mutate_winlogbeat_subject_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][event_data][SubjectUserName]" } }
+    }
+    if ([miscbeat][winlog][event_data][TargetOutboundUserName]) {
+      mutate { id => "mutate_winlogbeat_target_outbound_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][event_data][TargetOutboundUserName]" } }
+    }
+    if ([miscbeat][winlog][event_data][TargetUserName]) {
+      mutate { id => "mutate_winlogbeat_target_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][event_data][TargetUserName]" } }
+    }
+    if ([miscbeat][winlog][user][name]) {
+      mutate { id => "mutate_winlogbeat_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][user][name]" } }
+    }
+    if ([miscbeat][winlog][user][identifier]) {
+      mutate { id => "mutate_winlogbeat_user_identifier"
+               merge => { "[related][user]" => "[miscbeat][winlog][user][identifier]" } }
+    }
+
+    # generate unique ID
+    if (![event][hash]) {
+      fingerprint {
+        id => "fingerprint_malcolm_winlogbeat"
+        source => [ "[host][name]",
+                    "[agent][type]",
+                    "[event][dataset]",
+                    "[miscbeat][winlog][ProviderName]",
+                    "[event][id]",
+                    "[miscbeat][winlog][EventRecordID]",
+                    "[event][original]",
+                    "[@timestamp]" ]
+        concatenate_sources => true
+        # uses event.hash
+        ecs_compatibility => "v8"
+        method => "MURMUR3_128"
+        base64encode => true
+      }
+    }
+
+
   } else if ([agent][type] == "filebeat") and ([log][syslog]) {
     #-------------------------------------------------
     # syslog direct to Malcolm - https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html
@@ -972,9 +1067,11 @@ filter {
       translate {
         id => "translate_evtx_level_to_eventtype"
         source => "[evtx][Event][System][Level]"
-        target => "[event][result]"
+        target => "[miscbeat][winlog][EventType]"
         dictionary_path => "/etc/winlog_levels_to_name.yaml"
       }
+      mutate { id => "mutate_merge_evtx_eventtype_to_result"
+               merge => { "[event][result]" => "[miscbeat][winlog][EventType]" } }
     }
 
     # rename fields to match up to fluent-bit winlog/winevtlog records

From 413eca5d07e156b0b4004eacb2e11de64dffdec5 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 8 Jan 2025 13:32:35 -0700
Subject: [PATCH 14/53] WIP of cisagov/Malcolm#356, normalize winlogbeats

---
 .../templates/composable/component/evtx.json  | 358 ---------------
 .../composable/component/miscbeat.json        | 419 +++++++++++++++++-
 logstash/pipelines/beats/11_beats_logs.conf   | 328 +-------------
 3 files changed, 433 insertions(+), 672 deletions(-)

diff --git a/dashboards/templates/composable/component/evtx.json b/dashboards/templates/composable/component/evtx.json
index 31b662520..03c009b39 100644
--- a/dashboards/templates/composable/component/evtx.json
+++ b/dashboards/templates/composable/component/evtx.json
@@ -6,364 +6,6 @@
           "properties": {
             "Event": {
               "properties": {
-                "EventData.AccessList": { "type": "keyword" },
-                "EventData.AccessMask": { "type": "keyword" },
-                "EventData.AccessReason": { "type": "keyword" },
-                "EventData.AccountExpires": { "type": "keyword" },
-                "EventData.AccountName": { "type": "keyword" },
-                "EventData.Action_ID": { "type": "keyword" },
-                "EventData.Action_Name": { "type": "keyword" },
-                "EventData.Action": { "type": "keyword" },
-                "EventData.Additional_Actions_String": { "type": "keyword" },
-                "EventData.AdditionalInfo": { "type": "keyword" },
-                "EventData.AdditionalInfo2": { "type": "keyword" },
-                "EventData.AdvancedOptions": { "type": "keyword" },
-                "EventData.Application": { "type": "keyword" },
-                "EventData.Archived": { "type": "keyword" },
-                "EventData.AttributeLDAPDisplayName": { "type": "keyword" },
-                "EventData.AttributeSyntaxOID": { "type": "keyword" },
-                "EventData.AttributeValue": { "type": "keyword" },
-                "EventData.AuditPolicyChanges": { "type": "keyword" },
-                "EventData.AuthenticationLevel": { "type": "integer" },
-                "EventData.authenticationMechanism": { "type": "keyword" },
-                "EventData.AuthenticationPackageName": { "type": "keyword" },
-                "EventData.AuthenticationService": { "type": "integer" },
-                "EventData.AvcEnabled": { "type": "integer" },
-                "EventData.bandwidthLimit": { "type": "double" },
-                "EventData.Binary": { "type": "keyword" },
-                "EventData.bytesTotal": { "type": "double" },
-                "EventData.bytesTransferred": { "type": "integer" },
-                "EventData.CallerProcessId": { "type": "keyword" },
-                "EventData.CallerProcessName": { "type": "keyword" },
-                "EventData.CallTrace": { "type": "keyword" },
-                "EventData.Catalog": { "type": "integer" },
-                "EventData.Category": { "type": "keyword" },
-                "EventData.Category_ID": { "type": "keyword" },
-                "EventData.Category_Name": { "type": "keyword" },
-                "EventData.CategoryId": { "type": "keyword" },
-                "EventData.ChangeType": { "type": "keyword" },
-                "EventData.ChannelName": { "type": "keyword" },
-                "EventData.ClientIP": { "type": "keyword" },
-                "EventData.ClientMode": { "type": "integer" },
-                "EventData.Command": { "type": "keyword" },
-                "EventData.Company": { "type": "keyword" },
-                "EventData.ComplexData": { "type": "keyword" },
-                "EventData.ComplexData_attributes.Name": { "type": "keyword" },
-                "EventData.ComponentName": { "type": "keyword" },
-                "EventData.ConfigAccessPolicy": { "type": "keyword" },
-                "EventData.Configuration": { "type": "keyword" },
-                "EventData.ConfigurationFileHash": { "type": "keyword" },
-                "EventData.ConnectionName": { "type": "keyword" },
-                "EventData.ConnType": { "type": "keyword" },
-                "EventData.Consumer": { "type": "keyword" },
-                "EventData.CreationUtcTime": { "type": "date" },
-                "EventData.CustomLevel": { "type": "keyword" },
-                "EventData.Data": { "type": "keyword" },
-                "EventData.Description": { "type": "keyword" },
-                "EventData.DestAddress": { "type": "keyword" },
-                "EventData.Destination": { "type": "keyword" },
-                "EventData.DestinationHostname": { "type": "keyword" },
-                "EventData.DestinationIp": { "type": "keyword" },
-                "EventData.DestinationIsIpv6": { "type": "keyword" },
-                "EventData.DestinationPort": { "type": "integer" },
-                "EventData.DestinationPortName": { "type": "keyword" },
-                "EventData.DestPort": { "type": "keyword" },
-                "EventData.Details": { "type": "keyword" },
-                "EventData.Detection_ID": { "type": "keyword" },
-                "EventData.Detection_Time": { "type": "date" },
-                "EventData.Detection_User": { "type": "keyword" },
-                "EventData.Device": { "type": "keyword" },
-                "EventData.DetectionLocation": { "type": "integer" },
-                "EventData.Direction": { "type": "keyword" },
-                "EventData.DisableIntegrityChecks": { "type": "keyword" },
-                "EventData.DisplayDriverName": { "type": "keyword" },
-                "EventData.DisplayName": { "type": "keyword" },
-                "EventData.DnsHostName": { "type": "keyword" },
-                "EventData.DSName": { "type": "keyword" },
-                "EventData.DSType": { "type": "keyword" },
-                "EventData.EffectiveConsentValue": { "type": "keyword" },
-                "EventData.ElevatedToken": { "type": "keyword" },
-                "EventData.EnabledPrivilegeList": { "type": "keyword" },
-                "EventData.Endpoint": { "type": "keyword" },
-                "EventData.Engine_Version": { "type": "keyword" },
-                "EventData.Error": { "type": "keyword" },
-                "EventData.Error_Code": { "type": "keyword" },
-                "EventData.Error_Description": { "type": "keyword" },
-                "EventData.ErrorCode": { "type": "keyword" },
-                "EventData.errorCode": { "type": "keyword" },
-                "EventData.Event": { "type": "integer" },
-                "EventData.EventCountTotal": { "type": "integer" },
-                "EventData.EventIdx": { "type": "integer" },
-                "EventData.EventName": { "type": "keyword" },
-                "EventData.EventNamespace": { "type": "keyword" },
-                "EventData.EventType": { "type": "keyword" },
-                "EventData.Execution_ID": { "type": "keyword" },
-                "EventData.Execution_Name": { "type": "keyword" },
-                "EventData.FailureReason": { "type": "keyword" },
-                "EventData.fileCount": { "type": "integer" },
-                "EventData.fileLength": { "type": "double" },
-                "EventData.fileTime": { "type": "date" },
-                "EventData.FileVersion": { "type": "keyword" },
-                "EventData.Filter": { "type": "keyword" },
-                "EventData.FilterRTID": { "type": "integer" },
-                "EventData.FirstGraphicsReceived": { "type": "integer" },
-                "EventData.Flags": { "type": "keyword" },
-                "EventData.FlightSigning": { "type": "keyword" },
-                "EventData.Function": { "type": "keyword" },
-                "EventData.FWLink": { "type": "keyword" },
-                "EventData.GeneratingComponent": { "type": "integer" },
-                "EventData.GfxChannelOpened": { "type": "integer" },
-                "EventData.GrantedAccess": { "type": "keyword" },
-                "EventData.GroupMembership": { "type": "keyword" },
-                "EventData.GUID": { "type": "keyword" },
-                "EventData.HandleId": { "type": "keyword" },
-                "EventData.Hash": { "type": "keyword" },
-                "EventData.HomeDirectory": { "type": "keyword" },
-                "EventData.HomePath": { "type": "keyword" },
-                "EventData.hr": { "type": "long" },
-                "EventData.HRESULT": { "type": "keyword" },
-                "EventData.HypervisorDebug": { "type": "keyword" },
-                "EventData.HypervisorLaunchType": { "type": "keyword" },
-                "EventData.Id": { "type": "keyword" },
-                "EventData.ignoreBandwidthLimitsOnLan": { "type": "keyword" },
-                "EventData.Image": { "type": "keyword" },
-                "EventData.ImageLoaded": { "type": "keyword" },
-                "EventData.ImageName": { "type": "keyword" },
-                "EventData.ImagePath": { "type": "keyword" },
-                "EventData.ImpersonationLevel": { "type": "keyword" },
-                "EventData.Initiated": { "type": "keyword" },
-                "EventData.Installer": { "type": "keyword" },
-                "EventData.InstanceID": { "type": "integer" },
-                "EventData.IntegrityLevel": { "type": "keyword" },
-                "EventData.InterfaceUuid": { "type": "keyword" },
-                "EventData.IpAddress": { "type": "keyword" },
-                "EventData.IpPort": { "type": "keyword" },
-                "EventData.IsExecutable": { "type": "keyword" },
-                "EventData.IsMachine": { "type": "keyword" },
-                "EventData.isRoaming": { "type": "integer" },
-                "EventData.jobId": { "type": "keyword" },
-                "EventData.jobName": { "type": "keyword" },
-                "EventData.jobOwner": { "type": "keyword" },
-                "EventData.jobTitle": { "type": "keyword" },
-                "EventData.KernelDebug": { "type": "keyword" },
-                "EventData.KeyLength": { "type": "integer" },
-                "EventData.LayerName": { "type": "keyword" },
-                "EventData.LayerRTID": { "type": "integer" },
-                "EventData.LmPackageName": { "type": "keyword" },
-                "EventData.LogonGuid": { "type": "keyword" },
-                "EventData.LogonHours": { "type": "keyword" },
-                "EventData.LogonId": { "type": "keyword" },
-                "EventData.LogonProcessName": { "type": "keyword" },
-                "EventData.LogonType": { "type": "keyword" },
-                "EventData.LSPName": { "type": "keyword" },
-                "EventData.MajorType": { "type": "integer" },
-                "EventData.MandatoryLabel": { "type": "keyword" },
-                "EventData.Max_Calls": { "type": "integer" },
-                "EventData.MemberSid": { "type": "keyword" },
-                "EventData.Message": { "type": "keyword" },
-                "EventData.MessageNumber": { "type": "integer" },
-                "EventData.MessageTotal": { "type": "integer" },
-                "EventData.MethodName": { "type": "keyword" },
-                "EventData.MinorType": { "type": "integer" },
-                "EventData.MonitorHeight": { "type": "integer" },
-                "EventData.MonitorWidth": { "type": "integer" },
-                "EventData.Name": { "type": "keyword" },
-                "EventData.name": { "type": "keyword" },
-                "EventData.NetworkAddress": { "type": "keyword" },
-                "EventData.NewProcessId": { "type": "keyword" },
-                "EventData.NewProcessName": { "type": "keyword" },
-                "EventData.NewState": { "type": "integer" },
-                "EventData.NewStateName": { "type": "keyword" },
-                "EventData.NewTargetUserName": { "type": "keyword" },
-                "EventData.NewThreadId": { "type": "keyword" },
-                "EventData.NewUacValue": { "type": "keyword" },
-                "EventData.NotificationType": { "type": "keyword" },
-                "EventData.NumberOfParameters": { "type": "integer" },
-                "EventData.ObjectClass": { "type": "keyword" },
-                "EventData.ObjectDN": { "type": "keyword" },
-                "EventData.ObjectGUID": { "type": "keyword" },
-                "EventData.ObjectName": { "type": "keyword" },
-                "EventData.ObjectServer": { "type": "keyword" },
-                "EventData.ObjectType": { "type": "keyword" },
-                "EventData.OldTargetUserName": { "type": "keyword" },
-                "EventData.OpCorrelationID": { "type": "keyword" },
-                "EventData.Operation": { "type": "keyword" },
-                "EventData.OperationType": { "type": "keyword" },
-                "EventData.Options": { "type": "keyword" },
-                "EventData.Origin_ID": { "type": "keyword" },
-                "EventData.Origin_Name": { "type": "keyword" },
-                "EventData.OriginalFileName": { "type": "keyword" },
-                "EventData.PackageName": { "type": "keyword" },
-                "EventData.param1": { "type": "keyword" },
-                "EventData.param10": { "type": "keyword" },
-                "EventData.param11": { "type": "keyword" },
-                "EventData.param2": { "type": "keyword" },
-                "EventData.param3": { "type": "keyword" },
-                "EventData.param4": { "type": "keyword" },
-                "EventData.param5": { "type": "keyword" },
-                "EventData.param6": { "type": "keyword" },
-                "EventData.param7": { "type": "keyword" },
-                "EventData.param8": { "type": "keyword" },
-                "EventData.param9": { "type": "keyword" },
-                "EventData.ParentCommandLine": { "type": "keyword" },
-                "EventData.ParentImage": { "type": "keyword" },
-                "EventData.ParentProcessGuid": { "type": "keyword" },
-                "EventData.ParentProcessId": { "type": "keyword" },
-                "EventData.ParentProcessName": { "type": "keyword" },
-                "EventData.ParentUser": { "type": "keyword" },
-                "EventData.PasswordLastSet": { "type": "keyword" },
-                "EventData.Path": { "type": "keyword" },
-                "EventData.PendingQueueSize": { "type": "integer" },
-                "EventData.PipeName": { "type": "keyword" },
-                "EventData.Port": { "type": "integer" },
-                "EventData.PreAuthType": { "type": "keyword" },
-                "EventData.PreviousCreationUtcTime": { "type": "date" },
-                "EventData.PreviousState": { "type": "integer" },
-                "EventData.PreviousStateName": { "type": "keyword" },
-                "EventData.PrimaryGroupId": { "type": "keyword" },
-                "EventData.PrivilegeList": { "type": "keyword" },
-                "EventData.Process_Name": { "type": "keyword" },
-                "EventData.ProcessGuid": { "type": "keyword" },
-                "EventData.processId": { "type": "keyword" },
-                "EventData.ProcessID": { "type": "keyword" },
-                "EventData.ProcessId": { "type": "keyword" },
-                "EventData.ProcessName": { "type": "keyword" },
-                "EventData.processPath": { "type": "keyword" },
-                "EventData.ProcNum": { "type": "integer" },
-                "EventData.Product": { "type": "keyword" },
-                "EventData.Product_Name": { "type": "keyword" },
-                "EventData.Product_Version": { "type": "keyword" },
-                "EventData.ProfileIdNum": { "type": "integer" },
-                "EventData.ProfilePath": { "type": "keyword" },
-                "EventData.PromptForCredentials": { "type": "integer" },
-                "EventData.PromptForCredentialsDone": { "type": "integer" },
-                "EventData.Properties": { "type": "keyword" },
-                "EventData.Protocol": { "type": "keyword" },
-                "EventData.Query": { "type": "keyword" },
-                "EventData.QueryName": { "type": "keyword" },
-                "EventData.QueryStatus": { "type": "keyword" },
-                "EventData.Reason": { "type": "keyword" },
-                "EventData.ReasonCode": { "type": "integer" },
-                "EventData.ReasonString": { "type": "keyword" },
-                "EventData.RelativeTargetName": { "type": "keyword" },
-                "EventData.Remediation_User": { "type": "keyword" },
-                "EventData.RemoteEventLogging": { "type": "keyword" },
-                "EventData.RemoteMachineID": { "type": "keyword" },
-                "EventData.RemoteUserID": { "type": "keyword" },
-                "EventData.ResourceManager": { "type": "keyword" },
-                "EventData.Result": { "type": "keyword" },
-                "EventData.ReturnCode": { "type": "keyword" },
-                "EventData.RuleName": { "type": "keyword" },
-                "EventData.SamAccountName": { "type": "keyword" },
-                "EventData.SchemaVersion": { "type": "keyword" },
-                "EventData.ScriptBlockId": { "type": "keyword" },
-                "EventData.ScriptBlockText": { "type": "keyword" },
-                "EventData.ScriptPath": { "type": "keyword" },
-                "EventData.SD": { "type": "keyword" },
-                "EventData.SDSize": { "type": "integer" },
-                "EventData.ServerName": { "type": "keyword" },
-                "EventData.Service": { "type": "keyword" },
-                "EventData.ServiceName": { "type": "keyword" },
-                "EventData.ServicePrincipalNames": { "type": "keyword" },
-                "EventData.ServiceSid": { "type": "keyword" },
-                "EventData.ServiceType": { "type": "keyword" },
-                "EventData.SessionID": { "type": "keyword" },
-                "EventData.Severity_ID": { "type": "keyword" },
-                "EventData.Severity_Name": { "type": "keyword" },
-                "EventData.ShareLocalPath": { "type": "keyword" },
-                "EventData.ShareName": { "type": "keyword" },
-                "EventData.Signature": { "type": "keyword" },
-                "EventData.Signature_Version": { "type": "keyword" },
-                "EventData.SignatureStatus": { "type": "keyword" },
-                "EventData.Signed": { "type": "keyword" },
-                "EventData.Source": { "type": "keyword" },
-                "EventData.Source_ID": { "type": "keyword" },
-                "EventData.Source_Name": { "type": "keyword" },
-                "EventData.SourceAddress": { "type": "keyword" },
-                "EventData.SourceHostname": { "type": "keyword" },
-                "EventData.SourceImage": { "type": "keyword" },
-                "EventData.SourceIp": { "type": "keyword" },
-                "EventData.SourceIsIpv6": { "type": "keyword" },
-                "EventData.SourcePort": { "type": "keyword" },
-                "EventData.SourcePortName": { "type": "keyword" },
-                "EventData.SourceProcessGUID": { "type": "keyword" },
-                "EventData.SourceProcessGuid": { "type": "keyword" },
-                "EventData.SourceProcessId": { "type": "keyword" },
-                "EventData.SourceSid": { "type": "keyword" },
-                "EventData.SourceThreadId": { "type": "keyword" },
-                "EventData.SourceUser": { "type": "keyword" },
-                "EventData.SourceUserName": { "type": "keyword" },
-                "EventData.StartAddress": { "type": "keyword" },
-                "EventData.StartFunction": { "type": "keyword" },
-                "EventData.StartModule": { "type": "keyword" },
-                "EventData.StartType": { "type": "keyword" },
-                "EventData.State": { "type": "keyword" },
-                "EventData.StateTransition": { "type": "keyword" },
-                "EventData.Status": { "type": "keyword" },
-                "EventData.Status_Code": { "type": "keyword" },
-                "EventData.string": { "type": "keyword" },
-                "EventData.string2": { "type": "keyword" },
-                "EventData.SubcategoryGuid": { "type": "keyword" },
-                "EventData.SubcategoryId": { "type": "keyword" },
-                "EventData.SubjectDomainName": { "type": "keyword" },
-                "EventData.SubjectLogonId": { "type": "keyword" },
-                "EventData.SubjectUserName": { "type": "keyword" },
-                "EventData.SubjectUserSid": { "type": "keyword" },
-                "EventData.SubStatus": { "type": "keyword" },
-                "EventData.TargetDomainName": { "type": "keyword" },
-                "EventData.TargetFilename": { "type": "keyword" },
-                "EventData.TargetImage": { "type": "keyword" },
-                "EventData.TargetInfo": { "type": "keyword" },
-                "EventData.TargetLinkedLogonId": { "type": "keyword" },
-                "EventData.TargetLogonGuid": { "type": "keyword" },
-                "EventData.TargetLogonId": { "type": "keyword" },
-                "EventData.TargetObject": { "type": "keyword" },
-                "EventData.TargetOutboundDomainName": { "type": "keyword" },
-                "EventData.TargetOutboundUserName": { "type": "keyword" },
-                "EventData.TargetProcessGUID": { "type": "keyword" },
-                "EventData.TargetProcessGuid": { "type": "keyword" },
-                "EventData.TargetProcessId": { "type": "keyword" },
-                "EventData.TargetServerName": { "type": "keyword" },
-                "EventData.TargetSid": { "type": "keyword" },
-                "EventData.TargetUser": { "type": "keyword" },
-                "EventData.TargetUserName": { "type": "keyword" },
-                "EventData.TargetUserSid": { "type": "keyword" },
-                "EventData.TaskContent": { "type": "keyword" },
-                "EventData.TaskContentNew": { "type": "keyword" },
-                "EventData.TaskName": { "type": "keyword" },
-                "EventData.TerminalSessionId": { "type": "integer" },
-                "EventData.TestSigning": { "type": "keyword" },
-                "EventData.Threat_ID": { "type": "keyword" },
-                "EventData.Threat_Name": { "type": "keyword" },
-                "EventData.TicketEncryptionType": { "type": "keyword" },
-                "EventData.TicketOptions": { "type": "keyword" },
-                "EventData.TimeStamp": { "type": "date" },
-                "EventData.TimezoneBiasHour": { "type": "keyword" },
-                "EventData.TokenElevationType": { "type": "keyword" },
-                "EventData.TransactionId": { "type": "keyword" },
-                "EventData.transferId": { "type": "keyword" },
-                "EventData.TransportProtocolName": { "type": "keyword" },
-                "EventData.TransportType": { "type": "keyword" },
-                "EventData.TunnelID": { "type": "integer" },
-                "EventData.Type": { "type": "keyword" },
-                "EventData.Type_ID": { "type": "keyword" },
-                "EventData.Type_Name": { "type": "keyword" },
-                "EventData.TypeMgrUuid": { "type": "keyword" },
-                "EventData.url": { "type": "keyword" },
-                "EventData.User": { "type": "keyword" },
-                "EventData.UserAccountControl": { "type": "keyword" },
-                "EventData.UserId": { "type": "keyword" },
-                "EventData.username": { "type": "keyword" },
-                "EventData.UserParameters": { "type": "keyword" },
-                "EventData.UserWorkstations": { "type": "keyword" },
-                "EventData.UtcTime": { "type": "date" },
-                "EventData.Value": { "type": "keyword" },
-                "EventData.value": { "type": "keyword" },
-                "EventData.Version": { "type": "keyword" },
-                "EventData.VirtualAccount": { "type": "keyword" },
-                "EventData.VsmLaunchType": { "type": "keyword" },
-                "EventData.Workstation": { "type": "keyword" },
-                "EventData.WorkstationName": { "type": "keyword" },
                 "EventData_attributes.Name": { "type": "keyword" },
                 "ProcessingErrorData.DataItemName": { "type": "keyword" },
                 "ProcessingErrorData.ErrorCode": { "type": "integer" },
diff --git a/dashboards/templates/composable/component/miscbeat.json b/dashboards/templates/composable/component/miscbeat.json
index aa422f13b..cd92f2c81 100644
--- a/dashboards/templates/composable/component/miscbeat.json
+++ b/dashboards/templates/composable/component/miscbeat.json
@@ -280,7 +280,424 @@
                 "TimeGenerated" : { "type": "date" },
                 "TimeWritten" : { "type": "date" },
                 "UserID" : { "type": "keyword" },
-                "Version" : { "type": "integer" }
+                "Version" : { "type": "integer" },
+                "EventData": {
+                  "properties": {
+                    "AccessList": { "type": "keyword" },
+                    "AccessMask": { "type": "keyword" },
+                    "AccessReason": { "type": "keyword" },
+                    "AccountExpires": { "type": "keyword" },
+                    "AccountName": { "type": "keyword" },
+                    "Action": { "type": "keyword" },
+                    "Action_ID": { "type": "keyword" },
+                    "Action_Name": { "type": "keyword" },
+                    "Additional_Actions_String": { "type": "keyword" },
+                    "AdditionalInfo": { "type": "keyword" },
+                    "AdditionalInfo2": { "type": "keyword" },
+                    "AdvancedOptions": { "type": "keyword" },
+                    "Application": { "type": "keyword" },
+                    "Archived": { "type": "keyword" },
+                    "AttributeLDAPDisplayName": { "type": "keyword" },
+                    "AttributeSyntaxOID": { "type": "keyword" },
+                    "AttributeValue": { "type": "keyword" },
+                    "AuditPolicyChanges": { "type": "keyword" },
+                    "AuthenticationLevel": { "type": "integer" },
+                    "authenticationMechanism": { "type": "keyword" },
+                    "AuthenticationPackageName": { "type": "keyword" },
+                    "AuthenticationService": { "type": "integer" },
+                    "AvcEnabled": { "type": "integer" },
+                    "bandwidthLimit": { "type": "double" },
+                    "Binary": { "type": "keyword" },
+                    "BitlockerUserInputTime": { "type": "date" },
+                    "BootMode": { "type": "keyword" },
+                    "BootType": { "type": "keyword" },
+                    "BuildVersion": { "type": "keyword" },
+                    "bytesTotal": { "type": "double" },
+                    "bytesTransferred": { "type": "integer" },
+                    "CallerProcessId": { "type": "keyword" },
+                    "CallerProcessName": { "type": "keyword" },
+                    "CallTrace": { "type": "keyword" },
+                    "Catalog": { "type": "integer" },
+                    "Category": { "type": "keyword" },
+                    "Category_ID": { "type": "keyword" },
+                    "Category_Name": { "type": "keyword" },
+                    "CategoryId": { "type": "keyword" },
+                    "ChangeType": { "type": "keyword" },
+                    "ChannelName": { "type": "keyword" },
+                    "ClientInfo": { "type": "keyword" },
+                    "ClientIP": { "type": "keyword" },
+                    "ClientMode": { "type": "integer" },
+                    "Command": { "type": "keyword" },
+                    "Company": { "type": "keyword" },
+                    "ComplexData": { "type": "keyword" },
+                    "ComplexData_attributes.Name": { "type": "keyword" },
+                    "ComponentName": { "type": "keyword" },
+                    "ConfigAccessPolicy": { "type": "keyword" },
+                    "Configuration": { "type": "keyword" },
+                    "ConfigurationFileHash": { "type": "keyword" },
+                    "ConnectionName": { "type": "keyword" },
+                    "ConnType": { "type": "keyword" },
+                    "Consumer": { "type": "keyword" },
+                    "CorruptionActionState": { "type": "keyword" },
+                    "CreationUtcTime": { "type": "date" },
+                    "CustomLevel": { "type": "keyword" },
+                    "Data": { "type": "keyword" },
+                    "Description": { "type": "keyword" },
+                    "DestAddress": { "type": "keyword" },
+                    "Destination": { "type": "keyword" },
+                    "DestinationHostname": { "type": "keyword" },
+                    "DestinationIp": { "type": "keyword" },
+                    "DestinationIsIpv6": { "type": "keyword" },
+                    "DestinationPort": { "type": "integer" },
+                    "DestinationPortName": { "type": "keyword" },
+                    "DestPort": { "type": "keyword" },
+                    "Detail": { "type": "keyword" },
+                    "Details": { "type": "keyword" },
+                    "Detection_ID": { "type": "keyword" },
+                    "Detection_Time": { "type": "date" },
+                    "Detection_User": { "type": "keyword" },
+                    "DetectionLocation": { "type": "integer" },
+                    "Device": { "type": "keyword" },
+                    "DeviceName": { "type": "keyword" },
+                    "DeviceNameLength": { "type": "keyword" },
+                    "DeviceTime": { "type": "date" },
+                    "DeviceVersionMajor": { "type": "keyword" },
+                    "DeviceVersionMinor": { "type": "keyword" },
+                    "Direction": { "type": "keyword" },
+                    "DisableIntegrityChecks": { "type": "keyword" },
+                    "DisplayDriverName": { "type": "keyword" },
+                    "DisplayName": { "type": "keyword" },
+                    "DnsHostName": { "type": "keyword" },
+                    "DriveName": { "type": "keyword" },
+                    "DriverName": { "type": "keyword" },
+                    "DriverNameLength": { "type": "keyword" },
+                    "DSName": { "type": "keyword" },
+                    "DSType": { "type": "keyword" },
+                    "DwordVal": { "type": "keyword" },
+                    "EffectiveConsentValue": { "type": "keyword" },
+                    "ElevatedToken": { "type": "keyword" },
+                    "EnabledPrivilegeList": { "type": "keyword" },
+                    "Endpoint": { "type": "keyword" },
+                    "Engine_Version": { "type": "keyword" },
+                    "EntryCount": { "type": "keyword" },
+                    "Error": { "type": "keyword" },
+                    "Error_Code": { "type": "keyword" },
+                    "Error_Description": { "type": "keyword" },
+                    "ErrorCode": { "type": "keyword" },
+                    "errorCode": { "type": "keyword" },
+                    "Event": { "type": "integer" },
+                    "EventCountTotal": { "type": "integer" },
+                    "EventIdx": { "type": "integer" },
+                    "EventName": { "type": "keyword" },
+                    "EventNamespace": { "type": "keyword" },
+                    "EventType": { "type": "keyword" },
+                    "Execution_ID": { "type": "keyword" },
+                    "Execution_Name": { "type": "keyword" },
+                    "ExtraInfo": { "type": "keyword" },
+                    "FailureName": { "type": "keyword" },
+                    "FailureNameLength": { "type": "keyword" },
+                    "FailureReason": { "type": "keyword" },
+                    "fileCount": { "type": "integer" },
+                    "fileLength": { "type": "double" },
+                    "fileTime": { "type": "date" },
+                    "FileVersion": { "type": "keyword" },
+                    "Filter": { "type": "keyword" },
+                    "FilterRTID": { "type": "integer" },
+                    "FinalStatus": { "type": "keyword" },
+                    "FirstGraphicsReceived": { "type": "integer" },
+                    "Flags": { "type": "keyword" },
+                    "FlightSigning": { "type": "keyword" },
+                    "Function": { "type": "keyword" },
+                    "FWLink": { "type": "keyword" },
+                    "GeneratingComponent": { "type": "integer" },
+                    "GfxChannelOpened": { "type": "integer" },
+                    "GrantedAccess": { "type": "keyword" },
+                    "Group": { "type": "keyword" },
+                    "GroupMembership": { "type": "keyword" },
+                    "GUID": { "type": "keyword" },
+                    "HandleId": { "type": "keyword" },
+                    "Hash": { "type": "keyword" },
+                    "HomeDirectory": { "type": "keyword" },
+                    "HomePath": { "type": "keyword" },
+                    "hr": { "type": "long" },
+                    "HRESULT": { "type": "keyword" },
+                    "HypervisorDebug": { "type": "keyword" },
+                    "HypervisorLaunchType": { "type": "keyword" },
+                    "Id": { "type": "keyword" },
+                    "IdleImplementation": { "type": "keyword" },
+                    "IdleStateCount": { "type": "keyword" },
+                    "ignoreBandwidthLimitsOnLan": { "type": "keyword" },
+                    "Image": { "type": "keyword" },
+                    "ImageLoaded": { "type": "keyword" },
+                    "ImageName": { "type": "keyword" },
+                    "ImagePath": { "type": "keyword" },
+                    "ImpersonationLevel": { "type": "keyword" },
+                    "Initiated": { "type": "keyword" },
+                    "Installer": { "type": "keyword" },
+                    "InstanceID": { "type": "integer" },
+                    "IntegrityLevel": { "type": "keyword" },
+                    "InterfaceUuid": { "type": "keyword" },
+                    "IpAddress": { "type": "keyword" },
+                    "IpPort": { "type": "keyword" },
+                    "IsExecutable": { "type": "keyword" },
+                    "IsMachine": { "type": "keyword" },
+                    "isRoaming": { "type": "integer" },
+                    "jobId": { "type": "keyword" },
+                    "jobName": { "type": "keyword" },
+                    "jobOwner": { "type": "keyword" },
+                    "jobTitle": { "type": "keyword" },
+                    "KernelDebug": { "type": "keyword" },
+                    "KeyLength": { "type": "integer" },
+                    "LastBootGood": { "type": "keyword" },
+                    "LastShutdownGood": { "type": "keyword" },
+                    "LayerName": { "type": "keyword" },
+                    "LayerRTID": { "type": "integer" },
+                    "LmPackageName": { "type": "keyword" },
+                    "LogonGuid": { "type": "keyword" },
+                    "LogonHours": { "type": "keyword" },
+                    "LogonId": { "type": "keyword" },
+                    "LogonProcessName": { "type": "keyword" },
+                    "LogonType": { "type": "keyword" },
+                    "LSPName": { "type": "keyword" },
+                    "MajorType": { "type": "integer" },
+                    "MajorVersion": { "type": "keyword" },
+                    "MandatoryLabel": { "type": "keyword" },
+                    "Max_Calls": { "type": "integer" },
+                    "MaximumPerformancePercent": { "type": "keyword" },
+                    "MemberName": { "type": "keyword" },
+                    "MemberSid": { "type": "keyword" },
+                    "Message": { "type": "keyword" },
+                    "MessageNumber": { "type": "integer" },
+                    "MessageTotal": { "type": "integer" },
+                    "MethodName": { "type": "keyword" },
+                    "MinimumPerformancePercent": { "type": "keyword" },
+                    "MinimumThrottlePercent": { "type": "keyword" },
+                    "MinorType": { "type": "integer" },
+                    "MinorVersion": { "type": "keyword" },
+                    "MonitorHeight": { "type": "integer" },
+                    "MonitorWidth": { "type": "integer" },
+                    "Name": { "type": "keyword" },
+                    "name": { "type": "keyword" },
+                    "NetworkAddress": { "type": "keyword" },
+                    "NewProcessId": { "type": "keyword" },
+                    "NewProcessName": { "type": "keyword" },
+                    "NewSchemeGuid": { "type": "keyword" },
+                    "NewState": { "type": "integer" },
+                    "NewStateName": { "type": "keyword" },
+                    "NewTargetUserName": { "type": "keyword" },
+                    "NewThreadId": { "type": "keyword" },
+                    "NewTime": { "type": "date" },
+                    "NewUacValue": { "type": "keyword" },
+                    "NominalFrequency": { "type": "keyword" },
+                    "NotificationType": { "type": "keyword" },
+                    "Number": { "type": "keyword" },
+                    "NumberOfParameters": { "type": "integer" },
+                    "ObjectClass": { "type": "keyword" },
+                    "ObjectDN": { "type": "keyword" },
+                    "ObjectGUID": { "type": "keyword" },
+                    "ObjectName": { "type": "keyword" },
+                    "ObjectServer": { "type": "keyword" },
+                    "ObjectType": { "type": "keyword" },
+                    "OldSchemeGuid": { "type": "keyword" },
+                    "OldTargetUserName": { "type": "keyword" },
+                    "OldTime": { "type": "date" },
+                    "OpCorrelationID": { "type": "keyword" },
+                    "Operation": { "type": "keyword" },
+                    "OperationType": { "type": "keyword" },
+                    "Options": { "type": "keyword" },
+                    "Origin_ID": { "type": "keyword" },
+                    "Origin_Name": { "type": "keyword" },
+                    "OriginalFileName": { "type": "keyword" },
+                    "PackageName": { "type": "keyword" },
+                    "param1": { "type": "keyword" },
+                    "param10": { "type": "keyword" },
+                    "param11": { "type": "keyword" },
+                    "param2": { "type": "keyword" },
+                    "param3": { "type": "keyword" },
+                    "param4": { "type": "keyword" },
+                    "param5": { "type": "keyword" },
+                    "param6": { "type": "keyword" },
+                    "param7": { "type": "keyword" },
+                    "param8": { "type": "keyword" },
+                    "param9": { "type": "keyword" },
+                    "ParentCommandLine": { "type": "keyword" },
+                    "ParentImage": { "type": "keyword" },
+                    "ParentProcessGuid": { "type": "keyword" },
+                    "ParentProcessId": { "type": "keyword" },
+                    "ParentProcessName": { "type": "keyword" },
+                    "ParentUser": { "type": "keyword" },
+                    "PasswordLastSet": { "type": "keyword" },
+                    "Path": { "type": "keyword" },
+                    "PendingQueueSize": { "type": "integer" },
+                    "PerformanceImplementation": { "type": "keyword" },
+                    "PipeName": { "type": "keyword" },
+                    "Port": { "type": "integer" },
+                    "PreAuthType": { "type": "keyword" },
+                    "PreviousCreationUtcTime": { "type": "date" },
+                    "PreviousState": { "type": "integer" },
+                    "PreviousStateName": { "type": "keyword" },
+                    "PreviousTime": { "type": "date" },
+                    "PrimaryGroupId": { "type": "keyword" },
+                    "PrivilegeList": { "type": "keyword" },
+                    "Process_Name": { "type": "keyword" },
+                    "ProcessGuid": { "type": "keyword" },
+                    "ProcessId": { "type": "keyword" },
+                    "processId": { "type": "keyword" },
+                    "ProcessID": { "type": "keyword" },
+                    "ProcessName": { "type": "keyword" },
+                    "ProcessPath": { "type": "keyword" },
+                    "processPath": { "type": "keyword" },
+                    "ProcessPid": { "type": "keyword" },
+                    "ProcNum": { "type": "integer" },
+                    "Product": { "type": "keyword" },
+                    "Product_Name": { "type": "keyword" },
+                    "Product_Version": { "type": "keyword" },
+                    "ProfileIdNum": { "type": "integer" },
+                    "ProfilePath": { "type": "keyword" },
+                    "PromptForCredentials": { "type": "integer" },
+                    "PromptForCredentialsDone": { "type": "integer" },
+                    "Properties": { "type": "keyword" },
+                    "Protocol": { "type": "keyword" },
+                    "PuaCount": { "type": "keyword" },
+                    "PuaPolicyId": { "type": "keyword" },
+                    "QfeVersion": { "type": "keyword" },
+                    "Query": { "type": "keyword" },
+                    "QueryName": { "type": "keyword" },
+                    "QueryStatus": { "type": "keyword" },
+                    "Reason": { "type": "keyword" },
+                    "ReasonCode": { "type": "integer" },
+                    "ReasonString": { "type": "keyword" },
+                    "RelativeTargetName": { "type": "keyword" },
+                    "Remediation_User": { "type": "keyword" },
+                    "RemoteEventLogging": { "type": "keyword" },
+                    "RemoteMachineID": { "type": "keyword" },
+                    "RemoteUserID": { "type": "keyword" },
+                    "ResourceManager": { "type": "keyword" },
+                    "Result": { "type": "keyword" },
+                    "ReturnCode": { "type": "keyword" },
+                    "RuleName": { "type": "keyword" },
+                    "SamAccountName": { "type": "keyword" },
+                    "SchemaVersion": { "type": "keyword" },
+                    "ScriptBlockId": { "type": "keyword" },
+                    "ScriptBlockText": { "type": "keyword" },
+                    "ScriptPath": { "type": "keyword" },
+                    "SD": { "type": "keyword" },
+                    "SDSize": { "type": "integer" },
+                    "ServerName": { "type": "keyword" },
+                    "Service": { "type": "keyword" },
+                    "ServiceName": { "type": "keyword" },
+                    "ServicePrincipalNames": { "type": "keyword" },
+                    "ServiceSid": { "type": "keyword" },
+                    "ServiceType": { "type": "keyword" },
+                    "ServiceVersion": { "type": "keyword" },
+                    "Session": { "type": "keyword" },
+                    "SessionID": { "type": "keyword" },
+                    "Severity_ID": { "type": "keyword" },
+                    "Severity_Name": { "type": "keyword" },
+                    "ShareLocalPath": { "type": "keyword" },
+                    "ShareName": { "type": "keyword" },
+                    "ShutdownActionType": { "type": "keyword" },
+                    "ShutdownEventCode": { "type": "keyword" },
+                    "ShutdownReason": { "type": "keyword" },
+                    "Signature": { "type": "keyword" },
+                    "Signature_Version": { "type": "keyword" },
+                    "SignatureStatus": { "type": "keyword" },
+                    "Signed": { "type": "keyword" },
+                    "Source": { "type": "keyword" },
+                    "Source_ID": { "type": "keyword" },
+                    "Source_Name": { "type": "keyword" },
+                    "SourceAddress": { "type": "keyword" },
+                    "SourceHostname": { "type": "keyword" },
+                    "SourceImage": { "type": "keyword" },
+                    "SourceIp": { "type": "keyword" },
+                    "SourceIsIpv6": { "type": "keyword" },
+                    "SourcePort": { "type": "keyword" },
+                    "SourcePortName": { "type": "keyword" },
+                    "SourceProcessGUID": { "type": "keyword" },
+                    "SourceProcessGuid": { "type": "keyword" },
+                    "SourceProcessId": { "type": "keyword" },
+                    "SourceSid": { "type": "keyword" },
+                    "SourceThreadId": { "type": "keyword" },
+                    "SourceUser": { "type": "keyword" },
+                    "SourceUserName": { "type": "keyword" },
+                    "StartAddress": { "type": "keyword" },
+                    "StartFunction": { "type": "keyword" },
+                    "StartModule": { "type": "keyword" },
+                    "StartTime": { "type": "date" },
+                    "StartType": { "type": "keyword" },
+                    "State": { "type": "keyword" },
+                    "StateTransition": { "type": "keyword" },
+                    "Status": { "type": "keyword" },
+                    "Status_Code": { "type": "keyword" },
+                    "StopTime": { "type": "date" },
+                    "string": { "type": "keyword" },
+                    "string2": { "type": "keyword" },
+                    "SubcategoryGuid": { "type": "keyword" },
+                    "SubcategoryId": { "type": "keyword" },
+                    "SubjectDomainName": { "type": "keyword" },
+                    "SubjectLogonId": { "type": "keyword" },
+                    "SubjectUserName": { "type": "keyword" },
+                    "SubjectUserSid": { "type": "keyword" },
+                    "SubStatus": { "type": "keyword" },
+                    "TargetDomainName": { "type": "keyword" },
+                    "TargetFilename": { "type": "keyword" },
+                    "TargetImage": { "type": "keyword" },
+                    "TargetInfo": { "type": "keyword" },
+                    "TargetLinkedLogonId": { "type": "keyword" },
+                    "TargetLogonGuid": { "type": "keyword" },
+                    "TargetLogonId": { "type": "keyword" },
+                    "TargetObject": { "type": "keyword" },
+                    "TargetOutboundDomainName": { "type": "keyword" },
+                    "TargetOutboundUserName": { "type": "keyword" },
+                    "TargetProcessGUID": { "type": "keyword" },
+                    "TargetProcessGuid": { "type": "keyword" },
+                    "TargetProcessId": { "type": "keyword" },
+                    "TargetServerName": { "type": "keyword" },
+                    "TargetSid": { "type": "keyword" },
+                    "TargetUser": { "type": "keyword" },
+                    "TargetUserName": { "type": "keyword" },
+                    "TargetUserSid": { "type": "keyword" },
+                    "TaskContent": { "type": "keyword" },
+                    "TaskContentNew": { "type": "keyword" },
+                    "TaskName": { "type": "keyword" },
+                    "TerminalSessionId": { "type": "keyword" },
+                    "TestSigning": { "type": "keyword" },
+                    "Threat_ID": { "type": "keyword" },
+                    "Threat_Name": { "type": "keyword" },
+                    "TicketEncryptionType": { "type": "keyword" },
+                    "TicketOptions": { "type": "keyword" },
+                    "TimeStamp": { "type": "date" },
+                    "TimezoneBiasHour": { "type": "keyword" },
+                    "TokenElevationType": { "type": "keyword" },
+                    "TransactionId": { "type": "keyword" },
+                    "transferId": { "type": "keyword" },
+                    "TransmittedServices": { "type": "keyword" },
+                    "TransportProtocolName": { "type": "keyword" },
+                    "TransportType": { "type": "keyword" },
+                    "TSId": { "type": "keyword" },
+                    "TunnelID": { "type": "integer" },
+                    "Type": { "type": "keyword" },
+                    "Type_ID": { "type": "keyword" },
+                    "Type_Name": { "type": "keyword" },
+                    "TypeMgrUuid": { "type": "keyword" },
+                    "url": { "type": "keyword" },
+                    "User": { "type": "keyword" },
+                    "UserAccountControl": { "type": "keyword" },
+                    "UserId": { "type": "keyword" },
+                    "username": { "type": "keyword" },
+                    "UserParameters": { "type": "keyword" },
+                    "UserSid": { "type": "keyword" },
+                    "UserWorkstations": { "type": "keyword" },
+                    "UtcTime": { "type": "date" },
+                    "Value": { "type": "keyword" },
+                    "value": { "type": "keyword" },
+                    "Version": { "type": "keyword" },
+                    "VirtualAccount": { "type": "keyword" },
+                    "VsmLaunchType": { "type": "keyword" },
+                    "Workstation": { "type": "keyword" },
+                    "WorkstationName": { "type": "keyword" }
+                  }
+                }
               }
             },
             "winstat": {
diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index ac90a3439..cadfa9a72 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -837,8 +837,18 @@ filter {
     # Winlogbeat - https://www.elastic.co/guide/en/beats/winlogbeat/current/_winlogbeat_overview.html
     # Normalize to match evtx upload and fluentbit windows event logs
 
+    ruby {
+      id => "ruby_winlogbeat_remove_empty_values"
+      path => "/usr/share/logstash/malcolm-ruby/compact_event.rb"
+      script_params => {
+        "discard_zeroes" => "true"
+      }
+    }
+
     mutate { id => "mutate_rename_winlogbeat_under_miscbeat"
              rename => { "[winlog]" => "[miscbeat][winlog]" } }
+    mutate { id => "mutate_rename_winlogbeat_event_data"
+             rename => { "[miscbeat][winlog][event_data]" => "[miscbeat][winlog][EventData]" } }
 
     mutate { id => "mutate_replace_winlogbeat_event_module"
              replace => { "[event][module]" => "winlog" } }
@@ -881,22 +891,6 @@ filter {
              target => "[miscbeat][winlog][TimeGenerated]" }
     }
 
-    if ([miscbeat][winlog][event_data][ProcessName]) {
-      mutate { id => "mutate_winlogbeat_process_name"
-               merge => { "[process][executable]" => "[miscbeat][winlog][event_data][ProcessName]" } }
-    }
-    if ([miscbeat][winlog][event_data][SubjectUserName]) {
-      mutate { id => "mutate_winlogbeat_subject_user_name"
-               merge => { "[related][user]" => "[miscbeat][winlog][event_data][SubjectUserName]" } }
-    }
-    if ([miscbeat][winlog][event_data][TargetOutboundUserName]) {
-      mutate { id => "mutate_winlogbeat_target_outbound_user_name"
-               merge => { "[related][user]" => "[miscbeat][winlog][event_data][TargetOutboundUserName]" } }
-    }
-    if ([miscbeat][winlog][event_data][TargetUserName]) {
-      mutate { id => "mutate_winlogbeat_target_user_name"
-               merge => { "[related][user]" => "[miscbeat][winlog][event_data][TargetUserName]" } }
-    }
     if ([miscbeat][winlog][user][name]) {
       mutate { id => "mutate_winlogbeat_user_name"
                merge => { "[related][user]" => "[miscbeat][winlog][user][name]" } }
@@ -1062,6 +1056,9 @@ filter {
     mutate { id => "mutate_add_field_event_module_evtx"
              add_field => { "[event][module]" => "winlog" } }
 
+    mutate { id => "mutate_rename_evtx_event_data"
+             rename => { "[evtx][Event][EventData]" => "[miscbeat][winlog][EventData]" } }
+
     # map level ID to level name
     if ([evtx][Event][System][Level]) {
       translate {
@@ -1090,68 +1087,6 @@ filter {
              rename => { "[evtx][Event][System][Security_attributes][UserID]" => "[miscbeat][winlog][UserID]" }
              rename => { "[evtx][Event][System][Task]" => "[miscbeat][winlog][Task]" }
              rename => { "[evtx][Event][System][Version]" => "[miscbeat][winlog][Version]" }
-             rename => { "[evtx][Event][EventData][CommandLine]" => "[process][command_line]" }
-             rename => { "[evtx][Event][EventData][CurrentDirectory]" => "[process][working_directory]" }
-    }
-
-    # there is some inconsistency across windows event log providers about how to name things...
-    ruby {
-        id => "ruby_miscbeat_evtx_process_id"
-        code => "
-          pids = Array.new
-          tids = Array.new
-          ['[evtx][Event][EventData][CallerProcessId]',
-           '[evtx][Event][EventData][NewProcessId]',
-           '[evtx][Event][EventData][ParentProcessId]',
-           '[evtx][Event][EventData][processId]',
-           '[evtx][Event][EventData][ProcessId]',
-           '[evtx][Event][EventData][ProcessID]',
-           '[evtx][Event][EventData][SourceProcessId]',
-           '[evtx][Event][EventData][TargetProcessId]',
-           '[evtx][Event][System][Execution_attributes]',
-           '[evtx][Event][System][Execution_attributes][ProcessID]',
-           '[evtx][Event][UserData][CompatibilityFixEvent][ProcessId]'].each {|fname|
-            if (pidstr = event.get(fname).to_s) then
-              pidint = pidstr.start_with?('0x') ? pidstr.hex : pidstr.to_i
-              pids.push(pidint) if pidint > 0
-            end
-          }
-          ['[evtx][Event][EventData][NewThreadId]',
-           '[evtx][Event][EventData][SourceThreadId]',
-           '[evtx][Event][System][Execution_attributes][ThreadID]'].each {|fname|
-           if (tidstr = event.get(fname).to_s) then
-             tidint = tidstr.start_with?('0x') ? tidstr.hex : tidstr.to_i
-             tids.push(tidint) if tidint > 0
-           end
-          }
-          event.set('[process][pid]', pids.uniq) unless (pids.length == 0)
-          event.set('[process][thread][id]', tids.uniq) unless (tids.length == 0)
-        "
-    }
-
-    # map error description/code to event.result
-    if ([evtx][Event][EventData][Error_Description]) {
-      if ([evtx][Event][EventData][Error_Description] =~ /^The operation completed successfully/) {
-        mutate { id => "mutate_add_field_evtx_result_success"
-                 add_field => { "[@metadata][evtx_result]" => "Success" } }
-        mutate { id => "mutate_merge_evtx_result_success"
-                 merge => { "[event][result]" => "[@metadata][evtx_result]" } }
-      } else {
-        mutate { id => "mutate_beats_evtx_error_description_to_result"
-                 merge => { "[event][result]" => "[evtx][Event][EventData][Error_Description]" } }
-      }
-    }
-    if ([evtx][Event][EventData][Result]) {
-      mutate { id => "mutate_beats_evtx_result_to_result"
-               merge => { "[event][result]" => "[evtx][Event][EventData][Result]" } }
-    }
-    if ([evtx][Event][EventData][Error_Code]) {
-      mutate { id => "mutate_beats_evtx_error_code_to_result"
-               merge => { "[event][result]" => "[evtx][Event][EventData][Error_Code]" } }
-    }
-    if ([evtx][Event][EventData][error_Code]) {
-      mutate { id => "mutate_beats_evtx_error_code_lc_to_result"
-               merge => { "[event][result]" => "[evtx][Event][EventData][error_Code]" } }
     }
 
     # store the original computer name as host.name as it's probably what people will want to search by
@@ -1163,59 +1098,7 @@ filter {
     }
 
     ###########################################
-    # evtx Time fields
-
-    if ([evtx][Event][EventData][TimeStamp]) {
-      date {
-        id => "date_beats_evtx_timestamp"
-        match => [ "[evtx][Event][EventData][TimeStamp]", "ISO8601" ]
-        target => "[evtx][Event][EventData][TimeStamp]"
-      }
-      mutate {
-        id => "date_beats_evtx_TimeStamp_to_timegenerated"
-        copy => { "[evtx][Event][EventData][TimeStamp]" => "[miscbeat][winlog][TimeGenerated]" }
-      }
-    }
-
-    if ([evtx][Event][EventData][Detection_Time]) {
-      date {
-        id => "date_beats_evtx_detectiontime"
-        match => [ "[evtx][Event][EventData][Detection_Time]", "ISO8601" ]
-        target => "[evtx][Event][EventData][Detection_Time]"
-      }
-      if (![miscbeat][winlog][TimeGenerated]) {
-        mutate {
-          id => "date_beats_evtx_detectiontime_to_timegenerated"
-          copy => { "[evtx][Event][EventData][Detection_Time]" => "[miscbeat][winlog][TimeGenerated]" }
-        }
-      }
-    }
-
-    if ([evtx][Event][EventData][UtcTime]) {
-      date {
-        id => "date_beats_evtx_utctime"
-        match => [ "[evtx][Event][EventData][UtcTime]", "yyyy-MM-dd HH:mm:ss.SSS" ]
-        target => "[evtx][Event][EventData][UtcTime]"
-      }
-      if (![miscbeat][winlog][TimeGenerated]) {
-        mutate {
-          id => "date_beats_evtx_utctime_to_timegenerated"
-          copy => { "[evtx][Event][EventData][UtcTime]" => "[miscbeat][winlog][TimeGenerated]" }
-        }
-      }
-    }
-
-    if ([evtx][Event][EventData][CreationUtcTime]) {
-      date {
-        id => "date_beats_evtx_creationutctime"
-        match => [ "[evtx][Event][EventData][CreationUtcTime]", "yyyy-MM-dd HH:mm:ss.SSS" ]
-        target => "[evtx][Event][EventData][CreationUtcTime]"
-      }
-      mutate {
-        id => "date_beats_evtx_utctime_to_timewritten"
-        copy => { "[evtx][Event][EventData][UtcTime]" => "[miscbeat][winlog][TimeWritten]" }
-      }
-    }
+    # some evtx Time fields (more generic ones are done in 13_normalize.conf)
 
     if ([evtx][Event][System][TimeCreated_attributes][SystemTime]) {
       date {
@@ -1231,22 +1114,6 @@ filter {
       }
     }
 
-    if ([evtx][Event][EventData][fileTime]) {
-      date {
-        id => "date_beats_evtx_filetime"
-        match => [ "[evtx][Event][EventData][fileTime]", "ISO8601" ]
-        target => "[evtx][Event][EventData][fileTime]"
-      }
-    }
-
-    if ([evtx][Event][EventData][PreviousCreationUtcTime]) {
-      date {
-        id => "date_beats_evtx_previouscreationutctime"
-        match => [ "[evtx][Event][EventData][PreviousCreationUtcTime]", "yyyy-MM-dd HH:mm:ss.SSS" ]
-        target => "[evtx][Event][EventData][PreviousCreationUtcTime]"
-      }
-    }
-
     if ([evtx][Event][UserData][CompatibilityFixEvent][StartTime]) {
       date {
         id => "date_beats_evtx_timewritten"
@@ -1298,7 +1165,7 @@ filter {
       }
     }
 
-    # ECS stuff
+    # some more ECS stuff (more generic ones are done in 13_normalize.conf)
     mutate { id => "mutate_add_field_event_kind_evtx"
              add_field => { "[event][kind]" => "event" } }
     mutate { id => "mutate_add_field_os_family_evtx"
@@ -1306,175 +1173,10 @@ filter {
     mutate { id => "mutate_add_field_os_type_evtx"
              add_field => { "[os][type]" => "windows" } }
 
-    # ECS -> related.user
-    if ([evtx][Event][EventData][NewTargetUserName]) {
-      mutate { id => "mutate_merge_evtx_user_newtargetusername"
-               merge => { "[related][user]" => "[evtx][Event][EventData][NewTargetUserName]" } }
-    }
-    if ([evtx][Event][EventData][OldTargetUserName]) {
-      mutate { id => "mutate_merge_evtx_user_oldtargetusername"
-               merge => { "[related][user]" => "[evtx][Event][EventData][OldTargetUserName]" } }
-    }
-    if ([evtx][Event][EventData][SourceUserName]) {
-      mutate { id => "mutate_merge_evtx_user_sourceusername"
-               merge => { "[related][user]" => "[evtx][Event][EventData][SourceUserName]" } }
-    }
-    if ([evtx][Event][EventData][SubjectUserName]) {
-      mutate { id => "mutate_merge_evtx_user_subjectusername"
-               merge => { "[related][user]" => "[evtx][Event][EventData][SubjectUserName]" } }
-    }
-    if ([evtx][Event][EventData][TargetOutboundUserName]) {
-      mutate { id => "mutate_merge_evtx_user_targetoutboundusername"
-               merge => { "[related][user]" => "[evtx][Event][EventData][TargetOutboundUserName]" } }
-    }
-    if ([evtx][Event][EventData][TargetUserName]) {
-      mutate { id => "mutate_merge_evtx_user_targetusername"
-               merge => { "[related][user]" => "[evtx][Event][EventData][TargetUserName]" } }
-    }
-    if ([evtx][Event][EventData][username]) {
-      mutate { id => "mutate_merge_evtx_user_username"
-               merge => { "[related][user]" => "[evtx][Event][EventData][username]" } }
-    }
     if ([evtx][Event][UserData][LogFileCleared][SubjectUserName]) {
       mutate { id => "mutate_merge_evtx_user_logfilecleared"
                merge => { "[related][user]" => "[evtx][Event][UserData][LogFileCleared][SubjectUserName]" } }
     }
-    if ([evtx][Event][EventData][Detection_User]) {
-      mutate { id => "mutate_merge_evtx_user_detection_user"
-               merge => { "[related][user]" => "[evtx][Event][EventData][Detection_User]" } }
-    }
-    if ([evtx][Event][EventData][ParentUser]) {
-      mutate { id => "mutate_merge_evtx_user_parentuser"
-               merge => { "[related][user]" => "[evtx][Event][EventData][ParentUser]" } }
-    }
-    if ([evtx][Event][EventData][Remediation_User]) {
-      mutate { id => "mutate_merge_evtx_user_remediation_user"
-               merge => { "[related][user]" => "[evtx][Event][EventData][Remediation_User]" } }
-    }
-    if ([evtx][Event][EventData][TargetUser]) {
-      mutate { id => "mutate_merge_evtx_user_targetuser"
-               merge => { "[related][user]" => "[evtx][Event][EventData][TargetUser]" } }
-    }
-    if ([evtx][Event][EventData][User]) {
-      mutate { id => "mutate_merge_evtx_user_user"
-               merge => { "[related][user]" => "[evtx][Event][EventData][User]" } }
-    }
-
-    # ECS hash
-    if ([evtx][Event][EventData][Hashes]) {
-      ruby {
-        id => "ruby_evtx_eventdata_hashes"
-        code => "
-          if hash_str = event.get('[evtx][Event][EventData][Hashes]') then
-            hash_dict = Hash[hash_str.split(',').map { |pair| pair.split('=') }]
-            event.set('[process][hash][sha1]', hash_dict['SHA1']) if hash_dict.key?('SHA1')
-            event.set('[process][hash][md5]', hash_dict['MD5']) if hash_dict.key?('MD5')
-            event.set('[process][hash][sha256]', hash_dict['SHA256']) if hash_dict.key?('SHA256')
-            event.set('[pe][imphash]', hash_dict['IMPHASH']) if hash_dict.key?('IMPHASH')
-          end"
-      }
-      if ([process][hash][sha1]) {
-        mutate { id => "mutate_merge_evtx_related_hash_sha1"
-                 merge => { "[related][hash]" => "[process][hash][sha1]" } }
-      }
-      if ([process][hash][md5]) {
-        mutate { id => "mutate_merge_evtx_related_hash_md5"
-                 merge => { "[related][hash]" => "[process][hash][md5]" } }
-      }
-      if ([process][hash][sha256]) {
-        mutate { id => "mutate_merge_evtx_related_hash_sha256"
-                 merge => { "[related][hash]" => "[process][hash][sha256]" } }
-      }
-      if ([pe][imphash]) {
-        mutate { id => "mutate_merge_evtx_related_hash_imphash"
-                 merge => { "[related][hash]" => "[pe][imphash]" } }
-      }
-      mutate { id => "mutate_miscbeat_remove_eventdata_hashes"
-               remove_field => [ "[evtx][Event][EventData][Hashes]" ] }
-    }
-
-    # ECS dll
-    if ([evtx][Event][EventData][ImageLoaded] =~ /\.dll/) {
-      ruby {
-        id => "ruby_evtx_imageloaded_dedoubleslash"
-        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
-        script_params => {
-          "source" => "[evtx][Event][EventData][ImageLoaded]"
-          "target" => "[evtx][Event][EventData][ImageLoaded]"
-        }
-      }
-      mutate { id => "mutate_merge_evtx_dll_path_eventdata_imageloaded"
-               merge => { "[dll][path]" => "[evtx][Event][EventData][ImageLoaded]" } }
-      mutate { id => "mutate_merge_evtx_dll_name_eventdata_imageloaded"
-               merge => { "[dll][name]" => "[evtx][Event][EventData][ImageLoaded]" } }
-      mutate { id => "mutate_gsub_evtx_dll_name_eventdata_imageloaded"
-               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
-    }
-
-    if ([evtx][Event][EventData][OriginalFileName] =~ /\.dll/) {
-      ruby {
-        id => "ruby_evtx_originalfilename_dedoubleslash"
-        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
-        script_params => {
-          "source" => "[evtx][Event][EventData][OriginalFileName]"
-          "target" => "[evtx][Event][EventData][OriginalFileName]"
-        }
-      }
-      mutate { id => "mutate_merge_evtx_dll_path_eventdata_originalfilename"
-               merge => { "[dll][path]" => "[evtx][Event][EventData][OriginalFileName]" } }
-      mutate { id => "mutate_merge_evtx_dll_name_eventdata_originalfilename"
-               merge => { "[dll][name]" => "[evtx][Event][EventData][OriginalFileName]" } }
-      mutate { id => "mutate_gsub_evtx_dll_name_eventdata_originalfilename"
-               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
-    }
-
-    if ([evtx][Event][EventData][StartModule] =~ /\.dll/) {
-      ruby {
-        id => "ruby_evtx_startmodule_dedoubleslash"
-        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
-        script_params => {
-          "source" => "[evtx][Event][EventData][StartModule]"
-          "target" => "[evtx][Event][EventData][StartModule]"
-        }
-      }
-      mutate { id => "mutate_merge_evtx_dll_path_eventdata_startmodule"
-               merge => { "[dll][path]" => "[evtx][Event][EventData][StartModule]" } }
-      mutate { id => "mutate_merge_evtx_dll_name_eventdata_startmodule"
-               merge => { "[dll][name]" => "[evtx][Event][EventData][StartModule]" } }
-      mutate { id => "mutate_gsub_evtx_dll_name_eventdata_startmodule"
-               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
-    }
-
-    if ([evtx][Event][EventData][TargetFilename] =~ /\.dll/) {
-      ruby {
-        id => "ruby_evtx_targetfilename_dedoubleslash"
-        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
-        script_params => {
-          "source" => "[evtx][Event][EventData][TargetFilename]"
-          "target" => "[evtx][Event][EventData][TargetFilename]"
-        }
-      }
-      mutate { id => "mutate_merge_evtx_dll_path_eventdata_targetfilename"
-               merge => { "[dll][path]" => "[evtx][Event][EventData][TargetFilename]" } }
-      mutate { id => "mutate_merge_evtx_dll_name_eventdata_targetfilename"
-               merge => { "[dll][name]" => "[evtx][Event][EventData][TargetFilename]" } }
-      mutate { id => "mutate_gsub_evtx_dll_name_eventdata_targetfilename"
-               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
-    }
-
-    # ECS executable
-    if ([evtx][Event][EventData][Image]) {
-      mutate { id => "mutate_merge_evtx_process_executable_evtx_event_eventdata_image"
-               merge => { "[process][executable]" => "[evtx][Event][EventData][Image]" } }
-    }
-    if ([evtx][Event][EventData][Process_Name]) {
-      mutate { id => "mutate_merge_evtx_process_executable_evtx_event_eventdata_process_name"
-               merge => { "[process][executable]" => "[evtx][Event][EventData][Process_Name]" } }
-    }
-    if ([evtx][Event][EventData][ProcessName]) {
-      mutate { id => "mutate_merge_evtx_process_executable_evtx_event_eventdata_processname"
-               merge => { "[process][executable]" => "[evtx][Event][EventData][ProcessName]" } }
-    }
 
     # generate unique ID
     if (![event][hash]) {

From 9ce0289e622d5b190ea088c08cc89f4efcc3c225 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 8 Jan 2025 13:55:32 -0700
Subject: [PATCH 15/53] WIP of cisagov/Malcolm#356, normalize winlogbeats

---
 dashboards/templates/composable/component/miscbeat.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dashboards/templates/composable/component/miscbeat.json b/dashboards/templates/composable/component/miscbeat.json
index cd92f2c81..e4b4d31a3 100644
--- a/dashboards/templates/composable/component/miscbeat.json
+++ b/dashboards/templates/composable/component/miscbeat.json
@@ -623,13 +623,13 @@
                     "StartAddress": { "type": "keyword" },
                     "StartFunction": { "type": "keyword" },
                     "StartModule": { "type": "keyword" },
-                    "StartTime": { "type": "date" },
+                    "StartTime": { "type": "keyword" },
                     "StartType": { "type": "keyword" },
                     "State": { "type": "keyword" },
                     "StateTransition": { "type": "keyword" },
                     "Status": { "type": "keyword" },
                     "Status_Code": { "type": "keyword" },
-                    "StopTime": { "type": "date" },
+                    "StopTime": { "type": "keyword" },
                     "string": { "type": "keyword" },
                     "string2": { "type": "keyword" },
                     "SubcategoryGuid": { "type": "keyword" },
@@ -667,6 +667,7 @@
                     "TicketEncryptionType": { "type": "keyword" },
                     "TicketOptions": { "type": "keyword" },
                     "TimeStamp": { "type": "date" },
+                    "TimeSourceRefId": { "type": "keyword" },
                     "TimezoneBiasHour": { "type": "keyword" },
                     "TokenElevationType": { "type": "keyword" },
                     "TransactionId": { "type": "keyword" },

From e0e8af5aa7ea34439c2b261372c14b83eee00959 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 8 Jan 2025 14:24:48 -0700
Subject: [PATCH 16/53] WIP of cisagov/Malcolm#356, fix for a dashboard

---
 .../79202ee0-d811-11ee-820d-dd9fd73a3921.json | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
index 4e2b9d16d..3074d3607 100644
--- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
@@ -5,10 +5,10 @@
         "description": "Windows event logs",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
         },
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"43028c5f-84f4-44fd-af4b-45103d59b07f\"},\"panelIndex\":\"43028c5f-84f4-44fd-af4b-45103d59b07f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":20,\"i\":\"346bb696-5fa2-4504-a1d8-5a6f51244c7b\"},\"panelIndex\":\"346bb696-5fa2-4504-a1d8-5a6f51244c7b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"vis\":{\"sortColumn\":{\"colIndex\":3,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":20,\"i\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\"},\"panelIndex\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":20,\"w\":18,\"h\":34,\"i\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\"},\"panelIndex\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":20,\"w\":22,\"h\":34,\"i\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\"},\"panelIndex\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":35,\"w\":8,\"h\":19,\"i\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\"},\"panelIndex\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"table\":null,\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":54,\"w\":16,\"h\":39,\"i\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\"},\"panelIndex\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":54,\"w\":32,\"h\":39,\"i\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\"},\"panelIndex\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\",\"embeddableConfig\":{\"sort\":[[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]]},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":93,\"w\":48,\"h\":30,\"i\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\"},\"panelIndex\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":35,\"i\":\"43028c5f-84f4-44fd-af4b-45103d59b07f\"},\"panelIndex\":\"43028c5f-84f4-44fd-af4b-45103d59b07f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":20,\"i\":\"c80d237f-1036-4b28-8294-493be2526d80\"},\"panelIndex\":\"c80d237f-1036-4b28-8294-493be2526d80\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":20,\"i\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\"},\"panelIndex\":\"9c39d8b3-ad8c-4247-b97f-9736e469c988\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":20,\"w\":18,\"h\":34,\"i\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\"},\"panelIndex\":\"1372927d-8b1d-4531-94fb-377dbccfff6b\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":20,\"w\":22,\"h\":34,\"i\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\"},\"panelIndex\":\"bccfb126-a864-4c11-a8c7-a9a1286c8f0f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":35,\"w\":8,\"h\":19,\"i\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\"},\"panelIndex\":\"bc116b54-f251-4e77-833c-c557b5d5c1d7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"table\":null,\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":54,\"w\":16,\"h\":39,\"i\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\"},\"panelIndex\":\"3ce8c85f-ded2-4ff2-9a91-e85523bd2516\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":54,\"w\":32,\"h\":39,\"i\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\"},\"panelIndex\":\"197395c9-4133-47ad-9290-1cb15f09e1ce\",\"embeddableConfig\":{\"sort\":[[\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"desc\"]]},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":93,\"w\":48,\"h\":30,\"i\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\"},\"panelIndex\":\"49f38efc-1ab3-4e38-96e5-b0458c026491\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]",
         "timeRestore": false,
         "title": "Windows Events",
         "version": 1
@@ -68,8 +68,8 @@
         }
       ],
       "type": "dashboard",
-      "updated_at": "2025-01-07T16:03:35.952Z",
-      "version": "WzEwNzUsMV0="
+      "updated_at": "2025-01-08T21:21:36.883Z",
+      "version": "WzEwNzAsMV0="
     },
     {
       "attributes": {
@@ -91,8 +91,8 @@
       ],
       "references": [],
       "type": "visualization",
-      "updated_at": "2025-01-07T15:10:03.736Z",
-      "version": "WzkyOCwxXQ=="
+      "updated_at": "2025-01-08T20:43:42.858Z",
+      "version": "WzEwNTAsMV0="
     },
     {
       "attributes": {
@@ -102,9 +102,9 @@
         },
         "savedSearchRefName": "search_0",
         "title": "Windows Events by Host",
-        "uiStateJSON": "{}",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
         "version": 1,
-        "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Origin\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+        "visState": "{\"title\":\"Windows Events by Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"top_hits\",\"params\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"sortOrder\":\"desc\",\"customLabel\":\"Last Log\"},\"schema\":\"metric\"},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Computer Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
       "id": "0100b010-d811-11ee-820d-dd9fd73a3921",
       "migrationVersion": {
@@ -121,8 +121,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk3MywxXQ=="
+      "updated_at": "2025-01-08T21:20:43.195Z",
+      "version": "WzEwNjksMV0="
     },
     {
       "attributes": {
@@ -151,8 +151,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk3NCwxXQ=="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk4OSwxXQ=="
     },
     {
       "attributes": {
@@ -181,8 +181,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-07T16:02:27.195Z",
-      "version": "WzEwNzQsMV0="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk5MCwxXQ=="
     },
     {
       "attributes": {
@@ -211,8 +211,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk3NSwxXQ=="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk5MSwxXQ=="
     },
     {
       "attributes": {
@@ -241,8 +241,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk3NiwxXQ=="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk5MiwxXQ=="
     },
     {
       "attributes": {
@@ -271,8 +271,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk3OCwxXQ=="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk5MywxXQ=="
     },
     {
       "attributes": {
@@ -305,8 +305,8 @@
         }
       ],
       "type": "search",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk3OSwxXQ=="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk5NCwxXQ=="
     },
     {
       "attributes": {
@@ -342,8 +342,8 @@
         }
       ],
       "type": "search",
-      "updated_at": "2025-01-07T15:10:08.874Z",
-      "version": "Wzk4MCwxXQ=="
+      "updated_at": "2025-01-08T20:43:36.786Z",
+      "version": "Wzk5NSwxXQ=="
     }
   ],
   "version": "2.18.0"

From 8cb4348b9514f083fa557d96106549b0b9d729cb Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 8 Jan 2025 15:23:12 -0700
Subject: [PATCH 17/53] WIP of cisagov/Malcolm#356, normalize winlogbeats

---
 docs/third-party-logs.md                    | 17 ++++++++++-----
 logstash/pipelines/beats/11_beats_logs.conf | 23 ++++++++++++++++++++-
 2 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/docs/third-party-logs.md b/docs/third-party-logs.md
index 5c37e0d5c..f04a15567 100644
--- a/docs/third-party-logs.md
+++ b/docs/third-party-logs.md
@@ -284,14 +284,21 @@ Elastic [Beats](https://www.elastic.co/beats/) can also be used to forward data
 
 In contrast to Fluent Bit, Beats forwarders write to Malcolm's Logstash input over TCP port 5044 (rather than its Filebeat TCP input). Answer `Y` when prompted `Expose Logstash port to external hosts?` during Malcolm configuration (i.e., when running [`./scripts/configure`](malcolm-config.md#ConfigAndTuning)) to allow external remote Beats forwarders to send logs to Logstash.
 
-The Beat's [configuration YML file](https://www.elastic.co/guide/en/beats/libbeat/current/config-file-format.html) file might look something like this sample [filebeat.yml](https://www.elastic.co/guide/en/beats/filebeat/current/configuring-howto-filebeat.html) file:
+The Beat's [configuration YML file](https://www.elastic.co/guide/en/beats/libbeat/current/config-file-format.html) file might look something like this sample [winlogbeat.yml](https://www.elastic.co/guide/en/beats/winlogbeat/current/configuring-howto-winlogbeat.html) file:
 
 
 ```yml
-filebeat.inputs:
-- type: log
-  paths:
-    - /home/user/logs/*.log
+winlogbeat.event_logs:
+  - name: Application
+    ignore_older: 72h
+  - name: System
+  - name: Security
+  - name: ForwardedEvents
+    tags: [forwarded]
+  - name: Windows PowerShell
+    event_id: 400, 403, 600, 800
+  - name: Microsoft-Windows-PowerShell/Operational
+    event_id: 4103, 4104, 4105, 4106
 
 processors:
   - add_tags:
diff --git a/logstash/pipelines/beats/11_beats_logs.conf b/logstash/pipelines/beats/11_beats_logs.conf
index cadfa9a72..c26c3905d 100644
--- a/logstash/pipelines/beats/11_beats_logs.conf
+++ b/logstash/pipelines/beats/11_beats_logs.conf
@@ -877,8 +877,29 @@ filter {
     }
 
     if ([miscbeat][winlog][EventType]) {
+      translate {
+        id => "translate_winlogbeat_event_type_case"
+        source => "[miscbeat][winlog][EventType]"
+        target => "[miscbeat][winlog][EventType]"
+        dictionary => {
+          "error" => "Error"
+          "failureaudit" => "FailureAudit"
+          "information" => "Information"
+          "successaudit" => "SuccessAudit"
+          "warning" => "Warning"
+        }
+      }
       mutate { id => "mutate_merge_winlogbeat_eventtype_to_result"
-               merge => { "[event][result]" => "[miscbeat][winlog][EventType]" } } }
+               merge => { "[event][result]" => "[miscbeat][winlog][EventType]" } }
+      if (![miscbeat][winevtlog][Level]) {
+        translate {
+          id => "translate_winlogbeat_to_level"
+          source => "[miscbeat][winlog][EventType]"
+          target => "[miscbeat][winlog][Level]"
+          dictionary_path => "/etc/winlog_levels_to_numbers.yaml"
+        }
+      }
+    }
 
     if ([winlog][computer_name]) {
       mutate { id => "mutate_replace_winlogbeat_computer_name"

From de41177f9b2ce653387f2bec6f9f9a5b594d22c8 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 9 Jan 2025 10:34:30 -0700
Subject: [PATCH 18/53] Work in progress for cisagov/Malcolm#541, making sure
 conn.log and known_services.log get the ICS protocols assigned to them
 corrrectly and tagged appropriately

---
 logstash/pipelines/zeek/1014_zeek_conn.conf  |  3 +++
 logstash/pipelines/zeek/1033_zeek_known.conf | 21 ++++++++------------
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/logstash/pipelines/zeek/1014_zeek_conn.conf b/logstash/pipelines/zeek/1014_zeek_conn.conf
index dabbd20dd..3df20d5d6 100644
--- a/logstash/pipelines/zeek/1014_zeek_conn.conf
+++ b/logstash/pipelines/zeek/1014_zeek_conn.conf
@@ -32,6 +32,9 @@ filter {
 
     # normalize service string(s)
 
+    mutate { id => "mutate_lowercase_conn_service"
+             lowercase => [ "[zeek_cols][service]" ] }
+
     # For some reason, even in JSON, I have service strings like:
     #   ...,"proto":"udp","service":"profinet,profinet_dce_rpc,spicy_profinet_io_cm,profinet",...
     # so whatever reason it's not already an array. Split it here.
diff --git a/logstash/pipelines/zeek/1033_zeek_known.conf b/logstash/pipelines/zeek/1033_zeek_known.conf
index 2e54851bf..4dc4319b1 100644
--- a/logstash/pipelines/zeek/1033_zeek_known.conf
+++ b/logstash/pipelines/zeek/1033_zeek_known.conf
@@ -176,26 +176,21 @@ filter {
       }
     }
 
+    # normalize service string(s)
+
     mutate { id => "mutate_lowercase_zeek_known_services_service"
              lowercase => [ "[zeek_cols][service]" ] }
 
-    # normalize service string(s)
-
     # some services are named like blah_udp/blah_tcp/blah_data, and we don't care about the suffix
-    mutate { id => "mutate_gsub_field_zeek_known_services_protocol_suffix"
+    mutate { id => "mutate_gsub_field_zeek_known_services_service_suffix"
              gsub => [ "[zeek_cols][service]", "[_-](tcp|udp|data)", "" ] }
 
-    if ([zeek_cols][service] =~ /^spicy_/) {
-      # if it's coming from spicy, we don't care to have that in the service name
-      mutate { id => "mutate_gsub_field_zeek_known_service_spicy_prefix"
-               gsub => [ "[zeek_cols][service]", "^spicy_", "" ] }
-
-      # some spicy services are named like blah_udp or blah_tcp,
-      # and we don't care about the _udp/_tcp suffix
-      mutate { id => "mutate_gsub_field_zeek_known_service_spicy_suffix"
-               gsub => [ "[zeek_cols][service]", "(_hmac)?(_(sha|md)\d+)?$", "" ] }
+    # if it's coming from spicy, we don't care to have that in the service name
+    mutate { id => "mutate_gsub_field_zeek_known_services_spicy_prefix"
+             gsub => [ "[zeek_cols][service]", "spicy_", "" ] }
 
-    }
+    mutate { id => "mutate_gsub_field_zeek_known_services_spicy_cipher_suffix"
+             gsub => [ "[zeek_cols][service]", "(_hmac)?(_(sha|md)\d+)?$", "" ] }
 
   }
 

From 98d7d17fed8a62a4834e4ca6f3c820814069b9be Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 9 Jan 2025 13:26:18 -0700
Subject: [PATCH 19/53] Work in progress for cisagov/Malcolm#541

---
 .../pipelines/zeek/1017_zeek_diagnostic.conf  | 25 ++++++++++---------
 logstash/pipelines/zeek/1050_zeek_s7comm.conf |  2 +-
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/logstash/pipelines/zeek/1017_zeek_diagnostic.conf b/logstash/pipelines/zeek/1017_zeek_diagnostic.conf
index 04c23c080..3fe446c8f 100644
--- a/logstash/pipelines/zeek/1017_zeek_diagnostic.conf
+++ b/logstash/pipelines/zeek/1017_zeek_diagnostic.conf
@@ -316,20 +316,21 @@ filter {
       }
     }
 
-    mutate { id => "mutate_lowercase_zeek_dpd_service"
+    # normalize service string(s)
+
+    mutate { id => "mutate_lowercase_dpd_service"
              lowercase => [ "[zeek_cols][service]" ] }
 
-    # normalize service string(s)
-    if ([zeek_cols][service] =~ /^spicy_/) {
-      # if it's coming from spicy, we don't care to have that in the service name
-      mutate { id => "mutate_gsub_field_zeek_dpd_service_spicy_prefix"
-               gsub => [ "[zeek_cols][service]", "^spicy_", "" ] }
-
-      # some spicy services are named like blah_udp or blah_tcp,
-      # and we don't care about the _udp/_tcp suffix
-      mutate { id => "mutate_gsub_field_zeek_dpd_service_spicy_suffix"
-               gsub => [ "[zeek_cols][service]", "_(tcp|udp)(_hmac)?(_(sha|md)\d+)?$", "" ] }
-    }
+    # some services are named like blah_udp/blah_tcp/blah_data, and we don't care about the suffix
+    mutate { id => "mutate_gsub_field_zeek_dpd_service_protocol_suffix"
+             gsub => [ "[zeek_cols][service]", "[_-](tcp|udp|data)", "" ] }
+
+    # if it's coming from spicy, we don't care to have that in the service name
+    mutate { id => "mutate_gsub_field_zeek_dpd_service_spicy_prefix"
+             gsub => [ "[zeek_cols][service]", "spicy_", "" ] }
+
+    mutate { id => "mutate_gsub_field_zeek_dpd_service_spicy_cipher_suffix"
+             gsub => [ "[zeek_cols][service]", "(_hmac)?(_(sha|md)\d+)?$", "" ] }
 
   }
 
diff --git a/logstash/pipelines/zeek/1050_zeek_s7comm.conf b/logstash/pipelines/zeek/1050_zeek_s7comm.conf
index 1270241d2..a01df6519 100644
--- a/logstash/pipelines/zeek/1050_zeek_s7comm.conf
+++ b/logstash/pipelines/zeek/1050_zeek_s7comm.conf
@@ -102,7 +102,7 @@ filter {
       id => "mutate_add_fields_zeek_s7comm_plus"
       add_field => {
         "[zeek_cols][proto]" => "tcp"
-        "[zeek_cols][service]" => "s7comm_plus"
+        "[zeek_cols][service]" => "s7comm-plus"
       }
       add_tag => [ "ics" ]
     }

From 3866959b8e1b12e7a117353cb65813c7619d20f4 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 9 Jan 2025 13:56:52 -0700
Subject: [PATCH 20/53] standardize ICS protocols in network.protocol field, so
 they all get tagged with 'ics' properly cisagov/Malcolm#541

---
 logstash/pipelines/enrichment/11_lookups.conf | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index 337148f92..fc67d51fa 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -420,12 +420,14 @@ filter {
       ("ethercat" in [network][protocol]) or
       ("ge_srtp" in [network][protocol]) or
       ("genisys" in [network][protocol]) or
-      ("cotp" in [network][protocol]) or
+      ("hart_ip" in [network][protocol]) or
       ("opcua-binary" in [network][protocol]) or
       ("modbus" in [network][protocol]) or
       ("profinet" in [network][protocol]) or
       ("profinet_dce_rpc" in [network][protocol]) or
+      ("profinet_io_cm" in [network][protocol]) or
       ("s7comm" in [network][protocol]) or
+      ("s7comm-plus" in [network][protocol]) or
       ("s7comm_plus" in [network][protocol]) or
       ("synchrophasor" in [network][protocol])) {
     mutate { id => "mutate_add_tag_ics_from_network_protocol"

From 0844647bf7d9b77e5fafe1614a28cd0c3319c8ed Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 9 Jan 2025 14:09:29 -0700
Subject: [PATCH 21/53] fix cisagov/Malcolm#533, allow keystores to be created
 on startup even in hedgehog mode

---
 scripts/control.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/scripts/control.py b/scripts/control.py
index 10c1c606c..19b6a2627 100755
--- a/scripts/control.py
+++ b/scripts/control.py
@@ -210,7 +210,7 @@ def keystore_op(service, dropPriv=False, *keystore_args, **run_process_kwargs):
     keystoreBinProc = f"/usr/share/{service}/bin/{service}-keystore"
     uidGidDict = GetUidGidFromEnv(args.configDir)
 
-    if (orchMode is OrchestrationFramework.DOCKER_COMPOSE) and (args.composeProfile == PROFILE_MALCOLM):
+    if orchMode is OrchestrationFramework.DOCKER_COMPOSE:
         # if we're using docker-uid-gid-setup.sh to drop privileges as we spin up a container
         dockerUidGuidSetup = "/usr/local/bin/docker-uid-gid-setup.sh"
 
@@ -402,10 +402,6 @@ def keystore_op(service, dropPriv=False, *keystore_args, **run_process_kwargs):
                 dbgStr = f"{podname}: {cmd}({run_process_kwargs['stdin'][:80] + bool(run_process_kwargs['stdin'][80:]) * '...' if 'stdin' in run_process_kwargs and run_process_kwargs['stdin'] else ''}) returned {deep_get(podResults, ['err'], 1)}: {deep_get(podResults, ['output'], 'unknown')}"
                 eprint(dbgStr)
 
-    elif args.composeProfile == PROFILE_HEDGEHOG:
-        # keystore operation doesn't mean anything in hedgehog mode, just return "Ok"
-        err = 0
-
     else:
         raise Exception(
             f'{sys._getframe().f_code.co_name} does not yet support {orchMode} with profile {args.composeProfile}'

From eae26a731821a5cd20230d021dc5cc54e584b595 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 9 Jan 2025 14:12:27 -0700
Subject: [PATCH 22/53] forgot to add file for cisagov/Malcolm#356

---
 logstash/pipelines/beats/13_normalize.conf | 364 +++++++++++++++++++++
 1 file changed, 364 insertions(+)
 create mode 100644 logstash/pipelines/beats/13_normalize.conf

diff --git a/logstash/pipelines/beats/13_normalize.conf b/logstash/pipelines/beats/13_normalize.conf
new file mode 100644
index 000000000..3f4292ef7
--- /dev/null
+++ b/logstash/pipelines/beats/13_normalize.conf
@@ -0,0 +1,364 @@
+########################
+# additional normalizeation of non-network-traffic events from
+#   various sources (e.g., winlog/winlogbeat/winevtlog/evtx)
+#
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
+#######################
+
+filter {
+
+  if ([miscbeat][winlog][EventData]) {
+
+    mutate { id => "mutate_rename_windows_eventdata"
+             rename => { "[miscbeat][winlog][EventData][CommandLine]" => "[process][command_line]" }
+             rename => { "[miscbeat][winlog][EventData][CurrentDirectory]" => "[process][working_directory]" }
+    }
+
+    if ([miscbeat][winlog][EventData][ProcessName]) {
+      mutate { id => "mutate_winlogbeat_process_name"
+               merge => { "[process][executable]" => "[miscbeat][winlog][EventData][ProcessName]" } }
+    }
+    if ([miscbeat][winlog][EventData][SubjectUserName]) {
+      mutate { id => "mutate_winlogbeat_subject_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][SubjectUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][TargetOutboundUserName]) {
+      mutate { id => "mutate_winlogbeat_target_outbound_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][TargetOutboundUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][TargetUserName]) {
+      mutate { id => "mutate_winlogbeat_target_user_name"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][TargetUserName]" } }
+    }
+
+    # there is some inconsistency across windows event log providers about how to name things...
+    ruby {
+        id => "ruby_miscbeat_eventdata_process_id"
+        code => "
+          pids = Array.new
+          tids = Array.new
+          ['[miscbeat][winlog][EventData][CallerProcessId]',
+           '[miscbeat][winlog][EventData][NewProcessId]',
+           '[miscbeat][winlog][EventData][ParentProcessId]',
+           '[miscbeat][winlog][EventData][processId]',
+           '[miscbeat][winlog][EventData][ProcessId]',
+           '[miscbeat][winlog][EventData][ProcessID]',
+           '[miscbeat][winlog][EventData][SourceProcessId]',
+           '[miscbeat][winlog][EventData][TargetProcessId]',
+           '[evtx][Event][System][Execution_attributes]',
+           '[evtx][Event][System][Execution_attributes][ProcessID]',
+           '[evtx][Event][UserData][CompatibilityFixEvent][ProcessId]'].each {|fname|
+            if (pidstr = event.get(fname).to_s) then
+              pidint = pidstr.start_with?('0x') ? pidstr.hex : pidstr.to_i
+              pids.push(pidint) if pidint > 0
+            end
+          }
+          ['[miscbeat][winlog][EventData][NewThreadId]',
+           '[miscbeat][winlog][EventData][SourceThreadId]',
+           '[evtx][Event][System][Execution_attributes][ThreadID]'].each {|fname|
+           if (tidstr = event.get(fname).to_s) then
+             tidint = tidstr.start_with?('0x') ? tidstr.hex : tidstr.to_i
+             tids.push(tidint) if tidint > 0
+           end
+          }
+          event.set('[process][pid]', pids.uniq) unless (pids.length == 0)
+          event.set('[process][thread][id]', tids.uniq) unless (tids.length == 0)
+        "
+    }
+
+
+    # map error description/code to event.result
+    if ([miscbeat][winlog][EventData][Error_Description]) {
+      if ([miscbeat][winlog][EventData][Error_Description] =~ /^The operation completed successfully/) {
+        mutate { id => "mutate_add_field_eventdata_result_success"
+                 add_field => { "[@metadata][evtx_result]" => "Success" } }
+        mutate { id => "mutate_merge_eventdata_result_success"
+                 merge => { "[event][result]" => "[@metadata][evtx_result]" } }
+      } else {
+        mutate { id => "mutate_beats_eventdata_error_description_to_result"
+                 merge => { "[event][result]" => "[miscbeat][winlog][EventData][Error_Description]" } }
+      }
+    }
+    if ([miscbeat][winlog][EventData][Result]) {
+      mutate { id => "mutate_beats_eventdata_result_to_result"
+               merge => { "[event][result]" => "[miscbeat][winlog][EventData][Result]" } }
+    }
+    if ([miscbeat][winlog][EventData][Error_Code]) {
+      mutate { id => "mutate_beats_eventdata_error_code_to_result"
+               merge => { "[event][result]" => "[miscbeat][winlog][EventData][Error_Code]" } }
+    }
+    if ([miscbeat][winlog][EventData][error_Code]) {
+      mutate { id => "mutate_beats_eventdata_error_code_lc_to_result"
+               merge => { "[event][result]" => "[miscbeat][winlog][EventData][error_Code]" } }
+    }
+
+    if ([miscbeat][winlog][EventData][TimeStamp]) {
+      date {
+        id => "date_beats_eventdata_timestamp"
+        match => [ "[miscbeat][winlog][EventData][TimeStamp]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][TimeStamp]"
+      }
+      mutate {
+        id => "date_beats_eventdata_TimeStamp_to_timegenerated"
+        copy => { "[miscbeat][winlog][EventData][TimeStamp]" => "[miscbeat][winlog][TimeGenerated]" }
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][Detection_Time]) {
+      date {
+        id => "date_beats_eventdata_detectiontime"
+        match => [ "[miscbeat][winlog][EventData][Detection_Time]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][Detection_Time]"
+      }
+      if (![miscbeat][winlog][TimeGenerated]) {
+        mutate {
+          id => "date_beats_eventdata_detectiontime_to_timegenerated"
+          copy => { "[miscbeat][winlog][EventData][Detection_Time]" => "[miscbeat][winlog][TimeGenerated]" }
+        }
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][UtcTime]) {
+      date {
+        id => "date_beats_eventdata_utctime"
+        match => [ "[miscbeat][winlog][EventData][UtcTime]", "yyyy-MM-dd HH:mm:ss.SSS" ]
+        target => "[miscbeat][winlog][EventData][UtcTime]"
+      }
+      if (![miscbeat][winlog][TimeGenerated]) {
+        mutate {
+          id => "date_beats_eventdata_utctime_to_timegenerated"
+          copy => { "[miscbeat][winlog][EventData][UtcTime]" => "[miscbeat][winlog][TimeGenerated]" }
+        }
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][CreationUtcTime]) {
+      date {
+        id => "date_beats_eventdata_creationutctime"
+        match => [ "[miscbeat][winlog][EventData][CreationUtcTime]", "yyyy-MM-dd HH:mm:ss.SSS" ]
+        target => "[miscbeat][winlog][EventData][CreationUtcTime]"
+      }
+      mutate {
+        id => "date_beats_eventdata_utctime_to_timewritten"
+        copy => { "[miscbeat][winlog][EventData][UtcTime]" => "[miscbeat][winlog][TimeWritten]" }
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][fileTime]) {
+      date {
+        id => "date_beats_eventdata_filetime"
+        match => [ "[miscbeat][winlog][EventData][fileTime]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][fileTime]"
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][PreviousCreationUtcTime]) {
+      date {
+        id => "date_beats_eventdata_previouscreationutctime"
+        match => [ "[miscbeat][winlog][EventData][PreviousCreationUtcTime]", "yyyy-MM-dd HH:mm:ss.SSS" ]
+        target => "[miscbeat][winlog][EventData][PreviousCreationUtcTime]"
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][BitlockerUserInputTime]) {
+      date {
+        id => "date_beats_eventdata_bitlocker_user_input_time"
+        match => [ "[miscbeat][winlog][EventData][BitlockerUserInputTime]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][BitlockerUserInputTime]"
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][DeviceTime]) {
+      date {
+        id => "date_beats_eventdata_device_time"
+        match => [ "[miscbeat][winlog][EventData][DeviceTime]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][DeviceTime]"
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][NewTime]) {
+      date {
+        id => "date_beats_eventdata_new_time"
+        match => [ "[miscbeat][winlog][EventData][NewTime]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][NewTime]"
+      }
+    }
+
+    if ([miscbeat][winlog][EventData][OldTime]) {
+      date {
+        id => "date_beats_eventdata_old_time"
+        match => [ "[miscbeat][winlog][EventData][OldTime]", "ISO8601" ]
+        target => "[miscbeat][winlog][EventData][OldTime]"
+      }
+    }
+
+    # ECS -> related.user
+    if ([miscbeat][winlog][EventData][NewTargetUserName]) {
+      mutate { id => "mutate_merge_eventdata_user_newtargetusername"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][NewTargetUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][OldTargetUserName]) {
+      mutate { id => "mutate_merge_eventdata_user_oldtargetusername"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][OldTargetUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][SourceUserName]) {
+      mutate { id => "mutate_merge_eventdata_user_sourceusername"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][SourceUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][SubjectUserName]) {
+      mutate { id => "mutate_merge_eventdata_user_subjectusername"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][SubjectUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][TargetOutboundUserName]) {
+      mutate { id => "mutate_merge_eventdata_user_targetoutboundusername"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][TargetOutboundUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][TargetUserName]) {
+      mutate { id => "mutate_merge_eventdata_user_targetusername"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][TargetUserName]" } }
+    }
+    if ([miscbeat][winlog][EventData][username]) {
+      mutate { id => "mutate_merge_eventdata_user_username"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][username]" } }
+    }
+    if ([miscbeat][winlog][EventData][Detection_User]) {
+      mutate { id => "mutate_merge_eventdata_user_detection_user"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][Detection_User]" } }
+    }
+    if ([miscbeat][winlog][EventData][ParentUser]) {
+      mutate { id => "mutate_merge_eventdata_user_parentuser"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][ParentUser]" } }
+    }
+    if ([miscbeat][winlog][EventData][Remediation_User]) {
+      mutate { id => "mutate_merge_eventdata_user_remediation_user"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][Remediation_User]" } }
+    }
+    if ([miscbeat][winlog][EventData][TargetUser]) {
+      mutate { id => "mutate_merge_eventdata_user_targetuser"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][TargetUser]" } }
+    }
+    if ([miscbeat][winlog][EventData][User]) {
+      mutate { id => "mutate_merge_eventdata_user_user"
+               merge => { "[related][user]" => "[miscbeat][winlog][EventData][User]" } }
+    }
+
+    # ECS hash
+    if ([miscbeat][winlog][EventData][Hashes]) {
+      ruby {
+        id => "ruby_eventdata_eventdata_hashes"
+        code => "
+          if hash_str = event.get('[miscbeat][winlog][EventData][Hashes]') then
+            hash_dict = Hash[hash_str.split(',').map { |pair| pair.split('=') }]
+            event.set('[process][hash][sha1]', hash_dict['SHA1']) if hash_dict.key?('SHA1')
+            event.set('[process][hash][md5]', hash_dict['MD5']) if hash_dict.key?('MD5')
+            event.set('[process][hash][sha256]', hash_dict['SHA256']) if hash_dict.key?('SHA256')
+            event.set('[pe][imphash]', hash_dict['IMPHASH']) if hash_dict.key?('IMPHASH')
+          end"
+      }
+      if ([process][hash][sha1]) {
+        mutate { id => "mutate_merge_eventdata_related_hash_sha1"
+                 merge => { "[related][hash]" => "[process][hash][sha1]" } }
+      }
+      if ([process][hash][md5]) {
+        mutate { id => "mutate_merge_eventdata_related_hash_md5"
+                 merge => { "[related][hash]" => "[process][hash][md5]" } }
+      }
+      if ([process][hash][sha256]) {
+        mutate { id => "mutate_merge_eventdata_related_hash_sha256"
+                 merge => { "[related][hash]" => "[process][hash][sha256]" } }
+      }
+      if ([pe][imphash]) {
+        mutate { id => "mutate_merge_eventdata_related_hash_imphash"
+                 merge => { "[related][hash]" => "[pe][imphash]" } }
+      }
+      mutate { id => "mutate_miscbeat_remove_eventdata_hashes"
+               remove_field => [ "[miscbeat][winlog][EventData][Hashes]" ] }
+    }
+
+    # ECS dll
+    if ([miscbeat][winlog][EventData][ImageLoaded] =~ /\.dll/) {
+      ruby {
+        id => "ruby_eventdata_imageloaded_dedoubleslash"
+        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
+        script_params => {
+          "source" => "[miscbeat][winlog][EventData][ImageLoaded]"
+          "target" => "[miscbeat][winlog][EventData][ImageLoaded]"
+        }
+      }
+      mutate { id => "mutate_merge_eventdata_dll_path_eventdata_imageloaded"
+               merge => { "[dll][path]" => "[miscbeat][winlog][EventData][ImageLoaded]" } }
+      mutate { id => "mutate_merge_eventdata_dll_name_eventdata_imageloaded"
+               merge => { "[dll][name]" => "[miscbeat][winlog][EventData][ImageLoaded]" } }
+      mutate { id => "mutate_gsub_eventdata_dll_name_eventdata_imageloaded"
+               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
+    }
+
+    if ([miscbeat][winlog][EventData][OriginalFileName] =~ /\.dll/) {
+      ruby {
+        id => "ruby_eventdata_originalfilename_dedoubleslash"
+        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
+        script_params => {
+          "source" => "[miscbeat][winlog][EventData][OriginalFileName]"
+          "target" => "[miscbeat][winlog][EventData][OriginalFileName]"
+        }
+      }
+      mutate { id => "mutate_merge_eventdata_dll_path_eventdata_originalfilename"
+               merge => { "[dll][path]" => "[miscbeat][winlog][EventData][OriginalFileName]" } }
+      mutate { id => "mutate_merge_eventdata_dll_name_eventdata_originalfilename"
+               merge => { "[dll][name]" => "[miscbeat][winlog][EventData][OriginalFileName]" } }
+      mutate { id => "mutate_gsub_eventdata_dll_name_eventdata_originalfilename"
+               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
+    }
+
+    if ([miscbeat][winlog][EventData][StartModule] =~ /\.dll/) {
+      ruby {
+        id => "ruby_eventdata_startmodule_dedoubleslash"
+        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
+        script_params => {
+          "source" => "[miscbeat][winlog][EventData][StartModule]"
+          "target" => "[miscbeat][winlog][EventData][StartModule]"
+        }
+      }
+      mutate { id => "mutate_merge_eventdata_dll_path_eventdata_startmodule"
+               merge => { "[dll][path]" => "[miscbeat][winlog][EventData][StartModule]" } }
+      mutate { id => "mutate_merge_eventdata_dll_name_eventdata_startmodule"
+               merge => { "[dll][name]" => "[miscbeat][winlog][EventData][StartModule]" } }
+      mutate { id => "mutate_gsub_eventdata_dll_name_eventdata_startmodule"
+               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
+    }
+
+    if ([miscbeat][winlog][EventData][TargetFilename] =~ /\.dll/) {
+      ruby {
+        id => "ruby_eventdata_targetfilename_dedoubleslash"
+        path => "/usr/share/logstash/malcolm-ruby/dedoubleslash.rb"
+        script_params => {
+          "source" => "[miscbeat][winlog][EventData][TargetFilename]"
+          "target" => "[miscbeat][winlog][EventData][TargetFilename]"
+        }
+      }
+      mutate { id => "mutate_merge_eventdata_dll_path_eventdata_targetfilename"
+               merge => { "[dll][path]" => "[miscbeat][winlog][EventData][TargetFilename]" } }
+      mutate { id => "mutate_merge_eventdata_dll_name_eventdata_targetfilename"
+               merge => { "[dll][name]" => "[miscbeat][winlog][EventData][TargetFilename]" } }
+      mutate { id => "mutate_gsub_eventdata_dll_name_eventdata_targetfilename"
+               gsub => [ "[dll][name]",  "^.*[\\]{1}", "" ] }
+    }
+
+    # ECS executable
+    if ([miscbeat][winlog][EventData][Image]) {
+      mutate { id => "mutate_merge_eventdata_process_executable_eventdata_event_eventdata_image"
+               merge => { "[process][executable]" => "[miscbeat][winlog][EventData][Image]" } }
+    }
+    if ([miscbeat][winlog][EventData][Process_Name]) {
+      mutate { id => "mutate_merge_eventdata_process_executable_eventdata_event_eventdata_process_name"
+               merge => { "[process][executable]" => "[miscbeat][winlog][EventData][Process_Name]" } }
+    }
+    if ([miscbeat][winlog][EventData][ProcessName]) {
+      mutate { id => "mutate_merge_eventdata_process_executable_eventdata_event_eventdata_processname"
+               merge => { "[process][executable]" => "[miscbeat][winlog][EventData][ProcessName]" } }
+    }
+
+
+  } # if miscbeat.winlog.EventData
+
+}
\ No newline at end of file

From dea3ce7296a03c236561a2ce363cb035344e6a5c Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 9 Jan 2025 15:03:09 -0700
Subject: [PATCH 23/53] For cisagov/Malcolm#524, handle filenames with spaces
 in extracted_files_http_server.py

---
 nginx/nginx.conf          |  7 +++++--
 nginx/nginx_readonly.conf | 12 ++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 8e4fcb38e..b09d15419 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -194,7 +194,9 @@ http {
     # extracted file download
     location ~* ^/extracted-files\b(.*) {
       include /etc/nginx/nginx_auth_rt.conf;
-      proxy_pass http://extracted-file-http-server$1$is_args$args;
+      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
+      set $filereq $1;
+      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
       proxy_redirect off;
       proxy_set_header Host file-monitor.malcolm.local;
     }
@@ -204,8 +206,9 @@ http {
       include /etc/nginx/nginx_auth_rt.conf;
       include /etc/nginx/nginx_system_resolver.conf;
       set $upstream $1:8006;
+      set $filereq $2;
       # TODO: check, do i need is_args/args here?
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $2 break;
+      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
       proxy_pass https://$upstream;
       proxy_ssl_verify off;
       proxy_set_header Host $1;
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index bab3d9868..c1234b7a3 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -13,6 +13,9 @@ http {
   sendfile on;
 
   client_max_body_size 20m;
+  client_body_buffer_size 128k;
+  client_header_buffer_size 256k;
+  large_client_header_buffers 8 256k;
 
   fastcgi_buffers 16 64k;
   fastcgi_buffer_size 256k;
@@ -124,7 +127,10 @@ http {
 
     # extracted file download
     location ~* ^/extracted-files\b(.*) {
-      proxy_pass http://extracted-file-http-server$1;
+      include /etc/nginx/nginx_auth_rt.conf;
+      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
+      set $filereq $1;
+      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
       proxy_redirect off;
       proxy_set_header Host file-monitor.malcolm.local;
     }
@@ -133,7 +139,9 @@ http {
     location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
       include /etc/nginx/nginx_system_resolver.conf;
       set $upstream $1:8006;
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $2 break;
+      set $filereq $2;
+      # TODO: check, do i need is_args/args here?
+      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
       proxy_pass https://$upstream;
       proxy_ssl_verify off;
       proxy_set_header Host $1;

From 35da64f974393140791e686d3693a70c63e7201f Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 13 Jan 2025 10:39:12 -0700
Subject: [PATCH 24/53] work for cisagov/Malcolm#542, preserve custom field
 formatting for index pattern on update of index pattern

---
 dashboards/scripts/shared-object-creation.sh | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/dashboards/scripts/shared-object-creation.sh b/dashboards/scripts/shared-object-creation.sh
index c6b526a40..b694c0eb7 100755
--- a/dashboards/scripts/shared-object-creation.sh
+++ b/dashboards/scripts/shared-object-creation.sh
@@ -266,11 +266,24 @@ if [[ "${CREATE_OS_ARKIME_SESSION_INDEX:-true}" = "true" ]] ; then
           echo "Importing index pattern..."
           [[ "${TEMPLATES_IMPORTED}" == "true" ]] && SHOW_IMPORT_ERROR="--show-error" || SHOW_IMPORT_ERROR=
 
-          # Create index pattern
+          # Save off any custom field formatting prior to an overwrite
+          FIELD_FORMAT_MAP="$( curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --silent --location --fail -XGET -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
+                                 "$DASHB_URL/api/saved_objects/index-pattern/${INDEX_PATTERN}" 2>/dev/null | \
+                                 jq -r '.attributes.fieldFormatMap' 2>/dev/null | \
+                                 jq -c 'with_entries(.value.params.parsedUrl? = null | del(.value.params.parsedUrl))' 2>/dev/null )" || true
+
+          # Create index pattern (preserving custom field formatting)
+          MALCOLM_INDEX_PATTERN_FILE_TEMP="$(mktemp)"
+          echo "{\"attributes\":{\"title\":\"$INDEX_PATTERN\",\"timeFieldName\":\"$INDEX_TIME_FIELD\"}}" > "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
+          if [[ -n "$FIELD_FORMAT_MAP" ]] && [[ "$FIELD_FORMAT_MAP" != "null" ]]; then
+            echo "Preserving existing field formatting..."
+            jq --arg fieldFormatMap "$FIELD_FORMAT_MAP" '.attributes.fieldFormatMap = $fieldFormatMap' "$MALCOLM_INDEX_PATTERN_FILE_TEMP" | sponge "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
+          fi
           echo "Creating index pattern \"$INDEX_PATTERN\"..."
           curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --location --fail --silent --output /dev/null ${SHOW_IMPORT_ERROR} -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
             "$DASHB_URL/api/saved_objects/index-pattern/${INDEX_PATTERN}?overwrite=${TEMPLATES_IMPORTED}" \
-            -d"{\"attributes\":{\"title\":\"$INDEX_PATTERN\",\"timeFieldName\":\"$INDEX_TIME_FIELD\"}}" 2>&1 || true
+            -d @"$MALCOLM_INDEX_PATTERN_FILE_TEMP" 2>&1 || true
+          rm -f "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
 
           echo "Setting default index pattern..."
 

From a8846752a311dab8ad65ee9688a3d95f5efdedb0 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 13 Jan 2025 12:23:11 -0700
Subject: [PATCH 25/53] work for cisagov/Malcolm#542, preserve custom field
 formatting for index pattern on update of index pattern

---
 dashboards/scripts/shared-object-creation.sh | 41 +++++++++++++++-----
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/dashboards/scripts/shared-object-creation.sh b/dashboards/scripts/shared-object-creation.sh
index b694c0eb7..a1164ca58 100755
--- a/dashboards/scripts/shared-object-creation.sh
+++ b/dashboards/scripts/shared-object-creation.sh
@@ -267,23 +267,26 @@ if [[ "${CREATE_OS_ARKIME_SESSION_INDEX:-true}" = "true" ]] ; then
           [[ "${TEMPLATES_IMPORTED}" == "true" ]] && SHOW_IMPORT_ERROR="--show-error" || SHOW_IMPORT_ERROR=
 
           # Save off any custom field formatting prior to an overwrite
-          FIELD_FORMAT_MAP="$( curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --silent --location --fail -XGET -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
-                                 "$DASHB_URL/api/saved_objects/index-pattern/${INDEX_PATTERN}" 2>/dev/null | \
-                                 jq -r '.attributes.fieldFormatMap' 2>/dev/null | \
-                                 jq -c 'with_entries(.value.params.parsedUrl? = null | del(.value.params.parsedUrl))' 2>/dev/null )" || true
+          MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP="$(mktemp)"
+          ( curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --silent --location --fail -XGET -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
+                 "$DASHB_URL/api/saved_objects/index-pattern/${INDEX_PATTERN}" 2>/dev/null | \
+                 jq -r '.attributes.fieldFormatMap' 2>/dev/null | \
+                 jq -c 'with_entries(.value.params.parsedUrl? = null | del(.value.params.parsedUrl))' 2>/dev/null | \
+                 jq '@json' >"$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP" 2>/dev/null ) || true
+          MALCOLM_FIELD_FORMAT_MAP_FILE_SIZE=$(stat -c%s "$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP")
 
           # Create index pattern (preserving custom field formatting)
           MALCOLM_INDEX_PATTERN_FILE_TEMP="$(mktemp)"
           echo "{\"attributes\":{\"title\":\"$INDEX_PATTERN\",\"timeFieldName\":\"$INDEX_TIME_FIELD\"}}" > "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
-          if [[ -n "$FIELD_FORMAT_MAP" ]] && [[ "$FIELD_FORMAT_MAP" != "null" ]]; then
-            echo "Preserving existing field formatting..."
-            jq --arg fieldFormatMap "$FIELD_FORMAT_MAP" '.attributes.fieldFormatMap = $fieldFormatMap' "$MALCOLM_INDEX_PATTERN_FILE_TEMP" | sponge "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
+          if (( $MALCOLM_FIELD_FORMAT_MAP_FILE_SIZE > 64 )); then
+            echo "Preserving existing field formatting for \"$INDEX_PATTERN\"..."
+            jq --slurpfile fieldFormatMap "$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP" '.attributes.fieldFormatMap = $fieldFormatMap[0]' "$MALCOLM_INDEX_PATTERN_FILE_TEMP" | sponge "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
           fi
           echo "Creating index pattern \"$INDEX_PATTERN\"..."
           curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --location --fail --silent --output /dev/null ${SHOW_IMPORT_ERROR} -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
             "$DASHB_URL/api/saved_objects/index-pattern/${INDEX_PATTERN}?overwrite=${TEMPLATES_IMPORTED}" \
             -d @"$MALCOLM_INDEX_PATTERN_FILE_TEMP" 2>&1 || true
-          rm -f "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
+          rm -f "$MALCOLM_INDEX_PATTERN_FILE_TEMP" "$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP"
 
           echo "Setting default index pattern..."
 
@@ -297,11 +300,29 @@ if [[ "${CREATE_OS_ARKIME_SESSION_INDEX:-true}" = "true" ]] ; then
             IDX_ID="$(echo "$i" | cut -d';' -f1)"
             IDX_NAME="$(echo "$i" | cut -d';' -f2)"
             IDX_TIME_FIELD="$(echo "$i" | cut -d';' -f3)"
+
+            # Save off any custom field formatting prior to an overwrite
+            MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP="$(mktemp)"
+            ( curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --silent --location --fail -XGET -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
+                   "$DASHB_URL/api/saved_objects/index-pattern/${IDX_ID}" 2>/dev/null | \
+                   jq -r '.attributes.fieldFormatMap' 2>/dev/null | \
+                   jq -c 'with_entries(.value.params.parsedUrl? = null | del(.value.params.parsedUrl))' 2>/dev/null | \
+                   jq '@json' >"$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP" 2>/dev/null ) || true
+            MALCOLM_FIELD_FORMAT_MAP_FILE_SIZE=$(stat -c%s "$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP")
+
+            MALCOLM_INDEX_PATTERN_FILE_TEMP="$(mktemp)"
+            echo "{\"attributes\":{\"title\":\"$IDX_NAME\",\"timeFieldName\":\"$IDX_TIME_FIELD\"}}" > "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
+            if (( $MALCOLM_FIELD_FORMAT_MAP_FILE_SIZE > 64 )); then
+              echo "Preserving existing field formatting for \"$IDX_NAME\"..."
+              jq --slurpfile fieldFormatMap "$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP" '.attributes.fieldFormatMap = $fieldFormatMap[0]' "$MALCOLM_INDEX_PATTERN_FILE_TEMP" | sponge "$MALCOLM_INDEX_PATTERN_FILE_TEMP"
+            fi
+
             echo "Creating index pattern \"$IDX_NAME\"..."
             curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --location --fail --silent --output /dev/null ${SHOW_IMPORT_ERROR} -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \
               "$DASHB_URL/api/saved_objects/index-pattern/${IDX_ID}?overwrite=${TEMPLATES_IMPORTED}" \
-              -d"{\"attributes\":{\"title\":\"$IDX_NAME\",\"timeFieldName\":\"$IDX_TIME_FIELD\"}}" 2>&1 || true
-          done
+              -d @"$MALCOLM_INDEX_PATTERN_FILE_TEMP" 2>&1 || true
+            rm -f "$MALCOLM_INDEX_PATTERN_FILE_TEMP" "$MALCOLM_FIELD_FORMAT_MAP_FILE_TEMP"
+          done # i in OTHER_INDEX_PATTERNS
 
           # end Index pattern
           #############################################################################################################################

From d2827a3d9f76b5883bbf41fa500c446466f9275b Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 13 Jan 2025 12:26:11 -0700
Subject: [PATCH 26/53] bump yq to v4.45.1

---
 Dockerfiles/filebeat.Dockerfile | 2 +-
 Dockerfiles/netbox.Dockerfile   | 2 +-
 Dockerfiles/suricata.Dockerfile | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index dc4e3b7af..a8dfa5d86 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -73,7 +73,7 @@ ENV SUPERCRONIC_VERSION "0.2.33"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
-ENV YQ_VERSION "4.44.6"
+ENV YQ_VERSION "4.45.1"
 ENV YQ_URL "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_"
 
 ENV EVTX_VERSION "0.8.4"
diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile
index 37c1b5944..05c5c3a94 100644
--- a/Dockerfiles/netbox.Dockerfile
+++ b/Dockerfiles/netbox.Dockerfile
@@ -33,7 +33,7 @@ ENV NETBOX_INITIALIZERS_VERSION "v4.1.0"
 ENV NETBOX_TOPOLOGY_VERSION "4.1.0"
 ENV NETBOX_HEALTHCHECK_VERSION "0.2.0"
 
-ENV YQ_VERSION "4.44.6"
+ENV YQ_VERSION "4.45.1"
 ENV YQ_URL "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_"
 
 ENV NETBOX_DEVICETYPE_LIBRARY_IMPORT_URL "https://codeload.github.com/mmguero-dev/Device-Type-Library-Import/tar.gz/develop"
diff --git a/Dockerfiles/suricata.Dockerfile b/Dockerfiles/suricata.Dockerfile
index 9b77005cd..f95cbab25 100644
--- a/Dockerfiles/suricata.Dockerfile
+++ b/Dockerfiles/suricata.Dockerfile
@@ -37,7 +37,7 @@ ENV SUPERCRONIC_VERSION "0.2.33"
 ENV SUPERCRONIC_URL "https://github.com/aptible/supercronic/releases/download/v$SUPERCRONIC_VERSION/supercronic-linux-"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
-ENV YQ_VERSION "4.44.6"
+ENV YQ_VERSION "4.45.1"
 ENV YQ_URL "https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_"
 
 ENV SURICATA_VERSION_PATTERN "1:7.0.*"

From 3c94d7f5fe80820a22191c518c87594aadbcca54 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 13 Jan 2025 15:43:24 -0700
Subject: [PATCH 27/53] for cisagov/Malcolm#551, URL pivot links from
 dashboards to arkime

---
 dashboards/scripts/index-refresh.py | 177 ++++++++--------------------
 1 file changed, 52 insertions(+), 125 deletions(-)

diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
index 83b233eb2..ddeda4ce1 100755
--- a/dashboards/scripts/index-refresh.py
+++ b/dashboards/scripts/index-refresh.py
@@ -16,7 +16,7 @@
 GET_STATUS_API = 'api/status'
 GET_INDEX_PATTERN_INFO_URI = 'api/saved_objects/_find'
 GET_FIELDS_URI = 'api/index_patterns/_fields_for_wildcard'
-PUT_INDEX_PATTERN_URI = 'api/saved_objects/index-pattern'
+GET_PUT_INDEX_PATTERN_URI = 'api/saved_objects/index-pattern'
 OS_GET_INDEX_TEMPLATE_URI = '_index_template'
 OS_GET_COMPONENT_TEMPLATE_URI = '_component_template'
 GET_SHARDS_URL = '_cat/shards?h=index,state'
@@ -155,6 +155,12 @@ def main():
     opensearchCreds = (
         malcolm_utils.ParseCurlFile(args.opensearchCurlRcFile) if (not opensearchIsLocal) else defaultdict(lambda: None)
     )
+
+    if args.opensearchMode == malcolm_utils.DatabaseMode.ElasticsearchRemote:
+        xsrfHeader = "kbn-xsrf"
+    else:
+        xsrfHeader = "osd-xsrf"
+
     if not args.opensearchUrl:
         if opensearchIsLocal:
             args.opensearchUrl = 'http://opensearch:9200'
@@ -176,7 +182,7 @@ def main():
     statusInfo = statusInfoResponse.json()
     dashboardsVersion = statusInfo['version']['number']
     if debug:
-        malcolm_utils.eprint('OpenSearch Dashboards version is {}'.format(dashboardsVersion))
+        malcolm_utils.eprint('Dashboards version is {}'.format(dashboardsVersion))
 
     opensearchInfoResponse = requests.get(
         args.opensearchUrl,
@@ -298,136 +304,58 @@ def main():
         if debug:
             malcolm_utils.eprint('{} would have {} fields'.format(args.index, len(getFieldsList)))
 
+        # first get the previous field format map as a starting point, if any
+        getResponse = requests.get(
+            '{}/{}/{}'.format(args.dashboardsUrl, GET_PUT_INDEX_PATTERN_URI, indexId),
+            headers={
+                'Content-Type': 'application/json',
+                xsrfHeader: 'true',
+            },
+            auth=opensearchReqHttpAuth,
+            verify=args.opensearchSslVerify,
+        )
+        getResponse.raise_for_status()
+        try:
+            fieldFormatMap = json.loads(
+                malcolm_utils.deep_get(getResponse.json(), ['attributes', 'fieldFormatMap'], default="{}")
+            )
+        except Exception as e:
+            fieldFormatMap = {}
+
         # define field formatting map for Dashboards -> Arkime drilldown and other URL drilldowns
         #
-        # see: https://github.com/cisagov/Malcolm/issues/133
-        #      https://github.com/mmguero-dev/kibana-plugin-drilldownmenu
-        #
         # fieldFormatMap is
         #    {
-        #        "source.ip": {
-        #            "id": "drilldown",
-        #            "params": {
-        #                "parsedUrl": {
-        #                    "origin": "https://malcolm.local.lan",
-        #                    "pathname": "/kibana/app/kibana",
-        #                    "basePath": "/kibana"
-        #                },
-        #                "urlTemplates": [
-        #                    null,
-        #                    {
-        #                        "url": "/iddash2ark/source.ip == {{value}}",
-        #                        "label": "Arkime: source.ip == {{value}}"
-        #                    }
-        #                ]
-        #            }
+        #        "destination.port": {
+        #           "id": "url",
+        #           "params": {
+        #             "urlTemplate": "https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}",
+        #             "labelTemplate": "{{value}}",
+        #             "openLinkInCurrentTab": false
+        #           }
         #        },
         #        ...
         #    }
-        fieldFormatMap = {}
-        for field in getFieldsList:
-            if field['name'][:1].isalpha():
+
+        if args.opensearchMode != malcolm_utils.DatabaseMode.ElasticsearchRemote:
+            for field in [x for x in getFieldsList if x['name'][:1].isalpha() and x['name'] not in fieldFormatMap]:
+                fieldFormatInfo = {}
+                fieldFormatInfo['id'] = 'url'
+                fieldFormatInfo['params'] = {}
+
                 # for Arkime to query by database field name, see arkime issue/PR 1461/1463
                 valQuote = '"' if field['type'] == 'string' else ''
-                valDbPrefix = '' if field['name'].startswith('zeek') else 'db:'
-                drilldownInfoParamsUrlTemplateValues = {}
-                drilldownInfoParamsUrlTemplateValues['url'] = '/iddash2ark/{}{} == {}{{{{value}}}}{}'.format(
-                    valDbPrefix, field['name'], valQuote, valQuote
+                valDbPrefix = (
+                    '' if (field['name'].startswith('zeek') or field['name'].startswith('suricata')) else 'db:'
                 )
-                drilldownInfoParamsUrlTemplateValues['label'] = 'Arkime {}: {}{{{{value}}}}{}'.format(
-                    field['name'], valQuote, valQuote
+
+                fieldFormatInfo['params']['urlTemplate'] = '/iddash2ark/{}{} == {}{{{{value}}}}{}'.format(
+                    valDbPrefix, field['name'], valQuote, valQuote
                 )
-                drilldownInfoParamsUrlTemplates = [None, drilldownInfoParamsUrlTemplateValues]
-
-                if (field['type'] == 'ip') or (re.search(r'[_\.-](h|ip)$', field['name'], re.IGNORECASE) is not None):
-                    # add drilldown for searching IANA for IP addresses
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://www.virustotal.com/en/ip-address/{{value}}/information/'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'VirusTotal IP: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'(^|[\b_\.-])(md5|sha(1|256|384|512))\b', field['name'], re.IGNORECASE) is not None:
-                    # add drilldown for searching VirusTotal for hash signatures
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://www.virustotal.com/gui/file/{{value}}/detection'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'VirusTotal Hash: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'(^|[\b_\.-])(hit|signature(_?id))?s?$', field['name'], re.IGNORECASE) is not None:
-                    # add drilldown for searching the web for signature IDs
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = 'https://duckduckgo.com/?q="{{value}}"'
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Web Search: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif (
-                    re.search(r'(^|src|dst|source|dest|destination|[\b_\.-])p(ort)?s?$', field['name'], re.IGNORECASE)
-                    is not None
-                ):
-                    # add drilldown for searching IANA for ports
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Port Registry: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'^(protocol?|network\.protocol)$', field['name'], re.IGNORECASE) is not None:
-                    # add drilldown for searching IANA for services
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search={{value}}'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Service Registry: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'^(network\.transport|ipProtocol)$', field['name'], re.IGNORECASE) is not None:
-                    # add URL link for assigned transport protocol numbers
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Protocol Registry'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'(as\.number|(src|dst)ASN|asn\.(src|dst))$', field['name'], re.IGNORECASE) is not None:
-                    # add drilldown for searching ARIN for ASN
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://search.arin.net/rdap/?query={{value}}&searchFilter=asn'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'ARIN ASN: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'mime[_\.-]?type', field['name'], re.IGNORECASE) is not None:
-                    # add drilldown for searching mime/media/content types
-                    # TODO: '/' in URL is getting messed up somehow, maybe we need to url encode it manually? not sure...
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = (
-                        'https://www.iana.org/assignments/media-types/{{value}}'
-                    )
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Media Type Registry: {{value}}'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                elif re.search(r'(^zeek\.files\.extracted$)', field['name'], re.IGNORECASE) is not None:
-                    # add download for extracted zeek files
-                    drilldownInfoParamsUrlTemplateValues = {}
-                    drilldownInfoParamsUrlTemplateValues['url'] = '/extracted-files/{{value}}'
-                    drilldownInfoParamsUrlTemplateValues['label'] = 'Download'
-                    drilldownInfoParamsUrlTemplates.append(drilldownInfoParamsUrlTemplateValues)
-
-                drilldownInfoParams = {}
-                drilldownInfoParams['urlTemplates'] = drilldownInfoParamsUrlTemplates
-
-                drilldownInfo = {}
-                drilldownInfo['id'] = 'drilldown'
-                drilldownInfo['params'] = drilldownInfoParams
-
-                fieldFormatMap[field['name']] = drilldownInfo
+                fieldFormatInfo['params']['labelTemplate'] = '{{value}}'
+                fieldFormatInfo['params']['openLinkInCurrentTab'] = False
+
+                fieldFormatMap[field['name']] = fieldFormatInfo
 
         # set the index pattern with our complete list of fields
         putIndexInfo = {}
@@ -438,11 +366,10 @@ def main():
 
         if not args.dryrun:
             putResponse = requests.put(
-                '{}/{}/{}'.format(args.dashboardsUrl, PUT_INDEX_PATTERN_URI, indexId),
+                '{}/{}/{}'.format(args.dashboardsUrl, GET_PUT_INDEX_PATTERN_URI, indexId),
                 headers={
                     'Content-Type': 'application/json',
-                    'osd-xsrf': 'true',
-                    'osd-version': dashboardsVersion,
+                    xsrfHeader: 'true',
                 },
                 data=json.dumps(putIndexInfo),
                 auth=opensearchReqHttpAuth,
@@ -474,7 +401,7 @@ def main():
                     '{}/{}/{}'.format(args.opensearchUrl, shardInfo[0], '_settings'),
                     headers={
                         'Content-Type': 'application/json',
-                        'osd-xsrf': 'true',
+                        xsrfHeader: 'true',
                     },
                     data=json.dumps({'index': {'number_of_replicas': 0}}),
                     auth=opensearchReqHttpAuth,

From ae3c7f0a4f534a31edf5c5b85c252b41a7d3b430 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 13 Jan 2025 16:24:23 -0700
Subject: [PATCH 28/53] for cisagov/Malcolm#551, URL pivot links from
 dashboards to arkime

---
 dashboards/scripts/index-refresh.py | 75 ++++++++++++++++++++++++++---
 1 file changed, 67 insertions(+), 8 deletions(-)

diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
index ddeda4ce1..3abff360d 100755
--- a/dashboards/scripts/index-refresh.py
+++ b/dashboards/scripts/index-refresh.py
@@ -343,15 +343,74 @@ def main():
                 fieldFormatInfo['id'] = 'url'
                 fieldFormatInfo['params'] = {}
 
-                # for Arkime to query by database field name, see arkime issue/PR 1461/1463
-                valQuote = '"' if field['type'] == 'string' else ''
-                valDbPrefix = (
-                    '' if (field['name'].startswith('zeek') or field['name'].startswith('suricata')) else 'db:'
-                )
+                if field['name'].endswith('.segment.id'):
+                    fieldFormatInfo['params']['urlTemplate'] = '/netbox/ipam/prefixes/{{value}}'
+
+                elif field['name'].endswith('.segment.name') or (field['name'] == 'network.name'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=ipam.prefix&lookup=iexact'
+
+                elif field['name'].endswith('.segment.tenant'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=tenancy.tenant&lookup=iexact'
+
+                elif field['name'].endswith('.device.id') or (field['name'] == 'related.device_id'):
+                    fieldFormatInfo['params']['urlTemplate'] = '/netbox/dcim/devices/{{value}}'
+
+                elif field['name'].endswith('.device.name') or (field['name'] == 'related.device_name'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.device&obj_types=virtualization.virtualmachine&lookup=iexact'
+
+                elif field['name'].endswith('.device.cluster'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=virtualization.cluster&lookup=iexact'
+
+                elif field['name'].endswith('.device.device_type') or (field['name'] == 'related.device_type'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.devicetype&lookup=iexact'
+
+                elif field['name'].endswith('.device.manufacturer') or (field['name'] == 'related.manufacturer'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.manufacturer&lookup=iexact'
+
+                elif field['name'].endswith('.device.role') or (field['name'] == 'related.role'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.devicerole&lookup=iexact'
+
+                elif field['name'].endswith('.device.service') or (field['name'] == 'related.service'):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=ipam.service&lookup=iexact'
+
+                elif field['name'].endswith('.device.url') or field['name'].endswith('.segment.url'):
+                    fieldFormatInfo['params']['urlTemplate'] = '{{value}}'
+
+                elif (
+                    field['name'].endswith('.device.site')
+                    or field['name'].endswith('.segment.site')
+                    or (field['name'] == 'related.site')
+                ):
+                    fieldFormatInfo['params'][
+                        'urlTemplate'
+                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.site&lookup=iexact'
+
+                else:
+                    # for Arkime to query by database field name, see arkime issue/PR 1461/1463
+                    valQuote = '"' if field['type'] == 'string' else ''
+                    valDbPrefix = (
+                        '' if (field['name'].startswith('zeek') or field['name'].startswith('suricata')) else 'db:'
+                    )
+                    fieldFormatInfo['params']['urlTemplate'] = '/iddash2ark/{}{} == {}{{{{value}}}}{}'.format(
+                        valDbPrefix, field['name'], valQuote, valQuote
+                    )
 
-                fieldFormatInfo['params']['urlTemplate'] = '/iddash2ark/{}{} == {}{{{{value}}}}{}'.format(
-                    valDbPrefix, field['name'], valQuote, valQuote
-                )
                 fieldFormatInfo['params']['labelTemplate'] = '{{value}}'
                 fieldFormatInfo['params']['openLinkInCurrentTab'] = False
 

From 4bd836202e0acbe143c0c953b4aa6fe92908f34a Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 10:45:09 -0700
Subject: [PATCH 29/53] fix pivot from arkime to dashboards and vice-versa when
 using a traefik or other reverse proxy

---
 nginx/nginx.conf                               | 6 +++++-
 nginx/nginx_idark2dash_rewrite_dashboards.conf | 6 +++++-
 nginx/nginx_readonly.conf                      | 6 +++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index b09d15419..9aaf4a867 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -169,7 +169,11 @@ http {
 
     # Dashboards -> Arkime shortcut
     location ~* /iddash2ark/(.*) {
-      rewrite ^.*/iddash2ark/(.*) /arkime/sessions?expression=($1) redirect;
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      rewrite ^.*/iddash2ark/(.*) $forwarded_scheme://$host/arkime/sessions?expression=($1) redirect;
       proxy_pass https://arkime;
       proxy_ssl_verify off;
       proxy_redirect off;
diff --git a/nginx/nginx_idark2dash_rewrite_dashboards.conf b/nginx/nginx_idark2dash_rewrite_dashboards.conf
index e8b774ae8..a5837c784 100644
--- a/nginx/nginx_idark2dash_rewrite_dashboards.conf
+++ b/nginx/nginx_idark2dash_rewrite_dashboards.conf
@@ -1,5 +1,9 @@
 include /etc/nginx/nginx_auth_rt.conf;
-rewrite ^.*/idark2dash/(.*) $dashboards_prefix/app/dashboards#/view/0ad3d7c2-3441-485e-9dfe-dbb22e84e576?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:$filter_start_time,to:$filter_stop_time))&_a=(description:'',filters:!((meta:(alias:!n,disabled:!f,index:'$sessions_index',key:$filter_field,negate:!f,params:(query:'$filter_value'),type:phrase),query:(match_phrase:($filter_field:'$filter_value')))),fullScreenMode:!f,options:(useMargins:!t),query:(language:lucene,query:'*'),timeRestore:!f,viewMode:view) redirect;
+set $forwarded_scheme $scheme;
+if ($http_x_forwarded_proto = 'https') {
+    set $forwarded_scheme https;
+}
+rewrite ^.*/idark2dash/(.*) $forwarded_scheme://$host$dashboards_prefix/app/dashboards#/view/0ad3d7c2-3441-485e-9dfe-dbb22e84e576?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:$filter_start_time,to:$filter_stop_time))&_a=(description:'',filters:!((meta:(alias:!n,disabled:!f,index:'$sessions_index',key:$filter_field,negate:!f,params:(query:'$filter_value'),type:phrase),query:(match_phrase:($filter_field:'$filter_value')))),fullScreenMode:!f,options:(useMargins:!t),query:(language:lucene,query:'*'),timeRestore:!f,viewMode:view) redirect;
 proxy_pass $dashboards_proxy_pass;
 proxy_redirect off;
 proxy_set_header Host dashboards.malcolm.local;
\ No newline at end of file
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index c1234b7a3..47e953415 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -104,7 +104,11 @@ http {
 
     # Dashboards -> Arkime shortcut
     location ~* /iddash2ark/(.*) {
-      rewrite ^.*/iddash2ark/(.*) /arkime/sessions?expression=($1) redirect;
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      rewrite ^.*/iddash2ark/(.*) $forwarded_scheme://$host/arkime/sessions?expression=($1) redirect;
       proxy_pass https://arkime;
       proxy_ssl_verify off;
       proxy_redirect off;

From 4dd9ef9cdfe1695bd87e16e8207a0c337459518f Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 11:10:46 -0700
Subject: [PATCH 30/53] for cisagov/Malcolm#551, URL pivot links from
 dashboards to netbox

---
 nginx/nginx.conf          | 40 ++++++++++++++++++++++++++------------
 nginx/nginx_readonly.conf | 41 +++++++++++++++++++++++++++------------
 2 files changed, 57 insertions(+), 24 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 9aaf4a867..cc63e6787 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -142,6 +142,34 @@ http {
       client_max_body_size 50G;
     }
 
+    # netbox
+    location /netbox {
+      include /etc/nginx/nginx_auth_rt.conf;
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+    # netbox from dashboards pivot link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/netbox/(.*) {
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/netbox/(.*) $forwarded_scheme://$host/netbox/$1 redirect;
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+
     # Arkime -> Dashboards shortcut
     location ~* /idark2dash(.*) {
       set $filter_start_time now-1d;
@@ -219,18 +247,6 @@ http {
       proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
     }
 
-    # netbox
-    location /netbox {
-      include /etc/nginx/nginx_auth_rt.conf;
-      proxy_pass http://netbox;
-      proxy_redirect off;
-      proxy_set_header Host netbox.malcolm.local;
-      proxy_set_header X-Forwarded-Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header X-Remote-Auth $authenticated_user;
-    }
-
     # Fix cyberchef JS module(s)
     # https://localhost/arkime/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js
     location ~* ^/arkime/session/.*/(modules/.*\.js) {
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index 47e953415..2fd67aba1 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -102,6 +102,35 @@ http {
       include /etc/nginx/nginx_idark2dash_rewrite_rt.conf;
     }
 
+    # netbox
+    location /netbox {
+      limit_except GET { deny all; }
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+    # netbox from dashboards pivot link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/netbox/(.*) {
+    limit_except GET { deny all; }
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/netbox/(.*) $forwarded_scheme://$host/netbox/$1 redirect;
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Remote-Auth $authenticated_user;
+    }
+
     # Dashboards -> Arkime shortcut
     location ~* /iddash2ark/(.*) {
       set $forwarded_scheme $scheme;
@@ -152,18 +181,6 @@ http {
       proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
     }
 
-    # netbox
-    location /netbox {
-      limit_except GET { deny all; }
-      proxy_pass http://netbox;
-      proxy_redirect off;
-      proxy_set_header Host netbox.malcolm.local;
-      proxy_set_header X-Forwarded-Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header X-Remote-Auth $authenticated_user;
-    }
-
     # favicon, logos, banners, etc.
     include /etc/nginx/nginx_image_aliases.conf;
 

From db8bde4ca392a054be4324fceb928627ddda9c4a Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 11:37:33 -0700
Subject: [PATCH 31/53] for cisagov/Malcolm#551, URL pivot links from
 dashboards to netbox

---
 dashboards/scripts/index-refresh.py | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
index 3abff360d..061463db9 100755
--- a/dashboards/scripts/index-refresh.py
+++ b/dashboards/scripts/index-refresh.py
@@ -370,24 +370,16 @@ def main():
                     ] = '/netbox/search/?q={{value}}&obj_types=virtualization.cluster&lookup=iexact'
 
                 elif field['name'].endswith('.device.device_type') or (field['name'] == 'related.device_type'):
-                    fieldFormatInfo['params'][
-                        'urlTemplate'
-                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.devicetype&lookup=iexact'
+                    fieldFormatInfo['params']['urlTemplate'] = '/netbox/search/?q={{value}}&obj_types=dcim.devicetype'
 
                 elif field['name'].endswith('.device.manufacturer') or (field['name'] == 'related.manufacturer'):
-                    fieldFormatInfo['params'][
-                        'urlTemplate'
-                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.manufacturer&lookup=iexact'
+                    fieldFormatInfo['params']['urlTemplate'] = '/netbox/search/?q={{value}}&obj_types=dcim.manufacturer'
 
                 elif field['name'].endswith('.device.role') or (field['name'] == 'related.role'):
-                    fieldFormatInfo['params'][
-                        'urlTemplate'
-                    ] = '/netbox/search/?q={{value}}&obj_types=dcim.devicerole&lookup=iexact'
+                    fieldFormatInfo['params']['urlTemplate'] = '/netbox/search/?q={{value}}&obj_types=dcim.devicerole'
 
                 elif field['name'].endswith('.device.service') or (field['name'] == 'related.service'):
-                    fieldFormatInfo['params'][
-                        'urlTemplate'
-                    ] = '/netbox/search/?q={{value}}&obj_types=ipam.service&lookup=iexact'
+                    fieldFormatInfo['params']['urlTemplate'] = '/netbox/search/?q={{value}}&obj_types=ipam.service'
 
                 elif field['name'].endswith('.device.url') or field['name'].endswith('.segment.url'):
                     fieldFormatInfo['params']['urlTemplate'] = '{{value}}'

From bdac4f477127413ffb660ff6bbdf8baf6203e1f8 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 11:53:11 -0700
Subject: [PATCH 32/53] for cisagov/Malcolm#551, URL pivot links from netbox to
 arkime/dashboards

---
 netbox/preload/custom_links.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/netbox/preload/custom_links.yml b/netbox/preload/custom_links.yml
index 15eb0cb81..cc8fcb15b 100644
--- a/netbox/preload/custom_links.yml
+++ b/netbox/preload/custom_links.yml
@@ -13,6 +13,11 @@
   link_url: "/dashboards/app/dashboards#/view/677ee170-809e-11ed-8d5b-07069f823b6f?_g=(filters:!((meta:(key:related.role,negate:!f,params:(query:1),type:phrase),query:(match_phrase:(related.role:'{{ object.name }}')))))"
   new_window: True
   content_type: devicerole
+- name: site_link_to_dashboards
+  link_text: 'Asset Interaction Analysis'
+  link_url: "/dashboards/app/dashboards#/view/677ee170-809e-11ed-8d5b-07069f823b6f?_g=(filters:!((meta:(key:related.site,negate:!f,params:(query:1),type:phrase),query:(match_phrase:(related.site:'{{ object.name }}')))))"
+  new_window: True
+  content_type: site
 - name: device_link_to_arkime
   link_text: 'Arkime'
   link_url: '/arkime/sessions?expression=(related.device_id == {{ object.id }})'
@@ -28,3 +33,8 @@
   link_url: '/arkime/sessions?expression=(related.role == "{{ object.name }}")'
   new_window: True
   content_type: devicerole
+- name: site_link_to_arkime
+  link_text: 'Arkime'
+  link_url: '/arkime/sessions?expression=(related.site == "{{ object.name }}")'
+  new_window: True
+  content_type: site
\ No newline at end of file

From c005ec2800fb71c947c26bb021ea73ddb86122cd Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 13:14:56 -0700
Subject: [PATCH 33/53] start of cisagov/Malcolm#553, update zeek to v7.1.0

---
 Dockerfiles/zeek.Dockerfile        | 2 +-
 hedgehog-raspi/sensor_install.sh   | 2 +-
 shared/bin/zeek-deb-download.sh    | 2 +-
 shared/bin/zeek_install_plugins.sh | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index de6449947..961a3e27d 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -33,7 +33,7 @@ USER root
 # see PUSER_CHOWN at the bottom of the file (after the other environment variables it references)
 
 # for download and install
-ARG ZEEK_VERSION=7.0.5-0
+ARG ZEEK_VERSION=7.1.0-0
 ENV ZEEK_VERSION $ZEEK_VERSION
 ARG ZEEK_DEB_ALTERNATE_DOWNLOAD_URL=""
 
diff --git a/hedgehog-raspi/sensor_install.sh b/hedgehog-raspi/sensor_install.sh
index 201773d86..db18ea0c6 100644
--- a/hedgehog-raspi/sensor_install.sh
+++ b/hedgehog-raspi/sensor_install.sh
@@ -212,7 +212,7 @@ build_zeek_src() {
     export PYTHONUNBUFFERED=1
 
     zeek_url=https://github.com/zeek/zeek.git
-    zeek_version=7.0.5
+    zeek_version=7.1.0
     zeek_release=1
     zeek_dir=/opt/zeek
     # Zeek's build eats a ton of resources; prevent OOM from the killing build process
diff --git a/shared/bin/zeek-deb-download.sh b/shared/bin/zeek-deb-download.sh
index b4c942f98..9c3d7bf40 100755
--- a/shared/bin/zeek-deb-download.sh
+++ b/shared/bin/zeek-deb-download.sh
@@ -6,7 +6,7 @@ unset VERBOSE
 command -v dpkg >/dev/null 2>&1 && ARCH="$(dpkg --print-architecture)" || ARCH=amd64
 DISTRO=Debian_12
 OUTPUT_DIR=/tmp
-ZEEK_VERSION=7.0.5-0
+ZEEK_VERSION=7.1.0-0
 PRESERVE_HIERARCHY=false
 ZEEK_DEB_ALTERNATE_DOWNLOAD_URL=${ZEEK_DEB_ALTERNATE_DOWNLOAD_URL:-}
 ZEEK_DEB_ALTERNATE_DOWNLOAD_URL_FILE=${ZEEK_DEB_ALTERNATE_DOWNLOAD_URL_FILE:-}
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index cd70c04ef..094a95dc8 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -132,7 +132,7 @@ ZKG_GITHUB_URLS=(
   "https://github.com/corelight/zeek-quasarrat-detector"
   "https://github.com/corelight/zeek-spicy-ipsec"
   "https://github.com/corelight/zeek-spicy-openvpn"
-  "https://github.com/corelight/zeek-spicy-ospf"
+  "https://github.com/corelight/zeek-spicy-ospf|master"
   "https://github.com/corelight/zeek-spicy-stun"
   "https://github.com/corelight/zeek-spicy-wireguard"
   "https://github.com/corelight/zeek-strrat-detector"

From f3231e9ef5d8c922e6e151cf122cd598efd8b59f Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 13:42:25 -0700
Subject: [PATCH 34/53] cisagov/Malcolm#553, handle conn.log for zeek v7.1.0
 and documentation update

---
 docs/protocols.md                             |  2 +-
 logstash/pipelines/zeek/1014_zeek_conn.conf   |  6 ++++--
 logstash/pipelines/zeek/1200_zeek_mutate.conf | 12 +++++++-----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/docs/protocols.md b/docs/protocols.md
index ee1c40768..105c6cd0f 100644
--- a/docs/protocols.md
+++ b/docs/protocols.md
@@ -33,7 +33,7 @@ Malcolm uses [Zeek](https://docs.zeek.org/en/stable/script-reference/proto-analy
 |Open Platform Communications Unified Architecture (OPC UA) Binary|[🔗](https://en.wikipedia.org/wiki/OPC_Unified_Architecture)|[🔗](https://opcfoundation.org/developer-tools/specifications-unified-architecture)||[✓](https://github.com/cisagov/icsnpp-opcua-binary)|
 |Open Shortest Path First (OSPF)|[🔗](https://en.wikipedia.org/wiki/Open_Shortest_Path_First)|[🔗](https://datatracker.ietf.org/wg/ospf/charter/)[🔗](https://datatracker.ietf.org/doc/html/rfc2328)[🔗](https://datatracker.ietf.org/doc/html/rfc5340)||[✓](https://github.com/corelight/zeek-spicy-ospf)|
 |OpenVPN|[🔗](https://en.wikipedia.org/wiki/OpenVPN)|[🔗](https://openvpn.net/community-resources/openvpn-protocol/)[🔗](https://zeek.org/2021/03/16/a-zeek-openvpn-protocol-analyzer/)||[✓](https://github.com/corelight/zeek-spicy-openvpn)|
-|PostgreSQL|[🔗](https://en.wikipedia.org/wiki/PostgreSQL)|[🔗](https://www.postgresql.org/)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/postgresql.c)||
+|PostgreSQL|[🔗](https://en.wikipedia.org/wiki/PostgreSQL)|[🔗](https://www.postgresql.org/)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/postgresql.c)|[🔗](https://docs.zeek.org/en/master/scripts/base/protocols/postgresql/main.zeek.html)|
 |Process Field Net (PROFINET)|[🔗](https://en.wikipedia.org/wiki/PROFINET)|[🔗](https://us.profinet.com/technology/profinet/)||[✓](https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek)|
 |PROFINET IO CM (Input/Output Context Manager)|[🔗](https://wiki.wireshark.org/PROFINET/IO)|[🔗](https://us.profinet.com/technology/profinet/)[🔗](https://webstore.iec.ch/publication/83418)||[✓](https://github.com/cisagov/icsnpp-profinet-io-cm/blob/main/analyzer/types.zeek)|
 |Remote Authentication Dial-In User Service (RADIUS)|[🔗](https://en.wikipedia.org/wiki/RADIUS)|[🔗](https://tools.ietf.org/html/rfc2865)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/radius.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info)|
diff --git a/logstash/pipelines/zeek/1014_zeek_conn.conf b/logstash/pipelines/zeek/1014_zeek_conn.conf
index 3df20d5d6..65c967fa7 100644
--- a/logstash/pipelines/zeek/1014_zeek_conn.conf
+++ b/logstash/pipelines/zeek/1014_zeek_conn.conf
@@ -14,7 +14,7 @@ filter {
       dissect {
         id => "dissect_zeek_conn_with_all_fields"
         mapping => {
-          "[message]" => "%{[zeek_cols][ts]} %{[zeek_cols][uid]} %{[zeek_cols][orig_h]} %{[zeek_cols][orig_p]} %{[zeek_cols][resp_h]} %{[zeek_cols][resp_p]} %{[zeek_cols][proto]} %{[zeek_cols][service]} %{[zeek_cols][duration]} %{[zeek_cols][orig_bytes]} %{[zeek_cols][resp_bytes]} %{[zeek_cols][conn_state]} %{[zeek_cols][local_orig]} %{[zeek_cols][local_resp]} %{[zeek_cols][missed_bytes]} %{[zeek_cols][history]} %{[zeek_cols][orig_pkts]} %{[zeek_cols][orig_ip_bytes]} %{[zeek_cols][resp_pkts]} %{[zeek_cols][resp_ip_bytes]} %{[zeek_cols][tunnel_parents]} %{[zeek_cols][vlan]} %{[zeek_cols][inner_vlan]} %{[zeek_cols][orig_l2_addr]} %{[zeek_cols][resp_l2_addr]} %{[zeek_cols][community_id]} %{[zeek_cols][ja4l]} %{[zeek_cols][ja4ls]} %{[zeek_cols][ja4t]} %{[zeek_cols][ja4ts]}"
+          "[message]" => "%{[zeek_cols][ts]} %{[zeek_cols][uid]} %{[zeek_cols][orig_h]} %{[zeek_cols][orig_p]} %{[zeek_cols][resp_h]} %{[zeek_cols][resp_p]} %{[zeek_cols][proto]} %{[zeek_cols][service]} %{[zeek_cols][duration]} %{[zeek_cols][orig_bytes]} %{[zeek_cols][resp_bytes]} %{[zeek_cols][conn_state]} %{[zeek_cols][local_orig]} %{[zeek_cols][local_resp]} %{[zeek_cols][missed_bytes]} %{[zeek_cols][history]} %{[zeek_cols][orig_pkts]} %{[zeek_cols][orig_ip_bytes]} %{[zeek_cols][resp_pkts]} %{[zeek_cols][resp_ip_bytes]} %{[zeek_cols][tunnel_parents]} %{[zeek_cols][ip_proto]} %{[zeek_cols][vlan]} %{[zeek_cols][inner_vlan]} %{[zeek_cols][orig_l2_addr]} %{[zeek_cols][resp_l2_addr]} %{[zeek_cols][community_id]} %{[zeek_cols][ja4l]} %{[zeek_cols][ja4ls]} %{[zeek_cols][ja4t]} %{[zeek_cols][ja4ts]}"
         }
       }
       if ("_dissectfailure" in [tags]) {
@@ -24,7 +24,7 @@ filter {
         }
         ruby {
           id => "ruby_zip_zeek_conn"
-          init => "@zeek_conn_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'proto', 'service', 'duration', 'orig_bytes', 'resp_bytes', 'conn_state', 'local_orig', 'local_resp', 'missed_bytes', 'history', 'orig_pkts', 'orig_ip_bytes', 'resp_pkts', 'resp_ip_bytes', 'tunnel_parents', 'vlan', 'inner_vlan', 'orig_l2_addr', 'resp_l2_addr', 'community_id', 'ja4l', 'ja4ls', 'ja4t', 'ja4ts' ]"
+          init => "@zeek_conn_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'proto', 'service', 'duration', 'orig_bytes', 'resp_bytes', 'conn_state', 'local_orig', 'local_resp', 'missed_bytes', 'history', 'orig_pkts', 'orig_ip_bytes', 'resp_pkts', 'resp_ip_bytes', 'tunnel_parents', 'ip_proto', 'vlan', 'inner_vlan', 'orig_l2_addr', 'resp_l2_addr', 'community_id', 'ja4l', 'ja4ls', 'ja4t', 'ja4ts' ]"
           code => "event.set('[zeek_cols]', @zeek_conn_field_names.zip(event.get('[message]')).to_h)"
         }
       }
@@ -82,6 +82,8 @@ filter {
       mutate { id => "mutate_add_field_zeek_conn_rootId"
                add_field => { "[rootId]" => "%{[zeek_cols][tunnel_parents][0]}" } }
     }
+    mutate { id => "mutate_rename_conn_ip_proto"
+             rename => { "[zeek_cols][ip_proto]" => "[ipProtocol]" } }
 
   }
 
diff --git a/logstash/pipelines/zeek/1200_zeek_mutate.conf b/logstash/pipelines/zeek/1200_zeek_mutate.conf
index 3b68d5625..1357b317d 100644
--- a/logstash/pipelines/zeek/1200_zeek_mutate.conf
+++ b/logstash/pipelines/zeek/1200_zeek_mutate.conf
@@ -141,11 +141,13 @@ filter {
 
   # set user and transport- and application-level protocols if specified
   if ([network][transport]) {
-    translate {
-      id => "translate_zeek_proto"
-      source => "[network][transport]"
-      target => "[ipProtocol]"
-      dictionary_path => "/etc/ip_protocol_name_to_number.yaml"
+    if (![ipProtocol]) {
+      translate {
+        id => "translate_zeek_proto"
+        source => "[network][transport]"
+        target => "[ipProtocol]"
+        dictionary_path => "/etc/ip_protocol_name_to_number.yaml"
+      }
     }
     if ("_jsonparsesuccess" not in [tags]) {
       mutate { id => "mutate_split_zeek_proto"

From d6c48f18f2faed035bdc57c2f0c105cff467a75e Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 14:54:40 -0700
Subject: [PATCH 35/53] cisagov/Malcolm#553, handle postgresql.log

---
 arkime/etc/config.ini                         | 11 +++++
 .../templates/composable/component/zeek.json  |  7 +++
 logstash/maps/service_ports.yaml              |  2 +
 logstash/maps/zeek_log_ecs_categories.yaml    |  1 +
 .../pipelines/zeek/1070_zeek_postgresql.conf  | 44 +++++++++++++++++++
 logstash/pipelines/zeek/1200_zeek_mutate.conf |  9 ++++
 .../pipelines/zeek/1300_zeek_normalize.conf   | 21 +++++++++
 7 files changed, 95 insertions(+)
 create mode 100644 logstash/pipelines/zeek/1070_zeek_postgresql.conf

diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini
index f17638783..109017fc2 100644
--- a/arkime/etc/config.ini
+++ b/arkime/etc/config.ini
@@ -2141,6 +2141,16 @@ zeek.pe.has_cert_table=db:zeek.pe.has_cert_table;group:zeek_pe;kind:termfield;vi
 zeek.pe.has_debug_data=db:zeek.pe.has_debug_data;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Has Debug Table;help:Has Debug Table
 zeek.pe.section_names=db:zeek.pe.section_names;group:zeek_pe;kind:termfield;viewerOnly:true;friendly:Sections;help:Sections
 
+# postgresql.log
+# https://docs.zeek.org/en/master/scripts/base/protocols/postgresql/main.zeek.html
+zeek.postgresql.database=db:zeek.postgresql.database;group:zeek_postgresql;kind:termfield;friendly:Database;help:Database
+zeek.postgresql.application_name=db:zeek.postgresql.application_name;group:zeek_postgresql;kind:termfield;friendly:Application;help:Application
+zeek.postgresql.frontend=db:zeek.postgresql.frontend;group:zeek_postgresql;kind:termfield;friendly:Frontend;help:Frontend
+zeek.postgresql.frontend_arg=db:zeek.postgresql.frontend_arg;group:zeek_postgresql;kind:termfield;friendly:Frontend Argument;help:Frontend Argument
+zeek.postgresql.backend=db:zeek.postgresql.backend;group:zeek_postgresql;kind:termfield;friendly:Backend;help:Backend
+zeek.postgresql.backend_arg=db:zeek.postgresql.backend_arg;group:zeek_postgresql;kind:termfield;friendly:Backend Argument;help:Backend Argument
+zeek.postgresql.rows=db:zeek.postgresql.rows;group:zeek_postgresql;kind:integer;friendly:Rows Affected;help:Rows Affected
+
 # profinet.log
 # https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek
 zeek.profinet.operation_type=db:zeek.profinet.operation_type;group:zeek_profinet;kind:termfield;viewerOnly:true;friendly:Operation;help:Operation
@@ -3378,6 +3388,7 @@ o_zeek_ocsp=require:zeek.ocsp;title:Zeek ocsp.log;fields:zeek.ocsp.hashAlgorithm
 o_zeek_opcua=require:zeek.opcua_binary;title:Zeek OPC UA Binary logs;fields:zeek.opcua_binary.filter_source_link_id,zeek.opcua_binary.operand_source_link_id,zeek.opcua_binary.variant_source_link_id,zeek.opcua_binary.encoding_mask,zeek.opcua_binary.endpoint_url,zeek.opcua_binary.error,zeek.opcua_binary.identifier,zeek.opcua_binary.identifier_str,zeek.opcua_binary.is_final,zeek.opcua_binary.max_chunk_cnt,zeek.opcua_binary.max_msg_size,zeek.opcua_binary.msg_size,zeek.opcua_binary.msg_type,zeek.opcua_binary.namespace_idx,zeek.opcua_binary.opcua_link_id,zeek.opcua_binary.rcv_buf_size,zeek.opcua_binary.rcv_cert,zeek.opcua_binary.rcv_cert_len,zeek.opcua_binary.reason,zeek.opcua_binary.req_hdr_add_hdr_enc_mask,zeek.opcua_binary.req_hdr_add_hdr_type_id,zeek.opcua_binary.req_hdr_audit_entry_id,zeek.opcua_binary.req_hdr_node_id_guid,zeek.opcua_binary.req_hdr_node_id_namespace_idx,zeek.opcua_binary.req_hdr_node_id_numeric,zeek.opcua_binary.req_hdr_node_id_opaque,zeek.opcua_binary.req_hdr_node_id_string,zeek.opcua_binary.req_hdr_node_id_type,zeek.opcua_binary.req_hdr_request_handle,zeek.opcua_binary.req_hdr_return_diag,zeek.opcua_binary.req_hdr_timeout_hint,zeek.opcua_binary.req_hdr_timestamp,zeek.opcua_binary.request_id,zeek.opcua_binary.res_hdr_add_hdr_enc_mask,zeek.opcua_binary.res_hdr_add_hdr_type_id,zeek.opcua_binary.res_hdr_request_handle,zeek.opcua_binary.res_hdr_service_diag_encoding,zeek.opcua_binary.res_hdr_timestamp,zeek.opcua_binary.sec_channel_id,zeek.opcua_binary.sec_policy_uri,zeek.opcua_binary.sec_policy_uri_len,zeek.opcua_binary.seq_number,zeek.opcua_binary.snd_buf_size,zeek.opcua_binary.snd_cert,zeek.opcua_binary.snd_cert_len,zeek.opcua_binary.version,zeek.opcua_binary_activate_session.client_algorithm,zeek.opcua_binary_activate_session.client_signature,zeek.opcua_binary_activate_session.ext_obj_certificate_data,zeek.opcua_binary_activate_session.ext_obj_encoding,zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom,zeek.opcua_binary_activate_session.ext_obj_password,zeek.opcua_binary_activate_session.ext_obj_policy_id,zeek.opcua_binary_activate_session.ext_obj_token_data,zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask,zeek.opcua_binary_activate_session.ext_obj_type_id_guid,zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx,zeek.opcua_binary_activate_session.ext_obj_type_id_numeric,zeek.opcua_binary_activate_session.ext_obj_type_id_opaque,zeek.opcua_binary_activate_session.ext_obj_type_id_str,zeek.opcua_binary_activate_session.ext_obj_type_id_string,zeek.opcua_binary_activate_session.ext_obj_user_name,zeek.opcua_binary_activate_session.server_nonce,zeek.opcua_binary_activate_session.user_token_algorithm,zeek.opcua_binary_activate_session.user_token_signature,zeek.opcua_binary_activate_session_client_software_cert.cert_data,zeek.opcua_binary_activate_session_client_software_cert.cert_signature,zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id,zeek.opcua_binary_activate_session_locale_id.local_id,zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id,zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask,zeek.opcua_binary_aggregate_filter.aggregate_type_guid,zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx,zeek.opcua_binary_aggregate_filter.aggregate_type_numeric,zeek.opcua_binary_aggregate_filter.aggregate_type_opaque,zeek.opcua_binary_aggregate_filter.aggregate_type_string,zeek.opcua_binary_aggregate_filter.percent_data_bad,zeek.opcua_binary_aggregate_filter.percent_data_good,zeek.opcua_binary_aggregate_filter.processing_interval,zeek.opcua_binary_aggregate_filter.revised_percent_data_bad,zeek.opcua_binary_aggregate_filter.revised_percent_data_good,zeek.opcua_binary_aggregate_filter.revised_processing_interval,zeek.opcua_binary_aggregate_filter.revised_start_time,zeek.opcua_binary_aggregate_filter.revised_start_time_str,zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation,zeek.opcua_binary_aggregate_filter.start_time,zeek.opcua_binary_aggregate_filter.start_time_str,zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation,zeek.opcua_binary_browse.browse_next_release_continuation_point,zeek.opcua_binary_browse.browse_service_type,zeek.opcua_binary_browse.browse_view_description_timestamp,zeek.opcua_binary_browse.browse_view_description_view_version,zeek.opcua_binary_browse.browse_view_id_encoding_mask,zeek.opcua_binary_browse.browse_view_id_guid,zeek.opcua_binary_browse.browse_view_id_namespace_idx,zeek.opcua_binary_browse.browse_view_id_numeric,zeek.opcua_binary_browse.browse_view_id_opaque,zeek.opcua_binary_browse.browse_view_id_string,zeek.opcua_binary_browse.req_max_ref_nodes,zeek.opcua_binary_browse_description.browse_description_encoding_mask,zeek.opcua_binary_browse_description.browse_description_guid,zeek.opcua_binary_browse_description.browse_description_include_subtypes,zeek.opcua_binary_browse_description.browse_description_link_id,zeek.opcua_binary_browse_description.browse_description_namespace_idx,zeek.opcua_binary_browse_description.browse_description_numeric,zeek.opcua_binary_browse_description.browse_description_opaque,zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask,zeek.opcua_binary_browse_description.browse_description_ref_guid,zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx,zeek.opcua_binary_browse_description.browse_description_ref_numeric,zeek.opcua_binary_browse_description.browse_description_ref_opaque,zeek.opcua_binary_browse_description.browse_description_ref_string,zeek.opcua_binary_browse_description.browse_description_string,zeek.opcua_binary_browse_description.browse_direction,zeek.opcua_binary_browse_description.browse_node_class_mask,zeek.opcua_binary_browse_description.browse_result_mask,zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id,zeek.opcua_binary_browse_request_continuation_point.continuation_point,zeek.opcua_binary_browse_response_references.browse_reference_link_id,zeek.opcua_binary_browse_response_references.browse_response_display_name_locale,zeek.opcua_binary_browse_response_references.browse_response_display_name_mask,zeek.opcua_binary_browse_response_references.browse_response_display_name_text,zeek.opcua_binary_browse_response_references.browse_response_is_forward,zeek.opcua_binary_browse_response_references.browse_response_node_class,zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_name,zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_string,zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_string,zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_type_def_guid,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric,zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque,zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_string,zeek.opcua_binary_browse_result.browse_response_link_id,zeek.opcua_binary_browse_result.browse_result_continuation_point,zeek.opcua_binary_close_session.del_subscriptions,zeek.opcua_binary_create_monitored_items.subscription_id,zeek.opcua_binary_create_monitored_items.timestamps_to_return,zeek.opcua_binary_create_monitored_items.timestamps_to_return_str,zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id,zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval,zeek.opcua_binary_create_session.algorithm,zeek.opcua_binary_create_session.application_type,zeek.opcua_binary_create_session.application_uri,zeek.opcua_binary_create_session.auth_token_encoding_mask,zeek.opcua_binary_create_session.auth_token_guid,zeek.opcua_binary_create_session.auth_token_namespace_idx,zeek.opcua_binary_create_session.auth_token_numeric,zeek.opcua_binary_create_session.auth_token_opaque,zeek.opcua_binary_create_session.auth_token_string,zeek.opcua_binary_create_session.client_cert,zeek.opcua_binary_create_session.client_cert_size,zeek.opcua_binary_create_session.client_nonce,zeek.opcua_binary_create_session.discovery_profile_uri,zeek.opcua_binary_create_session.encoding_mask,zeek.opcua_binary_create_session.endpoint_url,zeek.opcua_binary_create_session.gateway_server_uri,zeek.opcua_binary_create_session.locale,zeek.opcua_binary_create_session.max_req_msg_size,zeek.opcua_binary_create_session.max_res_msg_size,zeek.opcua_binary_create_session.product_uri,zeek.opcua_binary_create_session.req_session_timeout,zeek.opcua_binary_create_session.revised_session_timeout,zeek.opcua_binary_create_session.server_cert,zeek.opcua_binary_create_session.server_cert_size,zeek.opcua_binary_create_session.server_nonce,zeek.opcua_binary_create_session.server_uri,zeek.opcua_binary_create_session.session_id_encoding_mask,zeek.opcua_binary_create_session.session_id_guid,zeek.opcua_binary_create_session.session_id_namespace_idx,zeek.opcua_binary_create_session.session_id_numeric,zeek.opcua_binary_create_session.session_id_opaque,zeek.opcua_binary_create_session.session_id_string,zeek.opcua_binary_create_session.session_name,zeek.opcua_binary_create_session.signature,zeek.opcua_binary_create_session.text,zeek.opcua_binary_create_session_discovery.discovery_profile_link_id,zeek.opcua_binary_create_session_discovery.discovery_profile_uri,zeek.opcua_binary_create_session_discovery.discovery_profile_url,zeek.opcua_binary_create_session_endpoints.application_type,zeek.opcua_binary_create_session_endpoints.application_uri,zeek.opcua_binary_create_session_endpoints.cert_size,zeek.opcua_binary_create_session_endpoints.discovery_profile_uri,zeek.opcua_binary_create_session_endpoints.encoding_mask,zeek.opcua_binary_create_session_endpoints.endpoint_link_id,zeek.opcua_binary_create_session_endpoints.endpoint_url,zeek.opcua_binary_create_session_endpoints.gateway_server_uri,zeek.opcua_binary_create_session_endpoints.locale,zeek.opcua_binary_create_session_endpoints.message_security_mode,zeek.opcua_binary_create_session_endpoints.product_uri,zeek.opcua_binary_create_session_endpoints.security_level,zeek.opcua_binary_create_session_endpoints.security_policy_uri,zeek.opcua_binary_create_session_endpoints.server_cert,zeek.opcua_binary_create_session_endpoints.text,zeek.opcua_binary_create_session_endpoints.transport_profile_uri,zeek.opcua_binary_create_session_user_token.user_token_endpoint_url,zeek.opcua_binary_create_session_user_token.user_token_issued_type,zeek.opcua_binary_create_session_user_token.user_token_link_id,zeek.opcua_binary_create_session_user_token.user_token_policy_id,zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri,zeek.opcua_binary_create_session_user_token.user_token_type,zeek.opcua_binary_create_subscription.max_notifications_per_publish,zeek.opcua_binary_create_subscription.priority,zeek.opcua_binary_create_subscription.publishing_enabled,zeek.opcua_binary_create_subscription.requested_lifetime_count,zeek.opcua_binary_create_subscription.requested_max_keep_alive_count,zeek.opcua_binary_create_subscription.requested_publishing_interval,zeek.opcua_binary_create_subscription.revised_lifetime_count,zeek.opcua_binary_create_subscription.revised_max_keep_alive_count,zeek.opcua_binary_create_subscription.revised_publishing_interval,zeek.opcua_binary_create_subscription.subscription_id,zeek.opcua_binary_data_change_filter.deadband_type,zeek.opcua_binary_data_change_filter.deadband_value,zeek.opcua_binary_data_change_filter.trigger,zeek.opcua_binary_diag_info_detail.addl_info,zeek.opcua_binary_diag_info_detail.diag_info_link_id,zeek.opcua_binary_diag_info_detail.has_addl_info,zeek.opcua_binary_diag_info_detail.has_inner_diag_info,zeek.opcua_binary_diag_info_detail.has_inner_stat_code,zeek.opcua_binary_diag_info_detail.has_locale,zeek.opcua_binary_diag_info_detail.has_locale_txt,zeek.opcua_binary_diag_info_detail.has_namespace_uri,zeek.opcua_binary_diag_info_detail.has_symbolic_id,zeek.opcua_binary_diag_info_detail.inner_diag_level,zeek.opcua_binary_diag_info_detail.inner_stat_code,zeek.opcua_binary_diag_info_detail.locale,zeek.opcua_binary_diag_info_detail.locale_str,zeek.opcua_binary_diag_info_detail.locale_txt,zeek.opcua_binary_diag_info_detail.locale_txt_str,zeek.opcua_binary_diag_info_detail.namespace_uri,zeek.opcua_binary_diag_info_detail.namespace_uri_str,zeek.opcua_binary_diag_info_detail.root_object_id,zeek.opcua_binary_diag_info_detail.source,zeek.opcua_binary_diag_info_detail.source_str,zeek.opcua_binary_diag_info_detail.symbolic_id,zeek.opcua_binary_diag_info_detail.symbolic_id_str,zeek.opcua_binary_event_filter_attribute_operand.alias,zeek.opcua_binary_event_filter_attribute_operand.attribute,zeek.opcua_binary_event_filter_attribute_operand.index_range,zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand.node_id_guid,zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric,zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque,zeek.opcua_binary_event_filter_attribute_operand.node_id_string,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string,zeek.opcua_binary_event_filter_element_operand.element_index,zeek.opcua_binary_event_filter_select_clause.attribute_id,zeek.opcua_binary_event_filter_select_clause.index_range,zeek.opcua_binary_event_filter_select_clause.select_clause_link_id,zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask,zeek.opcua_binary_event_filter_select_clause.type_id_guid,zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx,zeek.opcua_binary_event_filter_select_clause.type_id_numeric,zeek.opcua_binary_event_filter_select_clause.type_id_opaque,zeek.opcua_binary_event_filter_select_clause.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id,zeek.opcua_binary_event_filter_simple_attribute_operand.index_range,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id,zeek.opcua_binary_event_filter_where_clause.where_clause_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string,zeek.opcua_binary_event_filter_where_clause_elements.filter_operator,zeek.opcua_binary_get_endpoints.endpoint_url,zeek.opcua_binary_get_endpoints_description.application_type,zeek.opcua_binary_get_endpoints_description.application_uri,zeek.opcua_binary_get_endpoints_description.cert_size,zeek.opcua_binary_get_endpoints_description.discovery_profile_uri,zeek.opcua_binary_get_endpoints_description.encoding_mask,zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id,zeek.opcua_binary_get_endpoints_description.endpoint_uri,zeek.opcua_binary_get_endpoints_description.gateway_server_uri,zeek.opcua_binary_get_endpoints_description.locale,zeek.opcua_binary_get_endpoints_description.message_security_mode,zeek.opcua_binary_get_endpoints_description.product_uri,zeek.opcua_binary_get_endpoints_description.security_level,zeek.opcua_binary_get_endpoints_description.security_policy_uri,zeek.opcua_binary_get_endpoints_description.server_cert,zeek.opcua_binary_get_endpoints_description.text,zeek.opcua_binary_get_endpoints_description.transport_profile_uri,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url,zeek.opcua_binary_get_endpoints_locale_id.locale_id,zeek.opcua_binary_get_endpoints_locale_id.locale_link_id,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url,zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type,zeek.opcua_binary_get_endpoints_user_token.user_token_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id,zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri,zeek.opcua_binary_get_endpoints_user_token.user_token_type,zeek.opcua_binary_opensecure_channel.client_nonce,zeek.opcua_binary_opensecure_channel.client_proto_ver,zeek.opcua_binary_opensecure_channel.message_security_mode,zeek.opcua_binary_opensecure_channel.req_lifetime,zeek.opcua_binary_opensecure_channel.sec_token_created_at,zeek.opcua_binary_opensecure_channel.sec_token_id,zeek.opcua_binary_opensecure_channel.sec_token_request_type,zeek.opcua_binary_opensecure_channel.sec_token_revised_time,zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id,zeek.opcua_binary_opensecure_channel.server_nonce,zeek.opcua_binary_opensecure_channel.server_proto_ver,zeek.opcua_binary_read.max_age,zeek.opcua_binary_read.timestamps_to_return,zeek.opcua_binary_read.timestamps_to_return_str,zeek.opcua_binary_read_nodes_to_read.attribute_id,zeek.opcua_binary_read_nodes_to_read.attribute_id_str,zeek.opcua_binary_read_nodes_to_read.data_encoding_name,zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx,zeek.opcua_binary_read_nodes_to_read.index_range,zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask,zeek.opcua_binary_read_nodes_to_read.node_id_guid,zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx,zeek.opcua_binary_read_nodes_to_read.node_id_numeric,zeek.opcua_binary_read_nodes_to_read.node_id_opaque,zeek.opcua_binary_read_nodes_to_read.node_id_string,zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id,zeek.opcua_binary_read_results.data_value_encoding_mask,zeek.opcua_binary_read_results.level,zeek.opcua_binary_read_results.results_link_id,zeek.opcua_binary_read_results.server_pico_sec,zeek.opcua_binary_read_results.server_timestamp,zeek.opcua_binary_read_results.source_pico_sec,zeek.opcua_binary_read_results.source_timestamp,zeek.opcua_binary_status_code_detail.historian_bits,zeek.opcua_binary_status_code_detail.historian_bits_str,zeek.opcua_binary_status_code_detail.historianextradata,zeek.opcua_binary_status_code_detail.historianmultivalue,zeek.opcua_binary_status_code_detail.historianpartial,zeek.opcua_binary_status_code_detail.info_type,zeek.opcua_binary_status_code_detail.info_type_str,zeek.opcua_binary_status_code_detail.limit_bits,zeek.opcua_binary_status_code_detail.limit_bits_str,zeek.opcua_binary_status_code_detail.overflow,zeek.opcua_binary_status_code_detail.semantics_changed,zeek.opcua_binary_status_code_detail.severity,zeek.opcua_binary_status_code_detail.severity_str,zeek.opcua_binary_status_code_detail.source,zeek.opcua_binary_status_code_detail.source_level,zeek.opcua_binary_status_code_detail.source_str,zeek.opcua_binary_status_code_detail.status_code,zeek.opcua_binary_status_code_detail.status_code_link_id,zeek.opcua_binary_status_code_detail.structure_changed,zeek.opcua_binary_status_code_detail.sub_code,zeek.opcua_binary_status_code_detail.sub_code_str,zeek.opcua_binary_variant_array_dims.array_dim_link_id,zeek.opcua_binary_variant_array_dims.dimension,zeek.opcua_binary_variant_data.variant_data_encoding_name,zeek.opcua_binary_variant_data.variant_data_encoding_name_idx,zeek.opcua_binary_variant_data.variant_data_link_id,zeek.opcua_binary_variant_data.variant_data_locale,zeek.opcua_binary_variant_data.variant_data_mask,zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask,zeek.opcua_binary_variant_data.variant_data_node_id_guid,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri,zeek.opcua_binary_variant_data.variant_data_node_id_numeric,zeek.opcua_binary_variant_data.variant_data_node_id_opaque,zeek.opcua_binary_variant_data.variant_data_node_id_server_idx,zeek.opcua_binary_variant_data.variant_data_node_id_string,zeek.opcua_binary_variant_data.variant_data_text,zeek.opcua_binary_variant_data.variant_data_value_decimal,zeek.opcua_binary_variant_data.variant_data_value_signed_numeric,zeek.opcua_binary_variant_data.variant_data_value_string,zeek.opcua_binary_variant_data.variant_data_value_time,zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric,zeek.opcua_binary_variant_data_value.data_value_encoding_mask,zeek.opcua_binary_variant_data_value.server_pico_sec,zeek.opcua_binary_variant_data_value.server_timestamp,zeek.opcua_binary_variant_data_value.source_pico_sec,zeek.opcua_binary_variant_data_value.source_timestamp,zeek.opcua_binary_variant_data_value.variant_data_value_source_link,zeek.opcua_binary_variant_extension_object.ext_obj_encoding,zeek.opcua_binary_variant_extension_object.ext_obj_link_id,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string,zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str,zeek.opcua_binary_variant_metadata.built_in_data_type,zeek.opcua_binary_variant_metadata.built_in_data_type_str,zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask,zeek.opcua_binary_variant_metadata.data_variant_data_type,zeek.opcua_binary_variant_metadata.data_variant_data_type_str,zeek.opcua_binary_variant_metadata.variant_data_array_dim,zeek.opcua_binary_variant_metadata.variant_data_source,zeek.opcua_binary_variant_metadata.variant_data_source_str,zeek_opcua_binary_write=require:zeek.opcua_binary_write;title:Zeek opcua_binary_write.log;fields:zeek.opcua_binary_write.source_h,zeek.opcua_binary_write.source_p,zeek.opcua_binary_write.destination_h,zeek.opcua_binary_write.destination_p,zeek.opcua_binary_write.node_id_encoding_mask,zeek.opcua_binary_write.node_id_namespace_idx,zeek.opcua_binary_write.node_id_numeric,zeek.opcua_binary_write.node_id_string,zeek.opcua_binary_write.node_id_guid,zeek.opcua_binary_write.node_id_opaque,zeek.opcua_binary_write.attribute_id,zeek.opcua_binary_write.attribute_id_str,zeek.opcua_binary_write.index_range,zeek.opcua_binary_write.data_value_encoding_mask,zeek.opcua_binary_write.source_timestamp,zeek.opcua_binary_write.source_pico_sec,zeek.opcua_binary_write.server_timestamp,zeek.opcua_binary_write.server_pico_sec
 o_zeek_ospf=require:zeek.ospf;title:Zeek ospf.log;fields:zeek.ospf.ospf_type,zeek.ospf.version,zeek.ospf.router_id,zeek.ospf.area_id,zeek.ospf.interface_id,zeek.ospf.netmask,zeek.ospf.desig_router,zeek.ospf.backup_router,zeek.ospf.neighbors,zeek.ospf.lsa_type,zeek.ospf.link_state_id,zeek.ospf.advert_router,zeek.ospf.routers,zeek.ospf.link_id,zeek.ospf.link_data,zeek.ospf.link_type,zeek.ospf.neighbor_router_id,zeek.ospf.metrics,zeek.ospf.fwd_addrs,zeek.ospf.route_tags,zeek.ospf.neighbor_interface_id,zeek.ospf.prefix,zeek.ospf.metric,zeek.ospf.dest_router_id,zeek.ospf.link_prefixes,zeek.ospf.intra_prefixes
 o_zeek_pe=require:zeek.pe;title:Zeek pe.log;fields:zeek.pe.machine,zeek.pe.compile_ts,zeek.pe.os,zeek.pe.subsystem,zeek.pe.is_exe,zeek.pe.is_64bit,zeek.pe.uses_aslr,zeek.pe.uses_dep,zeek.pe.uses_code_integrity,zeek.pe.uses_seh,zeek.pe.has_import_table,zeek.pe.has_export_table,zeek.pe.has_cert_table,zeek.pe.has_debug_data,zeek.pe.section_names
+o_zeek_postgresql=require:zeek.postgresql;title:Zeek postgresql.log;fields:zeek.postgresql.database,zeek.postgresql.application_name,zeek.postgresql.frontend,zeek.postgresql.frontend_arg,zeek.postgresql.backend,zeek.postgresql.backend_arg,zeek.postgresql.rows
 o_zeek_profinet=require:zeek.profinet;title:Zeek profinet.log;fields:zeek.profinet.operation_type,zeek.profinet.block_version,zeek.profinet.slot_number,zeek.profinet.subslot_number,zeek.profinet.index
 o_zeek_profinet_dce_rpc=require:zeek.profinet_dce_rpc;title:Zeek profinet_dce_rpc.log;fields:zeek.profinet_dce_rpc.version,zeek.profinet_dce_rpc.packet_type,zeek.profinet_dce_rpc.object_uuid,zeek.profinet_dce_rpc.interface_uuid,zeek.profinet_dce_rpc.activity_uuid,zeek.profinet_dce_rpc.server_boot_time,zeek.profinet_dce_rpc.operation
 o_zeek_profinet_io_cm=require:zeek.profinet_io_cm;title:Zeek profinet_io_cm.log;fields:zeek.profinet_io_cm.rpc_version,zeek.profinet_io_cm.packet_type,zeek.profinet_io_cm.reserved_for_impl_1,zeek.profinet_io_cm.last_fragment,zeek.profinet_io_cm.fragment,zeek.profinet_io_cm.no_fragment_requested,zeek.profinet_io_cm.maybe,zeek.profinet_io_cm.idempotent,zeek.profinet_io_cm.broadcast,zeek.profinet_io_cm.reserved_for_impl_2,zeek.profinet_io_cm.cancel_was_pending_at_call_end,zeek.profinet_io_cm.integer_encoding,zeek.profinet_io_cm.character_encoding,zeek.profinet_io_cm.floating_point_encoding,zeek.profinet_io_cm.serial_high,zeek.profinet_io_cm.object_uuid,zeek.profinet_io_cm.interface_uuid,zeek.profinet_io_cm.activity_uuid,zeek.profinet_io_cm.server_boot_time,zeek.profinet_io_cm.uuid_version,zeek.profinet_io_cm.sequence_num,zeek.profinet_io_cm.operation,zeek.profinet_io_cm.interface_hint,zeek.profinet_io_cm.activity_hint,zeek.profinet_io_cm.len_of_body,zeek.profinet_io_cm.fragment_num,zeek.profinet_io_cm.auth_protocol,zeek.profinet_io_cm.serial_low,zeek.profinet_io_cm.vers_fack,zeek.profinet_io_cm.window_size,zeek.profinet_io_cm.max_tsdu,zeek.profinet_io_cm.max_frag_size,zeek.profinet_io_cm.serial_number,zeek.profinet_io_cm.sel_ack_len,zeek.profinet_io_cm.sel_ack
diff --git a/dashboards/templates/composable/component/zeek.json b/dashboards/templates/composable/component/zeek.json
index d4fae78d4..8b1bd14c9 100644
--- a/dashboards/templates/composable/component/zeek.json
+++ b/dashboards/templates/composable/component/zeek.json
@@ -326,6 +326,13 @@
         "zeek.pe.uses_code_integrity": { "type": "keyword" },
         "zeek.pe.uses_dep": { "type": "keyword" },
         "zeek.pe.uses_seh": { "type": "keyword" },
+        "zeek.postgresql.database": { "type": "keyword" },
+        "zeek.postgresql.application_name": { "type": "keyword" },
+        "zeek.postgresql.frontend": { "type": "keyword" },
+        "zeek.postgresql.frontend_arg": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
+        "zeek.postgresql.backend": { "type": "keyword" },
+        "zeek.postgresql.backend_arg": { "type": "keyword", "ignore_above": 16384, "fields": { "text": { "type": "text", "norms": false } } },
+        "zeek.postgresql.rows": { "type": "long" },
         "zeek.radius.connect_info": { "type": "keyword" },
         "zeek.radius.framed_addr": { "type": "ip" },
         "zeek.radius.mac": { "type": "keyword" },
diff --git a/logstash/maps/service_ports.yaml b/logstash/maps/service_ports.yaml
index b3b46e58a..7b7a4f522 100644
--- a/logstash/maps/service_ports.yaml
+++ b/logstash/maps/service_ports.yaml
@@ -121,6 +121,8 @@ openvpn:
 pop3:
   - 110
   - 995
+postgresql:
+  - 5432
 profinet:
   - 4800
   - 4900
diff --git a/logstash/maps/zeek_log_ecs_categories.yaml b/logstash/maps/zeek_log_ecs_categories.yaml
index cd8883b6b..c105406b0 100644
--- a/logstash/maps/zeek_log_ecs_categories.yaml
+++ b/logstash/maps/zeek_log_ecs_categories.yaml
@@ -67,6 +67,7 @@
 "ocsp": ["file", "network"]
 "openvpn": ["network"]
 "pe": ["file"]
+"postgresql": ["database", "network"]
 "profinet": ["ot", "network"]
 "profinet_dce_rpc": ["ot", "network"]
 "profinet_io_cm": ["ot", "network"]
diff --git a/logstash/pipelines/zeek/1070_zeek_postgresql.conf b/logstash/pipelines/zeek/1070_zeek_postgresql.conf
new file mode 100644
index 000000000..6b7db1233
--- /dev/null
+++ b/logstash/pipelines/zeek/1070_zeek_postgresql.conf
@@ -0,0 +1,44 @@
+########################
+# Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
+#######################
+
+filter {
+
+
+  if ([log_source] == "postgresql") {
+    #############################################################################################################################
+    # postgresql.log
+    # main.zeek (https://docs.zeek.org/en/master/scripts/base/protocols/postgresql/main.zeek.html)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_postgresql"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}  %{[zeek_cols][uid]} %{[zeek_cols][orig_h]}  %{[zeek_cols][orig_p]}  %{[zeek_cols][resp_h]}  %{[zeek_cols][resp_p]}  %{[zeek_cols][user]}  %{[zeek_cols][database]}  %{[zeek_cols][application_name]}  %{[zeek_cols][frontend]}  %{[zeek_cols][frontend_arg]}  %{[zeek_cols][backend]} %{[zeek_cols][backend_arg]} %{[zeek_cols][success]} %{[zeek_cols][rows]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_postgresql"
+          split => { "[message]" => " " }
+        }
+        ruby {
+          id => "ruby_zip_zeek_postgresql"
+          init => "@zeek_postgresql_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'user', 'database', 'application_name', 'frontend', 'frontend_arg', 'backend', 'backend_arg', 'success', 'rows' ]"
+          code => "event.set('[zeek_cols]', @zeek_postgresql_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_postgresql"
+      add_field => {
+        "[zeek_cols][proto]" => "tcp"
+        "[zeek_cols][service]" => "postgresql"
+      }
+    }
+
+  }
+
+} # end Filter
diff --git a/logstash/pipelines/zeek/1200_zeek_mutate.conf b/logstash/pipelines/zeek/1200_zeek_mutate.conf
index 1357b317d..e02272a36 100644
--- a/logstash/pipelines/zeek/1200_zeek_mutate.conf
+++ b/logstash/pipelines/zeek/1200_zeek_mutate.conf
@@ -1677,6 +1677,15 @@ filter {
                add_field => { "[zeek][software][software_type]" => "OPCUA" } }
     }
 
+  } else if ([log_source] == "postgresql") {
+    #############################################################################################################################
+    # postgresql.log specific logic
+
+    if ([zeek][postgresql][rows] == 0) {
+      mutate { id => "mutate_remove_field_zeek_postgresql_zero_rows"
+               remove_field => [ "[zeek][postgresql][rows]" ] }
+    }
+
   } else if ([log_source] == "profinet_io_cm") {
     #############################################################################################################################
     # profinet_io_cm.log specific logic
diff --git a/logstash/pipelines/zeek/1300_zeek_normalize.conf b/logstash/pipelines/zeek/1300_zeek_normalize.conf
index 1cedcf7e9..0d4c4114a 100644
--- a/logstash/pipelines/zeek/1300_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/1300_zeek_normalize.conf
@@ -591,6 +591,9 @@ filter {
     }
   } # opcua_binary
 
+  if ([zeek][postgresql][frontend])              { mutate { id => "mutate_merge_normalize_zeek_postgresql_frontend_action"
+                                                            merge => { "[event][action]" => "[zeek][postgresql][frontend]" } } }
+
   if ([zeek][profinet][operation_type])          { mutate { id => "mutate_merge_normalize_zeek_profinet_operation_type"
                                                            merge => { "[event][action]" => "[zeek][profinet][operation_type]" } } }
 
@@ -1133,6 +1136,24 @@ filter {
     }
   }
 
+  if ([zeek][posgresql]) {
+    # postgresql result comes from success and backend
+    if ([zeek][postgresql][backend]) {
+      mutate { id => "mutate_add_field_zeek_postgresql_result_backend"
+               add_field => { "[@metadata][zeek_postgresql_result]" => "%{[zeek][postgresql][backend]}" } }
+    } else if ([zeek][postgresql][success] == "T") {
+      mutate { id => "mutate_add_field_zeek_postgresql_result_success"
+               add_field => { "[@metadata][zeek_postgresql_result]" => "Success" } }
+    } else if ([zeek][postgresql][success] == "F") {
+      mutate { id => "mutate_add_field_zeek_postgresql_result_failure"
+               add_field => { "[@metadata][zeek_postgresql_result]" => "Failure" } }
+    }
+    if ([@metadata][zeek_postgresql_result]) {
+      mutate { id => "mutate_merge_zeek_postgresql_result"
+               merge => { "[event][result]" => "[@metadata][zeek_postgresql_result]" } }
+    }
+  }
+
   if ([zeek][radius][result]) {
     if ([zeek][radius][result] =~ /^(?i)succ/) {
       mutate { id => "mutate_add_field_zeek_radius_success"

From c400649a44e81fd33f1dc12f4c7e22ef8aa54e44 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 15:01:26 -0700
Subject: [PATCH 36/53] cisagov/Malcolm#553, handle postgresql.log

---
 logstash/pipelines/zeek/1300_zeek_normalize.conf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/logstash/pipelines/zeek/1300_zeek_normalize.conf b/logstash/pipelines/zeek/1300_zeek_normalize.conf
index 0d4c4114a..26508e412 100644
--- a/logstash/pipelines/zeek/1300_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/1300_zeek_normalize.conf
@@ -1136,7 +1136,7 @@ filter {
     }
   }
 
-  if ([zeek][posgresql]) {
+  if ([zeek][postgresql]) {
     # postgresql result comes from success and backend
     if ([zeek][postgresql][backend]) {
       mutate { id => "mutate_add_field_zeek_postgresql_result_backend"
@@ -1150,7 +1150,8 @@ filter {
     }
     if ([@metadata][zeek_postgresql_result]) {
       mutate { id => "mutate_merge_zeek_postgresql_result"
-               merge => { "[event][result]" => "[@metadata][zeek_postgresql_result]" } }
+               merge => { "[event][result]" => "[@metadata][zeek_postgresql_result]" }
+               remove_field => [ "[zeek][postgresql][success]" ] }
     }
   }
 

From f29ff50fd6d8a8a70891b4b10810499d937feee6 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 15:48:27 -0700
Subject: [PATCH 37/53] cisagov/Malcolm#553, added PostgreSQL dashboard

---
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json |   2 +-
 .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json |   2 +-
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json |   2 +-
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json |   2 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |   2 +-
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |   2 +-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json |   2 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json |   2 +-
 .../11be6381-beef-40a7-bdce-88c5398392fc.json |   2 +-
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json |   2 +-
 .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json |   2 +-
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json |   2 +-
 .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json |   2 +-
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json |   2 +-
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json |   2 +-
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json |   2 +-
 .../2cc56240-e460-11ed-a9d5-9f591c284cb4.json |   2 +-
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json |   2 +-
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json |   2 +-
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json |   2 +-
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json |   2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json |   2 +-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../3a9e3440-75e2-11ef-8138-03748f839a49.json |   2 +-
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |   2 +-
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json |   2 +-
 .../4a073440-b286-11eb-a4d4-09fa12a6ebd4.json |   2 +-
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json |   2 +-
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json |   2 +-
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json |   2 +-
 .../543118a9-02d7-43fe-b669-b8652177fc37.json |   2 +-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json |   2 +-
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json |   2 +-
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json |   2 +-
 .../677ee170-809e-11ed-8d5b-07069f823b6f.json |   2 +-
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json |   2 +-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json |   2 +-
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json |   2 +-
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json |   2 +-
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json |   2 +-
 .../87a32f90-ef58-11e9-974e-9d600036d105.json |   2 +-
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json |   2 +-
 .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json |   2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json |   2 +-
 .../95479950-41f2-11ea-88fa-7151df485405.json |   2 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json |   2 +-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../a33e0a50-afcd-11ea-993f-b7d8522a8bed.json |   2 +-
 .../a7514350-eba6-11e9-a384-0fcf32210194.json |   2 +-
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json |   2 +-
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json |   2 +-
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json |   2 +-
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json |   2 +-
 .../b8cf5890-87ed-11ef-ae18-dbcd34795edb.json |   2 +-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json |   2 +-
 .../046212a0-a2a1-11e7-928f-5dbe6f6f5519.json |   2 +-
 .../0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json |   2 +-
 .../3768ef70-d819-11ee-820d-dd9fd73a3921.json |   2 +-
 .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json |   2 +-
 .../55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json |   2 +-
 .../79202ee0-d811-11ee-820d-dd9fd73a3921.json |   2 +-
 .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json |   2 +-
 .../88bcec50-cc74-11ef-bae9-0d6b8da935ba.json |   2 +-
 .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json |   2 +-
 .../beats/Metricbeat-host-overview.json       |   2 +-
 .../beats/Metricbeat-system-overview.json     |   2 +-
 .../f6600310-9943-11ee-a029-e973f4774355.json |   2 +-
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json |   2 +-
 .../bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json |   2 +-
 .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json |   2 +-
 .../ca5799a0-56b5-11eb-b749-576de068f8ad.json |   2 +-
 .../caef3ade-d289-4d05-a511-149f3e97f238.json |   2 +-
 .../d2dd0180-06b1-11ec-8c6b-353266ade330.json |   2 +-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json |   2 +-
 .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json |   2 +-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json |   2 +-
 .../e233a570-45d9-11ef-96a6-432365601033.json |   2 +-
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json |   2 +-
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |   2 +-
 .../f2c0da10-d2c5-11ef-8864-d58a560dc292.json | 386 ++++++++++++++++++
 .../f394057d-1b16-4174-b994-7045f423a416.json |   2 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json |   2 +-
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json |   2 +-
 .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json |   2 +-
 90 files changed, 475 insertions(+), 89 deletions(-)
 create mode 100644 dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json

diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index d78c6efb9..44ce16531 100644
--- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -112,7 +112,7 @@
       "version": "Wzc0MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
index e60a6a47c..0e973d700 100644
--- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
+++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
@@ -87,7 +87,7 @@
       "version": "Wzc5NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index c7b019fab..3e10f3b2b 100644
--- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -92,7 +92,7 @@
       "version": "Wzg3OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 92c6efe09..363bd09e9 100644
--- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index b74ed6f47..a4d2c2186 100644
--- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -87,7 +87,7 @@
       "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 91a11e58f..4ee157222 100644
--- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -87,7 +87,7 @@
       "version": "Wzc5NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index f54e45d6a..a66b2d273 100644
--- a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index 18ec52165..8026201dc 100644
--- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 142b4adc3..7b1d4218c 100644
--- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -82,7 +82,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index a2215e655..ecee23717 100644
--- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
index 3b06eef20..5bc7096af 100644
--- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
+++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
@@ -82,7 +82,7 @@
       "version": "Wzc1NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index e2cdd9f94..20c4602fa 100644
--- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -127,7 +127,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
index 74f8fb0aa..4aef07405 100644
--- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
+++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
@@ -92,7 +92,7 @@
       "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 7f1ab8fa7..87f4d1312 100644
--- a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index e292b3298..2a7c00e02 100644
--- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -72,7 +72,7 @@
       "version": "Wzc4NCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index e305726ca..c87499cb2 100644
--- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -112,7 +112,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index d0112a7a6..11466d8b3 100644
--- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -122,7 +122,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
index 4a2a1c616..6b16b866d 100644
--- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
+++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
@@ -122,7 +122,7 @@
       "version": "Wzg0OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 31c806d12..4a0662d81 100644
--- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -107,7 +107,7 @@
       "version": "Wzg3OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index 89ec527d8..aa6e79a92 100644
--- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -117,7 +117,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 853b211bb..2c76bc4aa 100644
--- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -72,7 +72,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 00a6c4981..5662a236d 100644
--- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -92,7 +92,7 @@
       "version": "WzkyOSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 5f8282a50..91bb38e7c 100644
--- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -127,7 +127,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index f3bba8680..c8a16794f 100644
--- a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json b/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
index b9933bd14..846e46991 100644
--- a/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
+++ b/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
@@ -162,7 +162,7 @@
       "version": "WzkxNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 514921616..3075858b3 100644
--- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -102,7 +102,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index 552ec76ed..dc646ef18 100644
--- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
index c0d4369cd..ac2493564 100644
--- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
+++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
@@ -82,7 +82,7 @@
       "version": "Wzg4MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index faf87068c..58e51d154 100644
--- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -97,7 +97,7 @@
       "version": "Wzg4OCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 0e0307fc5..2d6254453 100644
--- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -87,7 +87,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index 60c9a655e..f8be11f76 100644
--- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index bdef4b3f1..0296c5961 100644
--- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 13996bf11..85a91b8d8 100644
--- a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -47,7 +47,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
index 03fd74a7d..8b05d929b 100644
--- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
+++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
@@ -97,7 +97,7 @@
       "version": "Wzg2MSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index e1a2a9238..896aca630 100644
--- a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index cd1a92675..fd893e831 100644
--- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -77,7 +77,7 @@
       "version": "Wzc4NCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
index c45de9309..dee09358c 100644
--- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
+++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
@@ -122,7 +122,7 @@
       "version": "Wzg4NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index bf608fd03..3dd4a6e42 100644
--- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -82,7 +82,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 096db88f3..548687248 100644
--- a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index bc3b3c17f..f7728c6d0 100644
--- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index 322eea8c8..bfc44433c 100644
--- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -117,7 +117,7 @@
       "version": "Wzg1OCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index e11b1f480..4c73ffc1f 100644
--- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 20d8b42fc..160fc15e0 100644
--- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index edebcf69f..452c35624 100644
--- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 07765dddb..65c31c787 100644
--- a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -62,7 +62,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
index 8a86e2413..99e6973d8 100644
--- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
+++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
@@ -102,7 +102,7 @@
       "version": "WzgzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 1b7ea148d..8ea92286e 100644
--- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index e6d5bd10a..f1a565ea7 100644
--- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -102,7 +102,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index c299acb16..a75130ab5 100644
--- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -122,7 +122,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index 4abfe5511..513305756 100644
--- a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
index 8aaa0560b..e7ff8cdcb 100644
--- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
+++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
@@ -82,7 +82,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index eac725d51..d597ea8c2 100644
--- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -87,7 +87,7 @@
       "version": "Wzg2MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index c271c8a5f..351ed9f01 100644
--- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -167,7 +167,7 @@
       "version": "Wzc4NiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 6d2a0bd8f..9e1d8a715 100644
--- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -87,7 +87,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index 1d35f1ca1..f907ad541 100644
--- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 2ed3b4d80..9f23a37de 100644
--- a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json b/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
index 3d389fcdd..16f04da0c 100644
--- a/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
+++ b/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
@@ -92,7 +92,7 @@
       "version": "WzkxNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 195a2565e..833ac3d1b 100644
--- a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index 07458e575..f69a65ba2 100644
--- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json b/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
index bc33dfb0e..992bea2ab 100644
--- a/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
+++ b/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
@@ -156,7 +156,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
index 4836a1f35..f1f1eedb0 100644
--- a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
+++ b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
@@ -65,7 +65,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
index f2206aca4..8a6cdefaa 100644
--- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
@@ -55,7 +55,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
index b9ef83116..5be94e53a 100644
--- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
+++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
@@ -115,7 +115,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json b/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
index be7415292..5cf4d2a31 100644
--- a/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
+++ b/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
@@ -255,7 +255,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
index 3074d3607..a6775619c 100644
--- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
@@ -80,7 +80,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
index 503bb1577..f75eebfcb 100644
--- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
+++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
@@ -75,7 +75,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
index eebf8bed5..c3f58fe19 100644
--- a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
+++ b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
@@ -65,7 +65,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
index 9f8de2bfa..dfac9c304 100644
--- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
+++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
@@ -65,7 +65,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/Metricbeat-host-overview.json b/dashboards/dashboards/beats/Metricbeat-host-overview.json
index 3b7e24c05..4ba39d32e 100644
--- a/dashboards/dashboards/beats/Metricbeat-host-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-host-overview.json
@@ -442,7 +442,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/Metricbeat-system-overview.json b/dashboards/dashboards/beats/Metricbeat-system-overview.json
index 3c39d59a6..9249f5a88 100644
--- a/dashboards/dashboards/beats/Metricbeat-system-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-system-overview.json
@@ -332,7 +332,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
index 40dd005fe..71da3c9c1 100644
--- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
+++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
@@ -70,7 +70,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 7227ebb8f..406439da6 100644
--- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -72,7 +72,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
index 23850346b..7a220d7b4 100644
--- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
+++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
@@ -82,7 +82,7 @@
       "version": "WzY5MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
index d0317e3bb..6d56e888e 100644
--- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
+++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
@@ -77,7 +77,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
index 8502e9cbd..f859120c2 100644
--- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
+++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index 2a0fe675a..5c14e27e6 100644
--- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
index 255af61e6..357f34edb 100644
--- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
+++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
@@ -112,7 +112,7 @@
       "version": "WzczOSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index ea0a95ffa..24baf6363 100644
--- a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 7edd857ba..05a0e8308 100644
--- a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
index 1915bb579..aca52b10c 100644
--- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
+++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
@@ -107,7 +107,7 @@
       "version": "WzgzOCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 228706bb6..993c5b6b8 100644
--- a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json b/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
index 478f6e695..fce03aee8 100644
--- a/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
+++ b/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
@@ -127,7 +127,7 @@
       "version": "Wzg3NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index a1b6fde84..fe7fce269 100644
--- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -97,7 +97,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 7dcda552d..36da0f08a 100644
--- a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -47,7 +47,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index fd6660caf..3cd5f2c3c 100644
--- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -137,7 +137,7 @@
       "version": "Wzg2MSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json b/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
new file mode 100644
index 000000000..e55d71ea6
--- /dev/null
+++ b/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
@@ -0,0 +1,386 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"highlightAll\":false,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}"
+        },
+        "optionsJSON": "{\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":30,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":6,\"h\":11,\"i\":\"a6ffc7a4-29a1-4d5f-900c-8ca665823507\"},\"panelIndex\":\"a6ffc7a4-29a1-4d5f-900c-8ca665823507\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":34,\"h\":11,\"i\":\"de0b7972-3a80-4fd6-975e-5eee947e2974\"},\"panelIndex\":\"de0b7972-3a80-4fd6-975e-5eee947e2974\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":11,\"w\":18,\"h\":40,\"i\":\"dcf04f75-5ec7-464c-9404-6b36cdf817fa\"},\"panelIndex\":\"dcf04f75-5ec7-464c-9404-6b36cdf817fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":11,\"w\":11,\"h\":18,\"i\":\"da3c19bb-ae77-41c0-94be-6851e96728f0\"},\"panelIndex\":\"da3c19bb-ae77-41c0-94be-6851e96728f0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":37,\"y\":11,\"w\":11,\"h\":18,\"i\":\"ada87d97-45a6-4c96-9553-cc5d588d769b\"},\"panelIndex\":\"ada87d97-45a6-4c96-9553-cc5d588d769b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":29,\"w\":11,\"h\":22,\"i\":\"09af00b0-2d22-4f12-8f3a-955df7185512\"},\"panelIndex\":\"09af00b0-2d22-4f12-8f3a-955df7185512\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":37,\"y\":29,\"w\":11,\"h\":22,\"i\":\"9e0f10b6-9210-45b0-b859-85494dd3639e\"},\"panelIndex\":\"9e0f10b6-9210-45b0-b859-85494dd3639e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":8,\"h\":21,\"i\":\"81a6885e-4db9-4a57-b755-f23f31f96d3e\"},\"panelIndex\":\"81a6885e-4db9-4a57-b755-f23f31f96d3e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":48,\"i\":\"6e585f3b-2d0b-4ac3-bab5-bbe56527b073\"},\"panelIndex\":\"6e585f3b-2d0b-4ac3-bab5-bbe56527b073\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]",
+        "timeRestore": false,
+        "title": "PostgreSQL",
+        "version": 1
+      },
+      "id": "f2c0da10-d2c5-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+          "name": "panel_0",
+          "type": "visualization"
+        },
+        {
+          "id": "3b7dc330-d2c6-11ef-8864-d58a560dc292",
+          "name": "panel_1",
+          "type": "visualization"
+        },
+        {
+          "id": "99f62e20-d2c6-11ef-8864-d58a560dc292",
+          "name": "panel_2",
+          "type": "visualization"
+        },
+        {
+          "id": "192b7ce0-d2c7-11ef-8864-d58a560dc292",
+          "name": "panel_3",
+          "type": "visualization"
+        },
+        {
+          "id": "b32f96a0-d2c7-11ef-8864-d58a560dc292",
+          "name": "panel_4",
+          "type": "visualization"
+        },
+        {
+          "id": "ee6b77c0-d2c7-11ef-8864-d58a560dc292",
+          "name": "panel_5",
+          "type": "visualization"
+        },
+        {
+          "id": "299afcd0-d2c8-11ef-8864-d58a560dc292",
+          "name": "panel_6",
+          "type": "visualization"
+        },
+        {
+          "id": "52b0b7e0-d2c8-11ef-8864-d58a560dc292",
+          "name": "panel_7",
+          "type": "visualization"
+        },
+        {
+          "id": "5492dad0-d2c7-11ef-8864-d58a560dc292",
+          "name": "panel_8",
+          "type": "visualization"
+        },
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "panel_9",
+          "type": "search"
+        }
+      ],
+      "type": "dashboard",
+      "updated_at": "2025-01-14T22:39:42.204Z",
+      "version": "WzExMTgsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:04:16.251Z",
+      "version": "WzEwNTAsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Log Count",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Log Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"
+      },
+      "id": "3b7dc330-d2c6-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:24:32.954Z",
+      "version": "WzExMDcsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Log Count Over Time",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Log Count Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-33y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "99f62e20-d2c6-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:26:30.018Z",
+      "version": "WzExMDgsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Database",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Database\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.postgresql.database\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"\",\"customLabel\":\"Database\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.postgresql.database\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Database\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "192b7ce0-d2c7-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:30:33.963Z",
+      "version": "WzExMTEsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Action and Results",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Action and Results\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "b32f96a0-d2c7-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:34:21.834Z",
+      "version": "WzExMTMsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Application",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Application\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.postgresql.application_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "ee6b77c0-d2c7-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:36:01.211Z",
+      "version": "WzExMTUsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Source IP",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "299afcd0-d2c8-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:37:40.508Z",
+      "version": "WzExMTYsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - Destination IP",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "52b0b7e0-d2c8-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:38:49.437Z",
+      "version": "WzExMTcsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "PostgreSQL - User",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"PostgreSQL - User\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"related.user\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "5492dad0-d2c7-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-14T22:31:43.101Z",
+      "version": "WzExMTIsMV0="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "source.ip",
+          "destination.ip",
+          "zeek.postgresql.database",
+          "zeek.postgresql.application_name",
+          "related.user",
+          "event.action",
+          "event.result",
+          "zeek.postgresql.frontend_arg",
+          "zeek.postgresql.backend_arg",
+          "zeek.postgresql.rows",
+          "event.id"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:postgresql\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [],
+        "title": "PostgreSQL - Logs",
+        "version": 1
+      },
+      "id": "c0fc5f90-d2c5-11ef-8864-d58a560dc292",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2025-01-14T22:20:25.992Z",
+      "version": "WzExMDQsMV0="
+    }
+  ],
+  "version": "2.18.0"
+}
diff --git a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 1784b7895..15540b85f 100644
--- a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index d0b5abd05..acdb18967 100644
--- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index b2dd8a422..6001c3b27 100644
--- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -77,7 +77,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
index f59e64de4..18de1ce0c 100644
--- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
+++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
@@ -102,7 +102,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,

From 77d6996d854b118feec65983931ebd66cbe08c96 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Tue, 14 Jan 2025 16:16:36 -0700
Subject: [PATCH 38/53] for cisagov/Malcolm#551, URL pivot links in dashboards
 (ignore date/times)

---
 dashboards/scripts/index-refresh.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
index 061463db9..bb14970e8 100755
--- a/dashboards/scripts/index-refresh.py
+++ b/dashboards/scripts/index-refresh.py
@@ -336,9 +336,13 @@ def main():
         #        },
         #        ...
         #    }
-
+        pivotIgnoreTypes = ['date']
         if args.opensearchMode != malcolm_utils.DatabaseMode.ElasticsearchRemote:
-            for field in [x for x in getFieldsList if x['name'][:1].isalpha() and x['name'] not in fieldFormatMap]:
+            for field in [
+                x
+                for x in getFieldsList
+                if x['name'][:1].isalpha() and (x['name'] not in fieldFormatMap) and (x['type'] not in pivotIgnoreTypes)
+            ]:
                 fieldFormatInfo = {}
                 fieldFormatInfo['id'] = 'url'
                 fieldFormatInfo['params'] = {}

From 33c05c7117173cc418b7b073427507a85ba1f55a Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 08:24:43 -0700
Subject: [PATCH 39/53] start of omron fins integration, cisagov/Malcolm#554

---
 Dockerfiles/zeek.Dockerfile                   |    2 +-
 arkime/etc/config.ini                         | 1632 ++++++++++-------
 .../composable/component/zeek_ot.json         |  229 +++
 docs/protocols.md                             |    3 +-
 logstash/maps/service_ports.yaml              |    2 +
 logstash/maps/zeek_log_ecs_categories.yaml    |    2 +
 logstash/pipelines/enrichment/11_lookups.conf |    1 +
 .../pipelines/zeek/1171_zeek_omron_fins.conf  |  209 +++
 logstash/pipelines/zeek/1200_zeek_mutate.conf |   13 +
 scripts/zeek_script_to_malcolm_boilerplate.py |   58 +-
 shared/bin/zeek_install_plugins.sh            |    1 +
 11 files changed, 1433 insertions(+), 719 deletions(-)
 create mode 100644 logstash/pipelines/zeek/1171_zeek_omron_fins.conf

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index 961a3e27d..0515e0a0a 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -182,7 +182,7 @@ RUN groupadd --gid ${DEFAULT_GID} ${PUSER} && \
 
 # sanity checks to make sure the plugins installed and copied over correctly
 # these ENVs should match the third party scripts/plugins installed by zeek_install_plugins.sh
-ENV ZEEK_THIRD_PARTY_PLUGINS_GREP  "(Zeek::Spicy|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SPICY_HART_IP_UDP|ANALYZER_SPICY_HART_IP_TCP|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_GE_SRTP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS|Seiso::Kafka)"
+ENV ZEEK_THIRD_PARTY_PLUGINS_GREP  "(Zeek::Spicy|ANALYZER_SPICY_OSPF|ANALYZER_SPICY_OPENVPN_UDP\b|ANALYZER_SPICY_IPSEC_UDP\b|ANALYZER_SPICY_TFTP|ANALYZER_SPICY_WIREGUARD|ANALYZER_SPICY_HART_IP_UDP|ANALYZER_SPICY_HART_IP_TCP|ANALYZER_OMRON_FINS_TCP|ANALYZER_OMRON_FINS_UDP|ANALYZER_SYNCHROPHASOR_TCP|ANALYZER_GENISYS_TCP|ANALYZER_SPICY_GE_SRTP|ANALYZER_SPICY_PROFINET_IO_CM|ANALYZER_S7COMM_TCP|Corelight::PE_XOR|ICSNPP::BACnet|ICSNPP::BSAP|ICSNPP::ENIP|ICSNPP::ETHERCAT|ICSNPP::OPCUA_Binary|Salesforce::GQUIC|Zeek::PROFINET|Zeek::TDS|Seiso::Kafka)"
 ENV ZEEK_THIRD_PARTY_SCRIPTS_GREP  "(bro-is-darknet/main|bro-simple-scan/scan|bzar/main|callstranger-detector/callstranger|cve-2020-0601/cve-2020-0601|cve-2020-13777/cve-2020-13777|CVE-2020-16898/CVE-2020-16898|CVE-2021-1675/main|CVE-2021-31166/detect|CVE-2021-38647/omigod|CVE-2021-41773/CVE_2021_41773|CVE-2021-42292/main|cve-2021-44228/CVE_2021_44228|cve-2022-21907/main|cve-2022-22954/main|CVE-2022-23270-PPTP/main|CVE-2022-24491/main|CVE-2022-24497/main|cve-2022-26809/main|CVE-2022-26937/main|CVE-2022-30216/main|CVE-2022-3602/__load__|hassh/hassh|http-more-files-names/main|ja4/main|pingback/detect|ripple20/ripple20|SIGRed/CVE-2020-1350|zeek-agenttesla-detector/main|zeek-asyncrat-detector/main|zeek-EternalSafety/main|zeek-httpattacks/main|zeek-netsupport-detector/main|zeek-quasarrat-detector/main|zeek-sniffpass/__load__|zeek-strrat-detector/main|zerologon/main)\.(zeek|bro)"
 
 RUN mkdir -p /tmp/logs && \
diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini
index 109017fc2..839e6996c 100644
--- a/arkime/etc/config.ini
+++ b/arkime/etc/config.ini
@@ -543,39 +543,39 @@ zeek.ftp.data_channel.resp_p=db:zeek.ftp.data_channel.resp_p;group:zeek_ftp;kind
 
 # ge_srtp.log
 #
-zeek.ge_srtp.srtp_type=db:zeek.ge_srtp.srtp_type;group:zeek_ge_srtp;kind:termfield;friendly:srtp_type;help:srtp_type
-zeek.ge_srtp.sequence_number_1=db:zeek.ge_srtp.sequence_number_1;group:zeek_ge_srtp;kind:integer;friendly:sequence_number_1;help:sequence_number_1
-zeek.ge_srtp.text_length=db:zeek.ge_srtp.text_length;group:zeek_ge_srtp;kind:integer;friendly:text_length;help:text_length
-zeek.ge_srtp.time_seconds=db:zeek.ge_srtp.time_seconds;group:zeek_ge_srtp;kind:integer;friendly:time_seconds;help:time_seconds
-zeek.ge_srtp.time_minutes=db:zeek.ge_srtp.time_minutes;group:zeek_ge_srtp;kind:integer;friendly:time_minutes;help:time_minutes
-zeek.ge_srtp.time_hours=db:zeek.ge_srtp.time_hours;group:zeek_ge_srtp;kind:integer;friendly:time_hours;help:time_hours
-zeek.ge_srtp.sequence_number_2=db:zeek.ge_srtp.sequence_number_2;group:zeek_ge_srtp;kind:integer;friendly:sequence_number_2;help:sequence_number_2
-zeek.ge_srtp.message_type=db:zeek.ge_srtp.message_type;group:zeek_ge_srtp;kind:termfield;friendly:message_type;help:message_type
-zeek.ge_srtp.mailbox_source=db:zeek.ge_srtp.mailbox_source;group:zeek_ge_srtp;kind:termfield;friendly:mailbox_source;help:mailbox_source
-zeek.ge_srtp.mailbox_destination=db:zeek.ge_srtp.mailbox_destination;group:zeek_ge_srtp;kind:termfield;friendly:mailbox_destination;help:mailbox_destination
-zeek.ge_srtp.packet_number=db:zeek.ge_srtp.packet_number;group:zeek_ge_srtp;kind:integer;friendly:packet_number;help:packet_number
-zeek.ge_srtp.total_packet_number=db:zeek.ge_srtp.total_packet_number;group:zeek_ge_srtp;kind:integer;friendly:total_packet_number;help:total_packet_number
-zeek.ge_srtp.service_request_code=db:zeek.ge_srtp.service_request_code;group:zeek_ge_srtp;kind:termfield;friendly:service_request_code;help:service_request_code
-zeek.ge_srtp.segment_selector=db:zeek.ge_srtp.segment_selector;group:zeek_ge_srtp;kind:termfield;friendly:segment_selector;help:segment_selector
-zeek.ge_srtp.memory_offset=db:zeek.ge_srtp.memory_offset;group:zeek_ge_srtp;kind:integer;friendly:memory_offset;help:memory_offset
-zeek.ge_srtp.data_length=db:zeek.ge_srtp.data_length;group:zeek_ge_srtp;kind:integer;friendly:data_length;help:data_length
-zeek.ge_srtp.status_code=db:zeek.ge_srtp.status_code;group:zeek_ge_srtp;kind:termfield;friendly:status_code;help:status_code
-zeek.ge_srtp.minor_status_code=db:zeek.ge_srtp.minor_status_code;group:zeek_ge_srtp;kind:termfield;friendly:minor_status_code;help:minor_status_code
-zeek.ge_srtp.data_requested=db:zeek.ge_srtp.data_requested;group:zeek_ge_srtp;kind:termfield;friendly:data_requested;help:data_requested
-zeek.ge_srtp.control_program_number=db:zeek.ge_srtp.control_program_number;group:zeek_ge_srtp;kind:integer;friendly:control_program_number;help:control_program_number
-zeek.ge_srtp.current_privilege_level=db:zeek.ge_srtp.current_privilege_level;group:zeek_ge_srtp;kind:integer;friendly:current_privilege_level;help:current_privilege_level
-zeek.ge_srtp.last_sweep_time=db:zeek.ge_srtp.last_sweep_time;group:zeek_ge_srtp;kind:integer;friendly:last_sweep_time;help:last_sweep_time
-zeek.ge_srtp.oversweep_flag=db:zeek.ge_srtp.oversweep_flag;group:zeek_ge_srtp;kind:termfield;friendly:oversweep_flag;help:oversweep_flag
-zeek.ge_srtp.constant_sweep_mode=db:zeek.ge_srtp.constant_sweep_mode;group:zeek_ge_srtp;kind:termfield;friendly:constant_sweep_mode;help:constant_sweep_mode
-zeek.ge_srtp.plc_fault_entry_last_read=db:zeek.ge_srtp.plc_fault_entry_last_read;group:zeek_ge_srtp;kind:termfield;friendly:plc_fault_entry_last_read;help:plc_fault_entry_last_read
-zeek.ge_srtp.io_fault_entry_last_read=db:zeek.ge_srtp.io_fault_entry_last_read;group:zeek_ge_srtp;kind:termfield;friendly:io_fault_entry_last_read;help:io_fault_entry_last_read
-zeek.ge_srtp.plc_fault_entry_present=db:zeek.ge_srtp.plc_fault_entry_present;group:zeek_ge_srtp;kind:termfield;friendly:plc_fault_entry_present;help:plc_fault_entry_present
-zeek.ge_srtp.io_fault_entry_present=db:zeek.ge_srtp.io_fault_entry_present;group:zeek_ge_srtp;kind:termfield;friendly:io_fault_entry_present;help:io_fault_entry_present
-zeek.ge_srtp.programmer_attachment=db:zeek.ge_srtp.programmer_attachment;group:zeek_ge_srtp;kind:termfield;friendly:programmer_attachment;help:programmer_attachment
-zeek.ge_srtp.front_panel_enable_switch=db:zeek.ge_srtp.front_panel_enable_switch;group:zeek_ge_srtp;kind:termfield;friendly:front_panel_enable_switch;help:front_panel_enable_switch
-zeek.ge_srtp.front_panel_run_switch=db:zeek.ge_srtp.front_panel_run_switch;group:zeek_ge_srtp;kind:termfield;friendly:front_panel_run_switch;help:front_panel_run_switch
-zeek.ge_srtp.oem_protected=db:zeek.ge_srtp.oem_protected;group:zeek_ge_srtp;kind:termfield;friendly:oem_protected;help:oem_protected
-zeek.ge_srtp.plc_state=db:zeek.ge_srtp.plc_state;group:zeek_ge_srtp;kind:termfield;friendly:plc_state;help:plc_state
+zeek.ge_srtp.srtp_type=db:zeek.ge_srtp.srtp_type;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:srtp_type;help:srtp_type
+zeek.ge_srtp.sequence_number_1=db:zeek.ge_srtp.sequence_number_1;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:sequence_number_1;help:sequence_number_1
+zeek.ge_srtp.text_length=db:zeek.ge_srtp.text_length;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:text_length;help:text_length
+zeek.ge_srtp.time_seconds=db:zeek.ge_srtp.time_seconds;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:time_seconds;help:time_seconds
+zeek.ge_srtp.time_minutes=db:zeek.ge_srtp.time_minutes;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:time_minutes;help:time_minutes
+zeek.ge_srtp.time_hours=db:zeek.ge_srtp.time_hours;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:time_hours;help:time_hours
+zeek.ge_srtp.sequence_number_2=db:zeek.ge_srtp.sequence_number_2;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:sequence_number_2;help:sequence_number_2
+zeek.ge_srtp.message_type=db:zeek.ge_srtp.message_type;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:message_type;help:message_type
+zeek.ge_srtp.mailbox_source=db:zeek.ge_srtp.mailbox_source;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:mailbox_source;help:mailbox_source
+zeek.ge_srtp.mailbox_destination=db:zeek.ge_srtp.mailbox_destination;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:mailbox_destination;help:mailbox_destination
+zeek.ge_srtp.packet_number=db:zeek.ge_srtp.packet_number;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:packet_number;help:packet_number
+zeek.ge_srtp.total_packet_number=db:zeek.ge_srtp.total_packet_number;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:total_packet_number;help:total_packet_number
+zeek.ge_srtp.service_request_code=db:zeek.ge_srtp.service_request_code;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:service_request_code;help:service_request_code
+zeek.ge_srtp.segment_selector=db:zeek.ge_srtp.segment_selector;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:segment_selector;help:segment_selector
+zeek.ge_srtp.memory_offset=db:zeek.ge_srtp.memory_offset;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:memory_offset;help:memory_offset
+zeek.ge_srtp.data_length=db:zeek.ge_srtp.data_length;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:data_length;help:data_length
+zeek.ge_srtp.status_code=db:zeek.ge_srtp.status_code;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:status_code;help:status_code
+zeek.ge_srtp.minor_status_code=db:zeek.ge_srtp.minor_status_code;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:minor_status_code;help:minor_status_code
+zeek.ge_srtp.data_requested=db:zeek.ge_srtp.data_requested;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:data_requested;help:data_requested
+zeek.ge_srtp.control_program_number=db:zeek.ge_srtp.control_program_number;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:control_program_number;help:control_program_number
+zeek.ge_srtp.current_privilege_level=db:zeek.ge_srtp.current_privilege_level;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:current_privilege_level;help:current_privilege_level
+zeek.ge_srtp.last_sweep_time=db:zeek.ge_srtp.last_sweep_time;group:zeek_ge_srtp;kind:integer;viewerOnly:true;friendly:last_sweep_time;help:last_sweep_time
+zeek.ge_srtp.oversweep_flag=db:zeek.ge_srtp.oversweep_flag;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:oversweep_flag;help:oversweep_flag
+zeek.ge_srtp.constant_sweep_mode=db:zeek.ge_srtp.constant_sweep_mode;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:constant_sweep_mode;help:constant_sweep_mode
+zeek.ge_srtp.plc_fault_entry_last_read=db:zeek.ge_srtp.plc_fault_entry_last_read;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:plc_fault_entry_last_read;help:plc_fault_entry_last_read
+zeek.ge_srtp.io_fault_entry_last_read=db:zeek.ge_srtp.io_fault_entry_last_read;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:io_fault_entry_last_read;help:io_fault_entry_last_read
+zeek.ge_srtp.plc_fault_entry_present=db:zeek.ge_srtp.plc_fault_entry_present;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:plc_fault_entry_present;help:plc_fault_entry_present
+zeek.ge_srtp.io_fault_entry_present=db:zeek.ge_srtp.io_fault_entry_present;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:io_fault_entry_present;help:io_fault_entry_present
+zeek.ge_srtp.programmer_attachment=db:zeek.ge_srtp.programmer_attachment;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:programmer_attachment;help:programmer_attachment
+zeek.ge_srtp.front_panel_enable_switch=db:zeek.ge_srtp.front_panel_enable_switch;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:front_panel_enable_switch;help:front_panel_enable_switch
+zeek.ge_srtp.front_panel_run_switch=db:zeek.ge_srtp.front_panel_run_switch;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:front_panel_run_switch;help:front_panel_run_switch
+zeek.ge_srtp.oem_protected=db:zeek.ge_srtp.oem_protected;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:oem_protected;help:oem_protected
+zeek.ge_srtp.plc_state=db:zeek.ge_srtp.plc_state;group:zeek_ge_srtp;kind:termfield;viewerOnly:true;friendly:plc_state;help:plc_state
 
 # genisys.log
 # https://github.com/cisagov/icsnpp-genisys
@@ -598,612 +598,612 @@ zeek.gquic.cyutags=db:zeek.gquic.cyutags;group:zeek_gquic;kind:termfield;viewerO
 
 # hart_ip_common_commands.log
 # https://github.com/cisagov/icsnpp-hart-ip
-zeek.hart_ip_common_commands.read_device_variables_request_slot0_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot0_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_request_slot0_device_variable_code;help:read_device_variables_request_slot0_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_request_slot1_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot1_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_request_slot1_device_variable_code;help:read_device_variables_request_slot1_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_request_slot2_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot2_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_request_slot2_device_variable_code;help:read_device_variables_request_slot2_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_request_slot3_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot3_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_request_slot3_device_variable_code;help:read_device_variables_request_slot3_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_response_slot0_device_variable_code;help:read_device_variables_response_slot0_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot0_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot0_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot0_units_code;help:read_device_variables_response_slot0_units_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot0_device_variable;help:read_device_variables_response_slot0_device_variable
-zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_response_slot1_device_variable_code;help:read_device_variables_response_slot1_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot1_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot1_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot1_units_code;help:read_device_variables_response_slot1_units_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot1_device_variable;help:read_device_variables_response_slot1_device_variable
-zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_response_slot2_device_variable_code;help:read_device_variables_response_slot2_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot2_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot2_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot2_units_code;help:read_device_variables_response_slot2_units_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot2_device_variable;help:read_device_variables_response_slot2_device_variable
-zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variables_response_slot3_device_variable_code;help:read_device_variables_response_slot3_device_variable_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot3_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot3_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot3_units_code;help:read_device_variables_response_slot3_units_code
-zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variables_response_slot3_device_variable;help:read_device_variables_response_slot3_device_variable
-zeek.hart_ip_common_commands.write_primary_variable_damping_value_pv_damping_value=db:zeek.hart_ip_common_commands.write_primary_variable_damping_value_pv_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_primary_variable_damping_value_pv_damping_value;help:write_primary_variable_damping_value_pv_damping_value
-zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code=db:zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code;help:write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code
-zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_range_value=db:zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_range_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_primary_variable_range_values_pv_upper_range_value;help:write_primary_variable_range_values_pv_upper_range_value
-zeek.hart_ip_common_commands.write_primary_variable_range_values_p_v_lower_range_value=db:zeek.hart_ip_common_commands.write_primary_variable_range_values_p_v_lower_range_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_primary_variable_range_values_p_v_lower_range_value;help:write_primary_variable_range_values_p_v_lower_range_value
-zeek.hart_ip_common_commands.eeprom_control_eeprom_control_code=db:zeek.hart_ip_common_commands.eeprom_control_eeprom_control_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:eeprom_control_eeprom_control_code;help:eeprom_control_eeprom_control_code
-zeek.hart_ip_common_commands.enter_exit_fixed_current_mode_pv_fixed_current_level=db:zeek.hart_ip_common_commands.enter_exit_fixed_current_mode_pv_fixed_current_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:enter_exit_fixed_current_mode_pv_fixed_current_level;help:enter_exit_fixed_current_mode_pv_fixed_current_level
-zeek.hart_ip_common_commands.write_primary_variable_units_pv_unit_codes=db:zeek.hart_ip_common_commands.write_primary_variable_units_pv_unit_codes;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_primary_variable_units_pv_unit_codes;help:write_primary_variable_units_pv_unit_codes
-zeek.hart_ip_common_commands.trim_loop_current_zero_measured_pv_loop_current_level=db:zeek.hart_ip_common_commands.trim_loop_current_zero_measured_pv_loop_current_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:trim_loop_current_zero_measured_pv_loop_current_level;help:trim_loop_current_zero_measured_pv_loop_current_level
-zeek.hart_ip_common_commands.trim_loop_current_gain_measured_pv_loop_current_level=db:zeek.hart_ip_common_commands.trim_loop_current_gain_measured_pv_loop_current_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:trim_loop_current_gain_measured_pv_loop_current_level;help:trim_loop_current_gain_measured_pv_loop_current_level
-zeek.hart_ip_common_commands.write_primary_variable_transfer_function_p_v_transfer_function_code=db:zeek.hart_ip_common_commands.write_primary_variable_transfer_function_p_v_transfer_function_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_primary_variable_transfer_function_p_v_transfer_function_code;help:write_primary_variable_transfer_function_p_v_transfer_function_code
-zeek.hart_ip_common_commands.write_primary_variable_transducer_serial_number_pv_transducer_serial_number=db:zeek.hart_ip_common_commands.write_primary_variable_transducer_serial_number_pv_transducer_serial_number;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_primary_variable_transducer_serial_number_pv_transducer_serial_number;help:write_primary_variable_transducer_serial_number_pv_transducer_serial_number
-zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable
-zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable
-zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable
-zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable
-zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable
-zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable
-zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable
-zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable
-zeek.hart_ip_common_commands.set_device_variable_zero_device_variable_zeroed=db:zeek.hart_ip_common_commands.set_device_variable_zero_device_variable_zeroed;group:zeek_hart_ip_common_commands;kind:integer;friendly:set_device_variable_zero_device_variable_zeroed;help:set_device_variable_zero_device_variable_zeroed
-zeek.hart_ip_common_commands.write_device_variable_units_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_units_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_units_device_variable_code;help:write_device_variable_units_device_variable_code
-zeek.hart_ip_common_commands.write_device_variable_units_device_variable_units_code=db:zeek.hart_ip_common_commands.write_device_variable_units_device_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_units_device_variable_units_code;help:write_device_variable_units_device_variable_units_code
-zeek.hart_ip_common_commands.read_device_variable_information_request_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variable_information_request_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variable_information_request_device_variable_code;help:read_device_variable_information_request_device_variable_code
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variable_information_response_device_variable_code;help:read_device_variable_information_response_device_variable_code
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_transducer_serial_number=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_transducer_serial_number;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variable_information_response_device_variable_transducer_serial_number;help:read_device_variable_information_response_device_variable_transducer_serial_number
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_limits_minimum_span_units_code=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_limits_minimum_span_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_limits_minimum_span_units_code;help:read_device_variable_information_response_device_variable_limits_minimum_span_units_code
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_upper_transducer_limit=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_upper_transducer_limit;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_upper_transducer_limit;help:read_device_variable_information_response_device_variable_upper_transducer_limit
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_lower_transducer_limit=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_lower_transducer_limit;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_lower_transducer_limit;help:read_device_variable_information_response_device_variable_lower_transducer_limit
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_damping_value=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_damping_value;help:read_device_variable_information_response_device_variable_damping_value
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_minimum_span=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_minimum_span;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_minimum_span;help:read_device_variable_information_response_device_variable_minimum_span
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_classification=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_classification;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_classification;help:read_device_variable_information_response_device_variable_classification
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_family=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_family;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_family;help:read_device_variable_information_response_device_variable_family
-zeek.hart_ip_common_commands.read_device_variable_information_response_acquisition_period=db:zeek.hart_ip_common_commands.read_device_variable_information_response_acquisition_period;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_acquisition_period;help:read_device_variable_information_response_acquisition_period
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_simulated=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_simulated;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_properties_is_simulated;help:read_device_variable_information_response_device_variable_properties_is_simulated
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_undefined_bits_1_6=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_undefined_bits_1_6;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variable_information_response_device_variable_properties_undefined_bits_1_6;help:read_device_variable_information_response_device_variable_properties_undefined_bits_1_6
-zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_input=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_input;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_information_response_device_variable_properties_is_input;help:read_device_variable_information_response_device_variable_properties_is_input
-zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_damping_value_device_variable_code;help:write_device_variable_damping_value_device_variable_code
-zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_damping_value=db:zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_damping_value_device_variable_damping_value;help:write_device_variable_damping_value_device_variable_damping_value
-zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_transducer_serial_no_device_variable_code;help:write_device_variable_transducer_serial_no_device_variable_code
-zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_transducer_serial_number=db:zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_transducer_serial_number;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_transducer_serial_no_device_variable_transducer_serial_number;help:write_device_variable_transducer_serial_no_device_variable_transducer_serial_number
-zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_tag=db:zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_tag;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_unit_tag_descriptor_date_response_unit_tag;help:read_unit_tag_descriptor_date_response_unit_tag
-zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_descriptor=db:zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_descriptor;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_unit_tag_descriptor_date_response_unit_descriptor;help:read_unit_tag_descriptor_date_response_unit_descriptor
-zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_date=db:zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_date;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_unit_tag_descriptor_date_response_unit_date;help:read_unit_tag_descriptor_date_response_unit_date
-zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_tag=db:zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_tag;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_unit_tag_descriptor_date_unit_tag;help:write_unit_tag_descriptor_date_unit_tag
-zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_descriptor=db:zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_descriptor;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_unit_tag_descriptor_date_unit_descriptor;help:write_unit_tag_descriptor_date_unit_descriptor
-zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_date=db:zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_date;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_unit_tag_descriptor_date_unit_date;help:write_unit_tag_descriptor_date_unit_date
-zeek.hart_ip_common_commands.write_number_of_response_preambles_number_of_preambles=db:zeek.hart_ip_common_commands.write_number_of_response_preambles_number_of_preambles;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_number_of_response_preambles_number_of_preambles;help:write_number_of_response_preambles_number_of_preambles
-zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_request_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_request_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_and_percent_of_range_request_analog_channel_number_code;help:read_analog_channel_and_percent_of_range_request_analog_channel_number_code
-zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_number_code;help:read_analog_channel_and_percent_of_range_response_analog_channel_number_code
-zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_units_code=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_units_code;help:read_analog_channel_and_percent_of_range_response_analog_channel_units_code
-zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_level=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_level;help:read_analog_channel_and_percent_of_range_response_analog_channel_level
-zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range;help:read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code
-zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable
-zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot0;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_request_analog_channel_number_code_slot0;help:read_analog_channels_request_analog_channel_number_code_slot0
-zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot1;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_request_analog_channel_number_code_slot1;help:read_analog_channels_request_analog_channel_number_code_slot1
-zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot2;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_request_analog_channel_number_code_slot2;help:read_analog_channels_request_analog_channel_number_code_slot2
-zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot3;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_request_analog_channel_number_code_slot3;help:read_analog_channels_request_analog_channel_number_code_slot3
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot0;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_response_analog_channel_number_code_slot0;help:read_analog_channels_response_analog_channel_number_code_slot0
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot0;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_units_code_slot0;help:read_analog_channels_response_analog_channel_units_code_slot0
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot0;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_level_slot0;help:read_analog_channels_response_analog_channel_level_slot0
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot1;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_response_analog_channel_number_code_slot1;help:read_analog_channels_response_analog_channel_number_code_slot1
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot1;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_units_code_slot1;help:read_analog_channels_response_analog_channel_units_code_slot1
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot1;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_level_slot1;help:read_analog_channels_response_analog_channel_level_slot1
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot2;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_response_analog_channel_number_code_slot2;help:read_analog_channels_response_analog_channel_number_code_slot2
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot2;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_units_code_slot2;help:read_analog_channels_response_analog_channel_units_code_slot2
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot2;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_level_slot2;help:read_analog_channels_response_analog_channel_level_slot2
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot3;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channels_response_analog_channel_number_code_slot3;help:read_analog_channels_response_analog_channel_number_code_slot3
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot3;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_units_code_slot3;help:read_analog_channels_response_analog_channel_units_code_slot3
-zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot3;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channels_response_analog_channel_level_slot3;help:read_analog_channels_response_analog_channel_level_slot3
-zeek.hart_ip_common_commands.read_analog_channel_information_request_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_request_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_information_request_analog_channel_number_code;help:read_analog_channel_information_request_analog_channel_number_code
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_information_response_analog_channel_number_code;help:read_analog_channel_information_response_analog_channel_number_code
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_alarm_selection_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_alarm_selection_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_alarm_selection_code;help:read_analog_channel_information_response_analog_channel_alarm_selection_code
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_transfer_function_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_transfer_function_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_transfer_function_code;help:read_analog_channel_information_response_analog_channel_transfer_function_code
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code;help:read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_range_value=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_range_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_upper_range_value;help:read_analog_channel_information_response_analog_channel_upper_range_value
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_lower_range_value=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_lower_range_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_lower_range_value;help:read_analog_channel_information_response_analog_channel_lower_range_value
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_damping_value=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_damping_value;help:read_analog_channel_information_response_analog_channel_damping_value
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_simulated=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_simulated;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_flags_is_simulated;help:read_analog_channel_information_response_analog_channel_flags_is_simulated
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6;help:read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6
-zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_input=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_input;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_information_response_analog_channel_flags_is_input;help:read_analog_channel_information_response_analog_channel_flags_is_input
-zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_number_code=db:zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_analog_channel_additional_damping_value_analog_channel_number_code;help:write_analog_channel_additional_damping_value_analog_channel_number_code
-zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_damping_value=db:zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_analog_channel_additional_damping_value_analog_channel_damping_value;help:write_analog_channel_additional_damping_value_analog_channel_damping_value
-zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_number_code=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_analog_channel_range_values_analog_channel_number_code;help:write_analog_channel_range_values_analog_channel_number_code
-zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code;help:write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code
-zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_range_value=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_range_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_analog_channel_range_values_analog_channel_upper_range_value;help:write_analog_channel_range_values_analog_channel_upper_range_value
-zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_lower_range_value=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_lower_range_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_analog_channel_range_values_analog_channel_lower_range_value;help:write_analog_channel_range_values_analog_channel_lower_range_value
-zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_number_code=db:zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:enter_exit_fixed_analog_channel_mode_analog_channel_number_code;help:enter_exit_fixed_analog_channel_mode_analog_channel_number_code
-zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_units_code=db:zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:enter_exit_fixed_analog_channel_mode_analog_channel_units_code;help:enter_exit_fixed_analog_channel_mode_analog_channel_units_code
-zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level=db:zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level;help:enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level
-zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_number_code=db:zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:trim_analog_channel_zero_analog_channel_number_code;help:trim_analog_channel_zero_analog_channel_number_code
-zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_units_code=db:zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:trim_analog_channel_zero_analog_channel_units_code;help:trim_analog_channel_zero_analog_channel_units_code
-zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_level=db:zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:trim_analog_channel_zero_analog_channel_level;help:trim_analog_channel_zero_analog_channel_level
-zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_number_code=db:zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:trim_analog_channel_gain_analog_channel_number_code;help:trim_analog_channel_gain_analog_channel_number_code
-zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_units_code=db:zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:trim_analog_channel_gain_analog_channel_units_code;help:trim_analog_channel_gain_analog_channel_units_code
-zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_level=db:zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;friendly:trim_analog_channel_gain_analog_channel_level;help:trim_analog_channel_gain_analog_channel_level
-zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_number_code=db:zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_analog_channel_transfer_function_analog_channel_number_code;help:write_analog_channel_transfer_function_analog_channel_number_code
-zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_units_code=db:zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_analog_channel_transfer_function_analog_channel_units_code;help:write_analog_channel_transfer_function_analog_channel_units_code
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_request_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_request_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_endpoint_values_request_analog_channel_number_code;help:read_analog_channel_endpoint_values_request_analog_channel_number_code
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_analog_channel_endpoint_values_response_analog_channel_number_code;help:read_analog_channel_endpoint_values_response_analog_channel_number_code
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code;help:read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value;help:read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value;help:read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value;help:read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value
-zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value;help:read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value
-zeek.hart_ip_common_commands.lock_device_lock_code=db:zeek.hart_ip_common_commands.lock_device_lock_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:lock_device_lock_code;help:lock_device_lock_code
-zeek.hart_ip_common_commands.squawk_squawk_control=db:zeek.hart_ip_common_commands.squawk_squawk_control;group:zeek_hart_ip_common_commands;kind:termfield;friendly:squawk_squawk_control;help:squawk_squawk_control
-zeek.hart_ip_common_commands.find_device_response_254=db:zeek.hart_ip_common_commands.find_device_response_254;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_254;help:find_device_response_254
-zeek.hart_ip_common_commands.find_device_response_expanded_device_type=db:zeek.hart_ip_common_commands.find_device_response_expanded_device_type;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_expanded_device_type;help:find_device_response_expanded_device_type
-zeek.hart_ip_common_commands.find_device_response_minimum_preambles_master_slave=db:zeek.hart_ip_common_commands.find_device_response_minimum_preambles_master_slave;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_minimum_preambles_master_slave;help:find_device_response_minimum_preambles_master_slave
-zeek.hart_ip_common_commands.find_device_response_hart_protocol_major_revision=db:zeek.hart_ip_common_commands.find_device_response_hart_protocol_major_revision;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_hart_protocol_major_revision;help:find_device_response_hart_protocol_major_revision
-zeek.hart_ip_common_commands.find_device_response_device_revision_level=db:zeek.hart_ip_common_commands.find_device_response_device_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_device_revision_level;help:find_device_response_device_revision_level
-zeek.hart_ip_common_commands.find_device_response_software_revision_level=db:zeek.hart_ip_common_commands.find_device_response_software_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_software_revision_level;help:find_device_response_software_revision_level
-zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
-zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
-zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_c8_psk_in_multi_drop_only;help:find_device_response_flags_c8_psk_in_multi_drop_only
-zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_c8_psk_capable_field_device;help:find_device_response_flags_c8_psk_capable_field_device
-zeek.hart_ip_common_commands.find_device_response_flags_undefined_5=db:zeek.hart_ip_common_commands.find_device_response_flags_undefined_5;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_undefined_5;help:find_device_response_flags_undefined_5
-zeek.hart_ip_common_commands.find_device_response_flags_safehart_capable_field_device=db:zeek.hart_ip_common_commands.find_device_response_flags_safehart_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_safehart_capable_field_device;help:find_device_response_flags_safehart_capable_field_device
-zeek.hart_ip_common_commands.find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_common_commands.find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
-zeek.hart_ip_common_commands.find_device_response_flags_protocol_bridge_device=db:zeek.hart_ip_common_commands.find_device_response_flags_protocol_bridge_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_protocol_bridge_device;help:find_device_response_flags_protocol_bridge_device
-zeek.hart_ip_common_commands.find_device_response_flags_eeprom_control=db:zeek.hart_ip_common_commands.find_device_response_flags_eeprom_control;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_eeprom_control;help:find_device_response_flags_eeprom_control
-zeek.hart_ip_common_commands.find_device_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_common_commands.find_device_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_flags_mutli_sensor_field_device;help:find_device_response_flags_mutli_sensor_field_device
-zeek.hart_ip_common_commands.find_device_response_device_id=db:zeek.hart_ip_common_commands.find_device_response_device_id;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_device_id;help:find_device_response_device_id
-zeek.hart_ip_common_commands.find_device_response_number_preambles_slave_master=db:zeek.hart_ip_common_commands.find_device_response_number_preambles_slave_master;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_number_preambles_slave_master;help:find_device_response_number_preambles_slave_master
-zeek.hart_ip_common_commands.find_device_response_last_device_variable_this=db:zeek.hart_ip_common_commands.find_device_response_last_device_variable_this;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_last_device_variable_this;help:find_device_response_last_device_variable_this
-zeek.hart_ip_common_commands.find_device_response_configuration_change_counter=db:zeek.hart_ip_common_commands.find_device_response_configuration_change_counter;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_configuration_change_counter;help:find_device_response_configuration_change_counter
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_common_commands;kind:integer;friendly:find_device_response_extended_field_device_status_undefined_bits;help:find_device_response_extended_field_device_status_undefined_bits
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_function_check=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_function_check;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_extended_field_device_status_function_check;help:find_device_response_extended_field_device_status_function_check
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_extended_field_device_status_out_of_specification;help:find_device_response_extended_field_device_status_out_of_specification
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_failure=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_failure;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_extended_field_device_status_failure;help:find_device_response_extended_field_device_status_failure
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_extended_field_device_status_critical_power_failure;help:find_device_response_extended_field_device_status_critical_power_failure
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_extended_field_device_status_device_variable_alert;help:find_device_response_extended_field_device_status_device_variable_alert
-zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_extended_field_device_status_maintenance_required;help:find_device_response_extended_field_device_status_maintenance_required
-zeek.hart_ip_common_commands.find_device_response_manufacturer_identification_code=db:zeek.hart_ip_common_commands.find_device_response_manufacturer_identification_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_manufacturer_identification_code;help:find_device_response_manufacturer_identification_code
-zeek.hart_ip_common_commands.find_device_response_private_label_distributor_code=db:zeek.hart_ip_common_commands.find_device_response_private_label_distributor_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_private_label_distributor_code;help:find_device_response_private_label_distributor_code
-zeek.hart_ip_common_commands.find_device_response_device_profile=db:zeek.hart_ip_common_commands.find_device_response_device_profile;group:zeek_hart_ip_common_commands;kind:termfield;friendly:find_device_response_device_profile;help:find_device_response_device_profile
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_io_cards=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_io_cards;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_system_capabilities_response_max_io_cards;help:read_io_system_capabilities_response_max_io_cards
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_channels_per_io_card=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_channels_per_io_card;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_system_capabilities_response_max_channels_per_io_card;help:read_io_system_capabilities_response_max_channels_per_io_card
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_sub_devices_per_channel=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_sub_devices_per_channel;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_system_capabilities_response_max_sub_devices_per_channel;help:read_io_system_capabilities_response_max_sub_devices_per_channel
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_number_of_devices_detected=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_number_of_devices_detected;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_system_capabilities_response_number_of_devices_detected;help:read_io_system_capabilities_response_number_of_devices_detected
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_delayed_responses_supported=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_delayed_responses_supported;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_system_capabilities_response_max_delayed_responses_supported;help:read_io_system_capabilities_response_max_delayed_responses_supported
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_master_mode=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_master_mode;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_io_system_capabilities_response_master_mode;help:read_io_system_capabilities_response_master_mode
-zeek.hart_ip_common_commands.read_io_system_capabilities_response_retry_count=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_retry_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_system_capabilities_response_retry_count;help:read_io_system_capabilities_response_retry_count
-zeek.hart_ip_common_commands.poll_sub_device_request_io_card=db:zeek.hart_ip_common_commands.poll_sub_device_request_io_card;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_request_io_card;help:poll_sub_device_request_io_card
-zeek.hart_ip_common_commands.poll_sub_device_request_channel=db:zeek.hart_ip_common_commands.poll_sub_device_request_channel;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_request_channel;help:poll_sub_device_request_channel
-zeek.hart_ip_common_commands.poll_sub_device_request_sub_device_polling_address=db:zeek.hart_ip_common_commands.poll_sub_device_request_sub_device_polling_address;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_request_sub_device_polling_address;help:poll_sub_device_request_sub_device_polling_address
-zeek.hart_ip_common_commands.poll_sub_device_response_254=db:zeek.hart_ip_common_commands.poll_sub_device_response_254;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_254;help:poll_sub_device_response_254
-zeek.hart_ip_common_commands.poll_sub_device_response_expanded_device_type=db:zeek.hart_ip_common_commands.poll_sub_device_response_expanded_device_type;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_expanded_device_type;help:poll_sub_device_response_expanded_device_type
-zeek.hart_ip_common_commands.poll_sub_device_response_minimum_preambles_master_slave=db:zeek.hart_ip_common_commands.poll_sub_device_response_minimum_preambles_master_slave;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_minimum_preambles_master_slave;help:poll_sub_device_response_minimum_preambles_master_slave
-zeek.hart_ip_common_commands.poll_sub_device_response_hart_protocol_major_revision=db:zeek.hart_ip_common_commands.poll_sub_device_response_hart_protocol_major_revision;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_hart_protocol_major_revision;help:poll_sub_device_response_hart_protocol_major_revision
-zeek.hart_ip_common_commands.poll_sub_device_response_device_revision_level=db:zeek.hart_ip_common_commands.poll_sub_device_response_device_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_device_revision_level;help:poll_sub_device_response_device_revision_level
-zeek.hart_ip_common_commands.poll_sub_device_response_software_revision_level=db:zeek.hart_ip_common_commands.poll_sub_device_response_software_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_software_revision_level;help:poll_sub_device_response_software_revision_level
-zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
-zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_c8_psk_in_multi_drop_only;help:poll_sub_device_response_flags_c8_psk_in_multi_drop_only
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_c8_psk_capable_field_device;help:poll_sub_device_response_flags_c8_psk_capable_field_device
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_undefined_5=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_undefined_5;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_undefined_5;help:poll_sub_device_response_flags_undefined_5
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_safehart_capable_field_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_safehart_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_safehart_capable_field_device;help:poll_sub_device_response_flags_safehart_capable_field_device
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_protocol_bridge_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_protocol_bridge_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_protocol_bridge_device;help:poll_sub_device_response_flags_protocol_bridge_device
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_eeprom_control=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_eeprom_control;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_eeprom_control;help:poll_sub_device_response_flags_eeprom_control
-zeek.hart_ip_common_commands.poll_sub_device_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_flags_mutli_sensor_field_device;help:poll_sub_device_response_flags_mutli_sensor_field_device
-zeek.hart_ip_common_commands.poll_sub_device_response_device_id=db:zeek.hart_ip_common_commands.poll_sub_device_response_device_id;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_device_id;help:poll_sub_device_response_device_id
-zeek.hart_ip_common_commands.poll_sub_device_response_number_preambles_slave_master=db:zeek.hart_ip_common_commands.poll_sub_device_response_number_preambles_slave_master;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_number_preambles_slave_master;help:poll_sub_device_response_number_preambles_slave_master
-zeek.hart_ip_common_commands.poll_sub_device_response_last_device_variable_this=db:zeek.hart_ip_common_commands.poll_sub_device_response_last_device_variable_this;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_last_device_variable_this;help:poll_sub_device_response_last_device_variable_this
-zeek.hart_ip_common_commands.poll_sub_device_response_configuration_change_counter=db:zeek.hart_ip_common_commands.poll_sub_device_response_configuration_change_counter;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_configuration_change_counter;help:poll_sub_device_response_configuration_change_counter
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_common_commands;kind:integer;friendly:poll_sub_device_response_extended_field_device_status_undefined_bits;help:poll_sub_device_response_extended_field_device_status_undefined_bits
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_function_check=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_function_check;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_extended_field_device_status_function_check;help:poll_sub_device_response_extended_field_device_status_function_check
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_extended_field_device_status_out_of_specification;help:poll_sub_device_response_extended_field_device_status_out_of_specification
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_failure=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_failure;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_extended_field_device_status_failure;help:poll_sub_device_response_extended_field_device_status_failure
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_extended_field_device_status_critical_power_failure;help:poll_sub_device_response_extended_field_device_status_critical_power_failure
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_extended_field_device_status_device_variable_alert;help:poll_sub_device_response_extended_field_device_status_device_variable_alert
-zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_extended_field_device_status_maintenance_required;help:poll_sub_device_response_extended_field_device_status_maintenance_required
-zeek.hart_ip_common_commands.poll_sub_device_response_manufacturer_identification_code=db:zeek.hart_ip_common_commands.poll_sub_device_response_manufacturer_identification_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_manufacturer_identification_code;help:poll_sub_device_response_manufacturer_identification_code
-zeek.hart_ip_common_commands.poll_sub_device_response_private_label_distributor_code=db:zeek.hart_ip_common_commands.poll_sub_device_response_private_label_distributor_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_private_label_distributor_code;help:poll_sub_device_response_private_label_distributor_code
-zeek.hart_ip_common_commands.poll_sub_device_response_device_profile=db:zeek.hart_ip_common_commands.poll_sub_device_response_device_profile;group:zeek_hart_ip_common_commands;kind:termfield;friendly:poll_sub_device_response_device_profile;help:poll_sub_device_response_device_profile
-zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_undefined_bits=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_undefined_bits;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_lock_device_state_response_lock_status_undefined_bits;help:read_lock_device_state_response_lock_status_undefined_bits
-zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_gateway=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_gateway;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_lock_device_state_response_lock_status_lock_gateway;help:read_lock_device_state_response_lock_status_lock_gateway
-zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_configuration_locked=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_configuration_locked;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_lock_device_state_response_lock_status_configuration_locked;help:read_lock_device_state_response_lock_status_configuration_locked
-zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_primary=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_primary;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_lock_device_state_response_lock_status_lock_primary;help:read_lock_device_state_response_lock_status_lock_primary
-zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_permanent=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_permanent;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_lock_device_state_response_lock_status_lock_permanent;help:read_lock_device_state_response_lock_status_lock_permanent
-zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_device_locked=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_device_locked;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_lock_device_state_response_lock_status_device_locked;help:read_lock_device_state_response_lock_status_device_locked
-zeek.hart_ip_common_commands.write_device_variable_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_device_variable_code;help:write_device_variable_device_variable_code
-zeek.hart_ip_common_commands.write_device_variable_write_device_variable_command_code=db:zeek.hart_ip_common_commands.write_device_variable_write_device_variable_command_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_write_device_variable_command_code;help:write_device_variable_write_device_variable_command_code
-zeek.hart_ip_common_commands.write_device_variable_units_code=db:zeek.hart_ip_common_commands.write_device_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_units_code;help:write_device_variable_units_code
-zeek.hart_ip_common_commands.write_device_variable_device_variable_value=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_device_variable_value;help:write_device_variable_device_variable_value
-zeek.hart_ip_common_commands.write_device_variable_device_variable_status_process_data_status=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_process_data_status;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_device_variable_status_process_data_status;help:write_device_variable_device_variable_status_process_data_status
-zeek.hart_ip_common_commands.write_device_variable_device_variable_status_limit_status=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_limit_status;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_device_variable_status_limit_status;help:write_device_variable_device_variable_status_limit_status
-zeek.hart_ip_common_commands.write_device_variable_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_device_variable_status_more_device_variable_status_available;help:write_device_variable_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_common_commands.write_device_variable_device_variable_status_device_family_specific_status=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_device_family_specific_status;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_device_variable_status_device_family_specific_status;help:write_device_variable_device_variable_status_device_family_specific_status
-zeek.hart_ip_common_commands.read_device_variable_trim_points_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variable_trim_points_device_variable_code;help:read_device_variable_trim_points_device_variable_code
-zeek.hart_ip_common_commands.read_device_variable_trim_points_response_trim_points_units_code=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_response_trim_points_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_trim_points_response_trim_points_units_code;help:read_device_variable_trim_points_response_trim_points_units_code
-zeek.hart_ip_common_commands.read_device_variable_trim_points_response_lower_or_single_trim_point=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_response_lower_or_single_trim_point;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_trim_points_response_lower_or_single_trim_point;help:read_device_variable_trim_points_response_lower_or_single_trim_point
-zeek.hart_ip_common_commands.read_device_variable_trim_points_response_upper_trim_point=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_response_upper_trim_point;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_device_variable_trim_points_response_upper_trim_point;help:read_device_variable_trim_points_response_upper_trim_point
-zeek.hart_ip_common_commands.read_device_variable_trim_guidelines_device_variable_guidelines=db:zeek.hart_ip_common_commands.read_device_variable_trim_guidelines_device_variable_guidelines;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_device_variable_trim_guidelines_device_variable_guidelines;help:read_device_variable_trim_guidelines_device_variable_guidelines
-zeek.hart_ip_common_commands.write_device_variable_trim_point_device_variable_to_trim=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_device_variable_to_trim;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_device_variable_trim_point_device_variable_to_trim;help:write_device_variable_trim_point_device_variable_to_trim
-zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_trim_point_trim_point;help:write_device_variable_trim_point_trim_point
-zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_points_units_code=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_points_units_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_trim_point_trim_points_units_code;help:write_device_variable_trim_point_trim_points_units_code
-zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point_value=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point_value;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_device_variable_trim_point_trim_point_value;help:write_device_variable_trim_point_trim_point_value
-zeek.hart_ip_common_commands.reset_device_variable_trim_device_variable_trim_to_reset=db:zeek.hart_ip_common_commands.reset_device_variable_trim_device_variable_trim_to_reset;group:zeek_hart_ip_common_commands;kind:integer;friendly:reset_device_variable_trim_device_variable_trim_to_reset;help:reset_device_variable_trim_device_variable_trim_to_reset
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_sub_device_index=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_sub_device_index;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_identity_summary_sub_device_index;help:read_sub_device_identity_summary_sub_device_index
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_io_card=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_io_card;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_identity_summary_response_io_card;help:read_sub_device_identity_summary_response_io_card
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_channel=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_channel;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_identity_summary_response_channel;help:read_sub_device_identity_summary_response_channel
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_manufacturer_identification_code=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_manufacturer_identification_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_sub_device_identity_summary_response_manufacturer_identification_code;help:read_sub_device_identity_summary_response_manufacturer_identification_code
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_expanded_device_type=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_expanded_device_type;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_sub_device_identity_summary_response_expanded_device_type;help:read_sub_device_identity_summary_response_expanded_device_type
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_id=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_id;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_identity_summary_response_device_id;help:read_sub_device_identity_summary_response_device_id
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_universal_command_revision_level=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_universal_command_revision_level;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_identity_summary_response_universal_command_revision_level;help:read_sub_device_identity_summary_response_universal_command_revision_level
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_long_tag=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_long_tag;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_sub_device_identity_summary_response_long_tag;help:read_sub_device_identity_summary_response_long_tag
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_revision=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_revision;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_identity_summary_response_device_revision;help:read_sub_device_identity_summary_response_device_revision
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_profile=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_profile;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_sub_device_identity_summary_response_device_profile;help:read_sub_device_identity_summary_response_device_profile
-zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_private_label_distributor_code=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_private_label_distributor_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:read_sub_device_identity_summary_response_private_label_distributor_code;help:read_sub_device_identity_summary_response_private_label_distributor_code
-zeek.hart_ip_common_commands.read_io_channel_statistics_io_card=db:zeek.hart_ip_common_commands.read_io_channel_statistics_io_card;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_io_card;help:read_io_channel_statistics_io_card
-zeek.hart_ip_common_commands.read_io_channel_statistics_channel=db:zeek.hart_ip_common_commands.read_io_channel_statistics_channel;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_channel;help:read_io_channel_statistics_channel
-zeek.hart_ip_common_commands.read_io_channel_statistics_response_stx_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_stx_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_response_stx_count;help:read_io_channel_statistics_response_stx_count
-zeek.hart_ip_common_commands.read_io_channel_statistics_response_ack_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_ack_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_response_ack_count;help:read_io_channel_statistics_response_ack_count
-zeek.hart_ip_common_commands.read_io_channel_statistics_response_ostx_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_ostx_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_response_ostx_count;help:read_io_channel_statistics_response_ostx_count
-zeek.hart_ip_common_commands.read_io_channel_statistics_response_oack_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_oack_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_response_oack_count;help:read_io_channel_statistics_response_oack_count
-zeek.hart_ip_common_commands.read_io_channel_statistics_response_back_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_back_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_io_channel_statistics_response_back_count;help:read_io_channel_statistics_response_back_count
-zeek.hart_ip_common_commands.read_sub_device_statistics_sub_device_index=db:zeek.hart_ip_common_commands.read_sub_device_statistics_sub_device_index;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_statistics_sub_device_index;help:read_sub_device_statistics_sub_device_index
-zeek.hart_ip_common_commands.read_sub_device_statistics_response_stx_count=db:zeek.hart_ip_common_commands.read_sub_device_statistics_response_stx_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_statistics_response_stx_count;help:read_sub_device_statistics_response_stx_count
-zeek.hart_ip_common_commands.read_sub_device_statistics_response_ack_count=db:zeek.hart_ip_common_commands.read_sub_device_statistics_response_ack_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_statistics_response_ack_count;help:read_sub_device_statistics_response_ack_count
-zeek.hart_ip_common_commands.read_sub_device_statistics_response_back_count=db:zeek.hart_ip_common_commands.read_sub_device_statistics_response_back_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:read_sub_device_statistics_response_back_count;help:read_sub_device_statistics_response_back_count
-zeek.hart_ip_common_commands.write_io_system_master_mode_master_mode=db:zeek.hart_ip_common_commands.write_io_system_master_mode_master_mode;group:zeek_hart_ip_common_commands;kind:termfield;friendly:write_io_system_master_mode_master_mode;help:write_io_system_master_mode_master_mode
-zeek.hart_ip_common_commands.write_io_system_retry_count_retry_count=db:zeek.hart_ip_common_commands.write_io_system_retry_count_retry_count;group:zeek_hart_ip_common_commands;kind:integer;friendly:write_io_system_retry_count_retry_count;help:write_io_system_retry_count_retry_count
-zeek.hart_ip_common_commands.set_real_time_clock_time_set_code=db:zeek.hart_ip_common_commands.set_real_time_clock_time_set_code;group:zeek_hart_ip_common_commands;kind:termfield;friendly:set_real_time_clock_time_set_code;help:set_real_time_clock_time_set_code
-zeek.hart_ip_common_commands.set_real_time_clock_date=db:zeek.hart_ip_common_commands.set_real_time_clock_date;group:zeek_hart_ip_common_commands;kind:termfield;friendly:set_real_time_clock_date;help:set_real_time_clock_date
-zeek.hart_ip_common_commands.set_real_time_clock_time_of_day=db:zeek.hart_ip_common_commands.set_real_time_clock_time_of_day;group:zeek_hart_ip_common_commands;kind:termfield;friendly:set_real_time_clock_time_of_day;help:set_real_time_clock_time_of_day
-zeek.hart_ip_common_commands.set_real_time_clock_null_bytes=db:zeek.hart_ip_common_commands.set_real_time_clock_null_bytes;group:zeek_hart_ip_common_commands;kind:integer;friendly:set_real_time_clock_null_bytes;help:set_real_time_clock_null_bytes
+zeek.hart_ip_common_commands.read_device_variables_request_slot0_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot0_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_request_slot0_device_variable_code;help:read_device_variables_request_slot0_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_request_slot1_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot1_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_request_slot1_device_variable_code;help:read_device_variables_request_slot1_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_request_slot2_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot2_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_request_slot2_device_variable_code;help:read_device_variables_request_slot2_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_request_slot3_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_request_slot3_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_request_slot3_device_variable_code;help:read_device_variables_request_slot3_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_response_slot0_device_variable_code;help:read_device_variables_response_slot0_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot0_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot0_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot0_units_code;help:read_device_variables_response_slot0_units_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot0_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot0_device_variable;help:read_device_variables_response_slot0_device_variable
+zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_response_slot1_device_variable_code;help:read_device_variables_response_slot1_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot1_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot1_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot1_units_code;help:read_device_variables_response_slot1_units_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot1_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot1_device_variable;help:read_device_variables_response_slot1_device_variable
+zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_response_slot2_device_variable_code;help:read_device_variables_response_slot2_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot2_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot2_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot2_units_code;help:read_device_variables_response_slot2_units_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot2_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot2_device_variable;help:read_device_variables_response_slot2_device_variable
+zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variables_response_slot3_device_variable_code;help:read_device_variables_response_slot3_device_variable_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot3_units_code=db:zeek.hart_ip_common_commands.read_device_variables_response_slot3_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot3_units_code;help:read_device_variables_response_slot3_units_code
+zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable=db:zeek.hart_ip_common_commands.read_device_variables_response_slot3_device_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variables_response_slot3_device_variable;help:read_device_variables_response_slot3_device_variable
+zeek.hart_ip_common_commands.write_primary_variable_damping_value_pv_damping_value=db:zeek.hart_ip_common_commands.write_primary_variable_damping_value_pv_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_primary_variable_damping_value_pv_damping_value;help:write_primary_variable_damping_value_pv_damping_value
+zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code=db:zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code;help:write_primary_variable_range_values_pv_upper_and_lower_range_values_units_code
+zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_range_value=db:zeek.hart_ip_common_commands.write_primary_variable_range_values_pv_upper_range_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_primary_variable_range_values_pv_upper_range_value;help:write_primary_variable_range_values_pv_upper_range_value
+zeek.hart_ip_common_commands.write_primary_variable_range_values_p_v_lower_range_value=db:zeek.hart_ip_common_commands.write_primary_variable_range_values_p_v_lower_range_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_primary_variable_range_values_p_v_lower_range_value;help:write_primary_variable_range_values_p_v_lower_range_value
+zeek.hart_ip_common_commands.eeprom_control_eeprom_control_code=db:zeek.hart_ip_common_commands.eeprom_control_eeprom_control_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:eeprom_control_eeprom_control_code;help:eeprom_control_eeprom_control_code
+zeek.hart_ip_common_commands.enter_exit_fixed_current_mode_pv_fixed_current_level=db:zeek.hart_ip_common_commands.enter_exit_fixed_current_mode_pv_fixed_current_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:enter_exit_fixed_current_mode_pv_fixed_current_level;help:enter_exit_fixed_current_mode_pv_fixed_current_level
+zeek.hart_ip_common_commands.write_primary_variable_units_pv_unit_codes=db:zeek.hart_ip_common_commands.write_primary_variable_units_pv_unit_codes;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_primary_variable_units_pv_unit_codes;help:write_primary_variable_units_pv_unit_codes
+zeek.hart_ip_common_commands.trim_loop_current_zero_measured_pv_loop_current_level=db:zeek.hart_ip_common_commands.trim_loop_current_zero_measured_pv_loop_current_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:trim_loop_current_zero_measured_pv_loop_current_level;help:trim_loop_current_zero_measured_pv_loop_current_level
+zeek.hart_ip_common_commands.trim_loop_current_gain_measured_pv_loop_current_level=db:zeek.hart_ip_common_commands.trim_loop_current_gain_measured_pv_loop_current_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:trim_loop_current_gain_measured_pv_loop_current_level;help:trim_loop_current_gain_measured_pv_loop_current_level
+zeek.hart_ip_common_commands.write_primary_variable_transfer_function_p_v_transfer_function_code=db:zeek.hart_ip_common_commands.write_primary_variable_transfer_function_p_v_transfer_function_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_primary_variable_transfer_function_p_v_transfer_function_code;help:write_primary_variable_transfer_function_p_v_transfer_function_code
+zeek.hart_ip_common_commands.write_primary_variable_transducer_serial_number_pv_transducer_serial_number=db:zeek.hart_ip_common_commands.write_primary_variable_transducer_serial_number_pv_transducer_serial_number;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_primary_variable_transducer_serial_number_pv_transducer_serial_number;help:write_primary_variable_transducer_serial_number_pv_transducer_serial_number
+zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_primary_variable
+zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_secondary_variable
+zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_tertiary_variable
+zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable;help:read_dynamic_variable_assignments_response_device_variable_assigned_to_quaternary_variable
+zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_primary_variable
+zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_secondary_variable
+zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_tertiary_variable
+zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable=db:zeek.hart_ip_common_commands.write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable;help:write_dynamic_variable_assignments_device_variable_assigned_to_quaternary_variable
+zeek.hart_ip_common_commands.set_device_variable_zero_device_variable_zeroed=db:zeek.hart_ip_common_commands.set_device_variable_zero_device_variable_zeroed;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:set_device_variable_zero_device_variable_zeroed;help:set_device_variable_zero_device_variable_zeroed
+zeek.hart_ip_common_commands.write_device_variable_units_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_units_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_units_device_variable_code;help:write_device_variable_units_device_variable_code
+zeek.hart_ip_common_commands.write_device_variable_units_device_variable_units_code=db:zeek.hart_ip_common_commands.write_device_variable_units_device_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_units_device_variable_units_code;help:write_device_variable_units_device_variable_units_code
+zeek.hart_ip_common_commands.read_device_variable_information_request_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variable_information_request_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_information_request_device_variable_code;help:read_device_variable_information_request_device_variable_code
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_code;help:read_device_variable_information_response_device_variable_code
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_transducer_serial_number=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_transducer_serial_number;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_transducer_serial_number;help:read_device_variable_information_response_device_variable_transducer_serial_number
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_limits_minimum_span_units_code=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_limits_minimum_span_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_limits_minimum_span_units_code;help:read_device_variable_information_response_device_variable_limits_minimum_span_units_code
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_upper_transducer_limit=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_upper_transducer_limit;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_upper_transducer_limit;help:read_device_variable_information_response_device_variable_upper_transducer_limit
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_lower_transducer_limit=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_lower_transducer_limit;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_lower_transducer_limit;help:read_device_variable_information_response_device_variable_lower_transducer_limit
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_damping_value=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_damping_value;help:read_device_variable_information_response_device_variable_damping_value
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_minimum_span=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_minimum_span;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_minimum_span;help:read_device_variable_information_response_device_variable_minimum_span
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_classification=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_classification;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_classification;help:read_device_variable_information_response_device_variable_classification
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_family=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_family;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_family;help:read_device_variable_information_response_device_variable_family
+zeek.hart_ip_common_commands.read_device_variable_information_response_acquisition_period=db:zeek.hart_ip_common_commands.read_device_variable_information_response_acquisition_period;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_acquisition_period;help:read_device_variable_information_response_acquisition_period
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_simulated=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_simulated;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_properties_is_simulated;help:read_device_variable_information_response_device_variable_properties_is_simulated
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_undefined_bits_1_6=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_undefined_bits_1_6;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_properties_undefined_bits_1_6;help:read_device_variable_information_response_device_variable_properties_undefined_bits_1_6
+zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_input=db:zeek.hart_ip_common_commands.read_device_variable_information_response_device_variable_properties_is_input;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_information_response_device_variable_properties_is_input;help:read_device_variable_information_response_device_variable_properties_is_input
+zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_damping_value_device_variable_code;help:write_device_variable_damping_value_device_variable_code
+zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_damping_value=db:zeek.hart_ip_common_commands.write_device_variable_damping_value_device_variable_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_damping_value_device_variable_damping_value;help:write_device_variable_damping_value_device_variable_damping_value
+zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_transducer_serial_no_device_variable_code;help:write_device_variable_transducer_serial_no_device_variable_code
+zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_transducer_serial_number=db:zeek.hart_ip_common_commands.write_device_variable_transducer_serial_no_device_variable_transducer_serial_number;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_transducer_serial_no_device_variable_transducer_serial_number;help:write_device_variable_transducer_serial_no_device_variable_transducer_serial_number
+zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_tag=db:zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_tag;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_unit_tag_descriptor_date_response_unit_tag;help:read_unit_tag_descriptor_date_response_unit_tag
+zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_descriptor=db:zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_descriptor;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_unit_tag_descriptor_date_response_unit_descriptor;help:read_unit_tag_descriptor_date_response_unit_descriptor
+zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_date=db:zeek.hart_ip_common_commands.read_unit_tag_descriptor_date_response_unit_date;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_unit_tag_descriptor_date_response_unit_date;help:read_unit_tag_descriptor_date_response_unit_date
+zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_tag=db:zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_tag;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_unit_tag_descriptor_date_unit_tag;help:write_unit_tag_descriptor_date_unit_tag
+zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_descriptor=db:zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_descriptor;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_unit_tag_descriptor_date_unit_descriptor;help:write_unit_tag_descriptor_date_unit_descriptor
+zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_date=db:zeek.hart_ip_common_commands.write_unit_tag_descriptor_date_unit_date;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_unit_tag_descriptor_date_unit_date;help:write_unit_tag_descriptor_date_unit_date
+zeek.hart_ip_common_commands.write_number_of_response_preambles_number_of_preambles=db:zeek.hart_ip_common_commands.write_number_of_response_preambles_number_of_preambles;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_number_of_response_preambles_number_of_preambles;help:write_number_of_response_preambles_number_of_preambles
+zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_request_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_request_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_and_percent_of_range_request_analog_channel_number_code;help:read_analog_channel_and_percent_of_range_request_analog_channel_number_code
+zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_number_code;help:read_analog_channel_and_percent_of_range_response_analog_channel_number_code
+zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_units_code=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_units_code;help:read_analog_channel_and_percent_of_range_response_analog_channel_units_code
+zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_level=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_level;help:read_analog_channel_and_percent_of_range_response_analog_channel_level
+zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range=db:zeek.hart_ip_common_commands.read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range;help:read_analog_channel_and_percent_of_range_response_analog_channel_percent_of_range
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_channel_units_code
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_analog_level
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable_units_code
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_primary_variable
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable_units_code
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_secondary_variable
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable_units_code
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_tertiary_variable
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code;help:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable_units_code
+zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable=db:zeek.hart_ip_common_commands.read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable;help:read_dynamic_variables_and_primary_variable_analog_channel_response_quaternary_variable
+zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot0;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_request_analog_channel_number_code_slot0;help:read_analog_channels_request_analog_channel_number_code_slot0
+zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot1;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_request_analog_channel_number_code_slot1;help:read_analog_channels_request_analog_channel_number_code_slot1
+zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot2;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_request_analog_channel_number_code_slot2;help:read_analog_channels_request_analog_channel_number_code_slot2
+zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_request_analog_channel_number_code_slot3;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_request_analog_channel_number_code_slot3;help:read_analog_channels_request_analog_channel_number_code_slot3
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot0;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_number_code_slot0;help:read_analog_channels_response_analog_channel_number_code_slot0
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot0;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_units_code_slot0;help:read_analog_channels_response_analog_channel_units_code_slot0
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot0=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot0;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_level_slot0;help:read_analog_channels_response_analog_channel_level_slot0
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot1;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_number_code_slot1;help:read_analog_channels_response_analog_channel_number_code_slot1
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot1;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_units_code_slot1;help:read_analog_channels_response_analog_channel_units_code_slot1
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot1=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot1;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_level_slot1;help:read_analog_channels_response_analog_channel_level_slot1
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot2;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_number_code_slot2;help:read_analog_channels_response_analog_channel_number_code_slot2
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot2;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_units_code_slot2;help:read_analog_channels_response_analog_channel_units_code_slot2
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot2=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot2;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_level_slot2;help:read_analog_channels_response_analog_channel_level_slot2
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_number_code_slot3;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_number_code_slot3;help:read_analog_channels_response_analog_channel_number_code_slot3
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_units_code_slot3;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_units_code_slot3;help:read_analog_channels_response_analog_channel_units_code_slot3
+zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot3=db:zeek.hart_ip_common_commands.read_analog_channels_response_analog_channel_level_slot3;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channels_response_analog_channel_level_slot3;help:read_analog_channels_response_analog_channel_level_slot3
+zeek.hart_ip_common_commands.read_analog_channel_information_request_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_request_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_information_request_analog_channel_number_code;help:read_analog_channel_information_request_analog_channel_number_code
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_number_code;help:read_analog_channel_information_response_analog_channel_number_code
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_alarm_selection_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_alarm_selection_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_alarm_selection_code;help:read_analog_channel_information_response_analog_channel_alarm_selection_code
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_transfer_function_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_transfer_function_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_transfer_function_code;help:read_analog_channel_information_response_analog_channel_transfer_function_code
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code;help:read_analog_channel_information_response_analog_channel_upper_and_lower_range_values_units_code
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_range_value=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_upper_range_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_upper_range_value;help:read_analog_channel_information_response_analog_channel_upper_range_value
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_lower_range_value=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_lower_range_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_lower_range_value;help:read_analog_channel_information_response_analog_channel_lower_range_value
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_damping_value=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_damping_value;help:read_analog_channel_information_response_analog_channel_damping_value
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_simulated=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_simulated;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_flags_is_simulated;help:read_analog_channel_information_response_analog_channel_flags_is_simulated
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6;help:read_analog_channel_information_response_analog_channel_flags_undefined_bits_1_6
+zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_input=db:zeek.hart_ip_common_commands.read_analog_channel_information_response_analog_channel_flags_is_input;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_information_response_analog_channel_flags_is_input;help:read_analog_channel_information_response_analog_channel_flags_is_input
+zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_number_code=db:zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_analog_channel_additional_damping_value_analog_channel_number_code;help:write_analog_channel_additional_damping_value_analog_channel_number_code
+zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_damping_value=db:zeek.hart_ip_common_commands.write_analog_channel_additional_damping_value_analog_channel_damping_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_analog_channel_additional_damping_value_analog_channel_damping_value;help:write_analog_channel_additional_damping_value_analog_channel_damping_value
+zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_number_code=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_analog_channel_range_values_analog_channel_number_code;help:write_analog_channel_range_values_analog_channel_number_code
+zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code;help:write_analog_channel_range_values_analog_channel_upper_and_lower_range_values_units_code
+zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_range_value=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_upper_range_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_analog_channel_range_values_analog_channel_upper_range_value;help:write_analog_channel_range_values_analog_channel_upper_range_value
+zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_lower_range_value=db:zeek.hart_ip_common_commands.write_analog_channel_range_values_analog_channel_lower_range_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_analog_channel_range_values_analog_channel_lower_range_value;help:write_analog_channel_range_values_analog_channel_lower_range_value
+zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_number_code=db:zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:enter_exit_fixed_analog_channel_mode_analog_channel_number_code;help:enter_exit_fixed_analog_channel_mode_analog_channel_number_code
+zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_units_code=db:zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:enter_exit_fixed_analog_channel_mode_analog_channel_units_code;help:enter_exit_fixed_analog_channel_mode_analog_channel_units_code
+zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level=db:zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level;help:enter_exit_fixed_analog_channel_mode_fixed_analog_channel_level
+zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_number_code=db:zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:trim_analog_channel_zero_analog_channel_number_code;help:trim_analog_channel_zero_analog_channel_number_code
+zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_units_code=db:zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:trim_analog_channel_zero_analog_channel_units_code;help:trim_analog_channel_zero_analog_channel_units_code
+zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_level=db:zeek.hart_ip_common_commands.trim_analog_channel_zero_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:trim_analog_channel_zero_analog_channel_level;help:trim_analog_channel_zero_analog_channel_level
+zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_number_code=db:zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:trim_analog_channel_gain_analog_channel_number_code;help:trim_analog_channel_gain_analog_channel_number_code
+zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_units_code=db:zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:trim_analog_channel_gain_analog_channel_units_code;help:trim_analog_channel_gain_analog_channel_units_code
+zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_level=db:zeek.hart_ip_common_commands.trim_analog_channel_gain_analog_channel_level;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:trim_analog_channel_gain_analog_channel_level;help:trim_analog_channel_gain_analog_channel_level
+zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_number_code=db:zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_analog_channel_transfer_function_analog_channel_number_code;help:write_analog_channel_transfer_function_analog_channel_number_code
+zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_units_code=db:zeek.hart_ip_common_commands.write_analog_channel_transfer_function_analog_channel_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_analog_channel_transfer_function_analog_channel_units_code;help:write_analog_channel_transfer_function_analog_channel_units_code
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_request_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_request_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_endpoint_values_request_analog_channel_number_code;help:read_analog_channel_endpoint_values_request_analog_channel_number_code
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_number_code=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_number_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_analog_channel_endpoint_values_response_analog_channel_number_code;help:read_analog_channel_endpoint_values_response_analog_channel_number_code
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code;help:read_analog_channel_endpoint_values_response_analog_channel_upper_and_lower_endpoint_values_units_code
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value;help:read_analog_channel_endpoint_values_response_analog_channel_upper_endpoint_value
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value;help:read_analog_channel_endpoint_values_response_analog_channel_lower_endpoint_value
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value;help:read_analog_channel_endpoint_values_response_analog_channel_upper_limit_value
+zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value=db:zeek.hart_ip_common_commands.read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value;help:read_analog_channel_endpoint_values_response_analog_channel_lower_limit_value
+zeek.hart_ip_common_commands.lock_device_lock_code=db:zeek.hart_ip_common_commands.lock_device_lock_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:lock_device_lock_code;help:lock_device_lock_code
+zeek.hart_ip_common_commands.squawk_squawk_control=db:zeek.hart_ip_common_commands.squawk_squawk_control;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:squawk_squawk_control;help:squawk_squawk_control
+zeek.hart_ip_common_commands.find_device_response_254=db:zeek.hart_ip_common_commands.find_device_response_254;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_254;help:find_device_response_254
+zeek.hart_ip_common_commands.find_device_response_expanded_device_type=db:zeek.hart_ip_common_commands.find_device_response_expanded_device_type;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_expanded_device_type;help:find_device_response_expanded_device_type
+zeek.hart_ip_common_commands.find_device_response_minimum_preambles_master_slave=db:zeek.hart_ip_common_commands.find_device_response_minimum_preambles_master_slave;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_minimum_preambles_master_slave;help:find_device_response_minimum_preambles_master_slave
+zeek.hart_ip_common_commands.find_device_response_hart_protocol_major_revision=db:zeek.hart_ip_common_commands.find_device_response_hart_protocol_major_revision;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_hart_protocol_major_revision;help:find_device_response_hart_protocol_major_revision
+zeek.hart_ip_common_commands.find_device_response_device_revision_level=db:zeek.hart_ip_common_commands.find_device_response_device_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_device_revision_level;help:find_device_response_device_revision_level
+zeek.hart_ip_common_commands.find_device_response_software_revision_level=db:zeek.hart_ip_common_commands.find_device_response_software_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_software_revision_level;help:find_device_response_software_revision_level
+zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:find_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
+zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_common_commands.find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:find_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
+zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_c8_psk_in_multi_drop_only;help:find_device_response_flags_c8_psk_in_multi_drop_only
+zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_common_commands.find_device_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_c8_psk_capable_field_device;help:find_device_response_flags_c8_psk_capable_field_device
+zeek.hart_ip_common_commands.find_device_response_flags_undefined_5=db:zeek.hart_ip_common_commands.find_device_response_flags_undefined_5;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_undefined_5;help:find_device_response_flags_undefined_5
+zeek.hart_ip_common_commands.find_device_response_flags_safehart_capable_field_device=db:zeek.hart_ip_common_commands.find_device_response_flags_safehart_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_safehart_capable_field_device;help:find_device_response_flags_safehart_capable_field_device
+zeek.hart_ip_common_commands.find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_common_commands.find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:find_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
+zeek.hart_ip_common_commands.find_device_response_flags_protocol_bridge_device=db:zeek.hart_ip_common_commands.find_device_response_flags_protocol_bridge_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_protocol_bridge_device;help:find_device_response_flags_protocol_bridge_device
+zeek.hart_ip_common_commands.find_device_response_flags_eeprom_control=db:zeek.hart_ip_common_commands.find_device_response_flags_eeprom_control;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_eeprom_control;help:find_device_response_flags_eeprom_control
+zeek.hart_ip_common_commands.find_device_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_common_commands.find_device_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_flags_mutli_sensor_field_device;help:find_device_response_flags_mutli_sensor_field_device
+zeek.hart_ip_common_commands.find_device_response_device_id=db:zeek.hart_ip_common_commands.find_device_response_device_id;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_device_id;help:find_device_response_device_id
+zeek.hart_ip_common_commands.find_device_response_number_preambles_slave_master=db:zeek.hart_ip_common_commands.find_device_response_number_preambles_slave_master;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_number_preambles_slave_master;help:find_device_response_number_preambles_slave_master
+zeek.hart_ip_common_commands.find_device_response_last_device_variable_this=db:zeek.hart_ip_common_commands.find_device_response_last_device_variable_this;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_last_device_variable_this;help:find_device_response_last_device_variable_this
+zeek.hart_ip_common_commands.find_device_response_configuration_change_counter=db:zeek.hart_ip_common_commands.find_device_response_configuration_change_counter;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_configuration_change_counter;help:find_device_response_configuration_change_counter
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:find_device_response_extended_field_device_status_undefined_bits;help:find_device_response_extended_field_device_status_undefined_bits
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_function_check=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_function_check;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_extended_field_device_status_function_check;help:find_device_response_extended_field_device_status_function_check
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_extended_field_device_status_out_of_specification;help:find_device_response_extended_field_device_status_out_of_specification
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_failure=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_failure;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_extended_field_device_status_failure;help:find_device_response_extended_field_device_status_failure
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_extended_field_device_status_critical_power_failure;help:find_device_response_extended_field_device_status_critical_power_failure
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_extended_field_device_status_device_variable_alert;help:find_device_response_extended_field_device_status_device_variable_alert
+zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_common_commands.find_device_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_extended_field_device_status_maintenance_required;help:find_device_response_extended_field_device_status_maintenance_required
+zeek.hart_ip_common_commands.find_device_response_manufacturer_identification_code=db:zeek.hart_ip_common_commands.find_device_response_manufacturer_identification_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_manufacturer_identification_code;help:find_device_response_manufacturer_identification_code
+zeek.hart_ip_common_commands.find_device_response_private_label_distributor_code=db:zeek.hart_ip_common_commands.find_device_response_private_label_distributor_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_private_label_distributor_code;help:find_device_response_private_label_distributor_code
+zeek.hart_ip_common_commands.find_device_response_device_profile=db:zeek.hart_ip_common_commands.find_device_response_device_profile;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:find_device_response_device_profile;help:find_device_response_device_profile
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_io_cards=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_io_cards;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_system_capabilities_response_max_io_cards;help:read_io_system_capabilities_response_max_io_cards
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_channels_per_io_card=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_channels_per_io_card;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_system_capabilities_response_max_channels_per_io_card;help:read_io_system_capabilities_response_max_channels_per_io_card
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_sub_devices_per_channel=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_sub_devices_per_channel;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_system_capabilities_response_max_sub_devices_per_channel;help:read_io_system_capabilities_response_max_sub_devices_per_channel
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_number_of_devices_detected=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_number_of_devices_detected;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_system_capabilities_response_number_of_devices_detected;help:read_io_system_capabilities_response_number_of_devices_detected
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_delayed_responses_supported=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_max_delayed_responses_supported;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_system_capabilities_response_max_delayed_responses_supported;help:read_io_system_capabilities_response_max_delayed_responses_supported
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_master_mode=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_master_mode;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_io_system_capabilities_response_master_mode;help:read_io_system_capabilities_response_master_mode
+zeek.hart_ip_common_commands.read_io_system_capabilities_response_retry_count=db:zeek.hart_ip_common_commands.read_io_system_capabilities_response_retry_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_system_capabilities_response_retry_count;help:read_io_system_capabilities_response_retry_count
+zeek.hart_ip_common_commands.poll_sub_device_request_io_card=db:zeek.hart_ip_common_commands.poll_sub_device_request_io_card;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_request_io_card;help:poll_sub_device_request_io_card
+zeek.hart_ip_common_commands.poll_sub_device_request_channel=db:zeek.hart_ip_common_commands.poll_sub_device_request_channel;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_request_channel;help:poll_sub_device_request_channel
+zeek.hart_ip_common_commands.poll_sub_device_request_sub_device_polling_address=db:zeek.hart_ip_common_commands.poll_sub_device_request_sub_device_polling_address;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_request_sub_device_polling_address;help:poll_sub_device_request_sub_device_polling_address
+zeek.hart_ip_common_commands.poll_sub_device_response_254=db:zeek.hart_ip_common_commands.poll_sub_device_response_254;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_254;help:poll_sub_device_response_254
+zeek.hart_ip_common_commands.poll_sub_device_response_expanded_device_type=db:zeek.hart_ip_common_commands.poll_sub_device_response_expanded_device_type;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_expanded_device_type;help:poll_sub_device_response_expanded_device_type
+zeek.hart_ip_common_commands.poll_sub_device_response_minimum_preambles_master_slave=db:zeek.hart_ip_common_commands.poll_sub_device_response_minimum_preambles_master_slave;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_minimum_preambles_master_slave;help:poll_sub_device_response_minimum_preambles_master_slave
+zeek.hart_ip_common_commands.poll_sub_device_response_hart_protocol_major_revision=db:zeek.hart_ip_common_commands.poll_sub_device_response_hart_protocol_major_revision;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_hart_protocol_major_revision;help:poll_sub_device_response_hart_protocol_major_revision
+zeek.hart_ip_common_commands.poll_sub_device_response_device_revision_level=db:zeek.hart_ip_common_commands.poll_sub_device_response_device_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_device_revision_level;help:poll_sub_device_response_device_revision_level
+zeek.hart_ip_common_commands.poll_sub_device_response_software_revision_level=db:zeek.hart_ip_common_commands.poll_sub_device_response_software_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_software_revision_level;help:poll_sub_device_response_software_revision_level
+zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
+zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_common_commands.poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:poll_sub_device_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_c8_psk_in_multi_drop_only;help:poll_sub_device_response_flags_c8_psk_in_multi_drop_only
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_c8_psk_capable_field_device;help:poll_sub_device_response_flags_c8_psk_capable_field_device
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_undefined_5=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_undefined_5;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_undefined_5;help:poll_sub_device_response_flags_undefined_5
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_safehart_capable_field_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_safehart_capable_field_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_safehart_capable_field_device;help:poll_sub_device_response_flags_safehart_capable_field_device
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:poll_sub_device_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_protocol_bridge_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_protocol_bridge_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_protocol_bridge_device;help:poll_sub_device_response_flags_protocol_bridge_device
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_eeprom_control=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_eeprom_control;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_eeprom_control;help:poll_sub_device_response_flags_eeprom_control
+zeek.hart_ip_common_commands.poll_sub_device_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_common_commands.poll_sub_device_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_flags_mutli_sensor_field_device;help:poll_sub_device_response_flags_mutli_sensor_field_device
+zeek.hart_ip_common_commands.poll_sub_device_response_device_id=db:zeek.hart_ip_common_commands.poll_sub_device_response_device_id;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_device_id;help:poll_sub_device_response_device_id
+zeek.hart_ip_common_commands.poll_sub_device_response_number_preambles_slave_master=db:zeek.hart_ip_common_commands.poll_sub_device_response_number_preambles_slave_master;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_number_preambles_slave_master;help:poll_sub_device_response_number_preambles_slave_master
+zeek.hart_ip_common_commands.poll_sub_device_response_last_device_variable_this=db:zeek.hart_ip_common_commands.poll_sub_device_response_last_device_variable_this;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_last_device_variable_this;help:poll_sub_device_response_last_device_variable_this
+zeek.hart_ip_common_commands.poll_sub_device_response_configuration_change_counter=db:zeek.hart_ip_common_commands.poll_sub_device_response_configuration_change_counter;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_configuration_change_counter;help:poll_sub_device_response_configuration_change_counter
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_undefined_bits;help:poll_sub_device_response_extended_field_device_status_undefined_bits
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_function_check=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_function_check;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_function_check;help:poll_sub_device_response_extended_field_device_status_function_check
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_out_of_specification;help:poll_sub_device_response_extended_field_device_status_out_of_specification
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_failure=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_failure;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_failure;help:poll_sub_device_response_extended_field_device_status_failure
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_critical_power_failure;help:poll_sub_device_response_extended_field_device_status_critical_power_failure
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_device_variable_alert;help:poll_sub_device_response_extended_field_device_status_device_variable_alert
+zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_common_commands.poll_sub_device_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_extended_field_device_status_maintenance_required;help:poll_sub_device_response_extended_field_device_status_maintenance_required
+zeek.hart_ip_common_commands.poll_sub_device_response_manufacturer_identification_code=db:zeek.hart_ip_common_commands.poll_sub_device_response_manufacturer_identification_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_manufacturer_identification_code;help:poll_sub_device_response_manufacturer_identification_code
+zeek.hart_ip_common_commands.poll_sub_device_response_private_label_distributor_code=db:zeek.hart_ip_common_commands.poll_sub_device_response_private_label_distributor_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_private_label_distributor_code;help:poll_sub_device_response_private_label_distributor_code
+zeek.hart_ip_common_commands.poll_sub_device_response_device_profile=db:zeek.hart_ip_common_commands.poll_sub_device_response_device_profile;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:poll_sub_device_response_device_profile;help:poll_sub_device_response_device_profile
+zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_undefined_bits=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_undefined_bits;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_lock_device_state_response_lock_status_undefined_bits;help:read_lock_device_state_response_lock_status_undefined_bits
+zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_gateway=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_gateway;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_lock_device_state_response_lock_status_lock_gateway;help:read_lock_device_state_response_lock_status_lock_gateway
+zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_configuration_locked=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_configuration_locked;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_lock_device_state_response_lock_status_configuration_locked;help:read_lock_device_state_response_lock_status_configuration_locked
+zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_primary=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_primary;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_lock_device_state_response_lock_status_lock_primary;help:read_lock_device_state_response_lock_status_lock_primary
+zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_permanent=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_lock_permanent;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_lock_device_state_response_lock_status_lock_permanent;help:read_lock_device_state_response_lock_status_lock_permanent
+zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_device_locked=db:zeek.hart_ip_common_commands.read_lock_device_state_response_lock_status_device_locked;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_lock_device_state_response_lock_status_device_locked;help:read_lock_device_state_response_lock_status_device_locked
+zeek.hart_ip_common_commands.write_device_variable_device_variable_code=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_device_variable_code;help:write_device_variable_device_variable_code
+zeek.hart_ip_common_commands.write_device_variable_write_device_variable_command_code=db:zeek.hart_ip_common_commands.write_device_variable_write_device_variable_command_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_write_device_variable_command_code;help:write_device_variable_write_device_variable_command_code
+zeek.hart_ip_common_commands.write_device_variable_units_code=db:zeek.hart_ip_common_commands.write_device_variable_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_units_code;help:write_device_variable_units_code
+zeek.hart_ip_common_commands.write_device_variable_device_variable_value=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_device_variable_value;help:write_device_variable_device_variable_value
+zeek.hart_ip_common_commands.write_device_variable_device_variable_status_process_data_status=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_process_data_status;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_device_variable_status_process_data_status;help:write_device_variable_device_variable_status_process_data_status
+zeek.hart_ip_common_commands.write_device_variable_device_variable_status_limit_status=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_limit_status;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_device_variable_status_limit_status;help:write_device_variable_device_variable_status_limit_status
+zeek.hart_ip_common_commands.write_device_variable_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_device_variable_status_more_device_variable_status_available;help:write_device_variable_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_common_commands.write_device_variable_device_variable_status_device_family_specific_status=db:zeek.hart_ip_common_commands.write_device_variable_device_variable_status_device_family_specific_status;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_device_variable_status_device_family_specific_status;help:write_device_variable_device_variable_status_device_family_specific_status
+zeek.hart_ip_common_commands.read_device_variable_trim_points_device_variable_code=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_device_variable_code;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_trim_points_device_variable_code;help:read_device_variable_trim_points_device_variable_code
+zeek.hart_ip_common_commands.read_device_variable_trim_points_response_trim_points_units_code=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_response_trim_points_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_trim_points_response_trim_points_units_code;help:read_device_variable_trim_points_response_trim_points_units_code
+zeek.hart_ip_common_commands.read_device_variable_trim_points_response_lower_or_single_trim_point=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_response_lower_or_single_trim_point;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_trim_points_response_lower_or_single_trim_point;help:read_device_variable_trim_points_response_lower_or_single_trim_point
+zeek.hart_ip_common_commands.read_device_variable_trim_points_response_upper_trim_point=db:zeek.hart_ip_common_commands.read_device_variable_trim_points_response_upper_trim_point;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_trim_points_response_upper_trim_point;help:read_device_variable_trim_points_response_upper_trim_point
+zeek.hart_ip_common_commands.read_device_variable_trim_guidelines_device_variable_guidelines=db:zeek.hart_ip_common_commands.read_device_variable_trim_guidelines_device_variable_guidelines;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_trim_guidelines_device_variable_guidelines;help:read_device_variable_trim_guidelines_device_variable_guidelines
+zeek.hart_ip_common_commands.write_device_variable_trim_point_device_variable_to_trim=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_device_variable_to_trim;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_device_variable_trim_point_device_variable_to_trim;help:write_device_variable_trim_point_device_variable_to_trim
+zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_trim_point_trim_point;help:write_device_variable_trim_point_trim_point
+zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_points_units_code=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_points_units_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_trim_point_trim_points_units_code;help:write_device_variable_trim_point_trim_points_units_code
+zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point_value=db:zeek.hart_ip_common_commands.write_device_variable_trim_point_trim_point_value;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_device_variable_trim_point_trim_point_value;help:write_device_variable_trim_point_trim_point_value
+zeek.hart_ip_common_commands.reset_device_variable_trim_device_variable_trim_to_reset=db:zeek.hart_ip_common_commands.reset_device_variable_trim_device_variable_trim_to_reset;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:reset_device_variable_trim_device_variable_trim_to_reset;help:reset_device_variable_trim_device_variable_trim_to_reset
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_sub_device_index=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_sub_device_index;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_identity_summary_sub_device_index;help:read_sub_device_identity_summary_sub_device_index
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_io_card=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_io_card;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_identity_summary_response_io_card;help:read_sub_device_identity_summary_response_io_card
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_channel=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_channel;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_identity_summary_response_channel;help:read_sub_device_identity_summary_response_channel
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_manufacturer_identification_code=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_manufacturer_identification_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_sub_device_identity_summary_response_manufacturer_identification_code;help:read_sub_device_identity_summary_response_manufacturer_identification_code
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_expanded_device_type=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_expanded_device_type;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_sub_device_identity_summary_response_expanded_device_type;help:read_sub_device_identity_summary_response_expanded_device_type
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_id=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_id;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_identity_summary_response_device_id;help:read_sub_device_identity_summary_response_device_id
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_universal_command_revision_level=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_universal_command_revision_level;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_identity_summary_response_universal_command_revision_level;help:read_sub_device_identity_summary_response_universal_command_revision_level
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_long_tag=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_long_tag;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_sub_device_identity_summary_response_long_tag;help:read_sub_device_identity_summary_response_long_tag
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_revision=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_revision;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_identity_summary_response_device_revision;help:read_sub_device_identity_summary_response_device_revision
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_profile=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_device_profile;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_sub_device_identity_summary_response_device_profile;help:read_sub_device_identity_summary_response_device_profile
+zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_private_label_distributor_code=db:zeek.hart_ip_common_commands.read_sub_device_identity_summary_response_private_label_distributor_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:read_sub_device_identity_summary_response_private_label_distributor_code;help:read_sub_device_identity_summary_response_private_label_distributor_code
+zeek.hart_ip_common_commands.read_io_channel_statistics_io_card=db:zeek.hart_ip_common_commands.read_io_channel_statistics_io_card;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_io_card;help:read_io_channel_statistics_io_card
+zeek.hart_ip_common_commands.read_io_channel_statistics_channel=db:zeek.hart_ip_common_commands.read_io_channel_statistics_channel;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_channel;help:read_io_channel_statistics_channel
+zeek.hart_ip_common_commands.read_io_channel_statistics_response_stx_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_stx_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_response_stx_count;help:read_io_channel_statistics_response_stx_count
+zeek.hart_ip_common_commands.read_io_channel_statistics_response_ack_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_ack_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_response_ack_count;help:read_io_channel_statistics_response_ack_count
+zeek.hart_ip_common_commands.read_io_channel_statistics_response_ostx_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_ostx_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_response_ostx_count;help:read_io_channel_statistics_response_ostx_count
+zeek.hart_ip_common_commands.read_io_channel_statistics_response_oack_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_oack_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_response_oack_count;help:read_io_channel_statistics_response_oack_count
+zeek.hart_ip_common_commands.read_io_channel_statistics_response_back_count=db:zeek.hart_ip_common_commands.read_io_channel_statistics_response_back_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_io_channel_statistics_response_back_count;help:read_io_channel_statistics_response_back_count
+zeek.hart_ip_common_commands.read_sub_device_statistics_sub_device_index=db:zeek.hart_ip_common_commands.read_sub_device_statistics_sub_device_index;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_statistics_sub_device_index;help:read_sub_device_statistics_sub_device_index
+zeek.hart_ip_common_commands.read_sub_device_statistics_response_stx_count=db:zeek.hart_ip_common_commands.read_sub_device_statistics_response_stx_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_statistics_response_stx_count;help:read_sub_device_statistics_response_stx_count
+zeek.hart_ip_common_commands.read_sub_device_statistics_response_ack_count=db:zeek.hart_ip_common_commands.read_sub_device_statistics_response_ack_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_statistics_response_ack_count;help:read_sub_device_statistics_response_ack_count
+zeek.hart_ip_common_commands.read_sub_device_statistics_response_back_count=db:zeek.hart_ip_common_commands.read_sub_device_statistics_response_back_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:read_sub_device_statistics_response_back_count;help:read_sub_device_statistics_response_back_count
+zeek.hart_ip_common_commands.write_io_system_master_mode_master_mode=db:zeek.hart_ip_common_commands.write_io_system_master_mode_master_mode;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:write_io_system_master_mode_master_mode;help:write_io_system_master_mode_master_mode
+zeek.hart_ip_common_commands.write_io_system_retry_count_retry_count=db:zeek.hart_ip_common_commands.write_io_system_retry_count_retry_count;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:write_io_system_retry_count_retry_count;help:write_io_system_retry_count_retry_count
+zeek.hart_ip_common_commands.set_real_time_clock_time_set_code=db:zeek.hart_ip_common_commands.set_real_time_clock_time_set_code;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:set_real_time_clock_time_set_code;help:set_real_time_clock_time_set_code
+zeek.hart_ip_common_commands.set_real_time_clock_date=db:zeek.hart_ip_common_commands.set_real_time_clock_date;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:set_real_time_clock_date;help:set_real_time_clock_date
+zeek.hart_ip_common_commands.set_real_time_clock_time_of_day=db:zeek.hart_ip_common_commands.set_real_time_clock_time_of_day;group:zeek_hart_ip_common_commands;kind:termfield;viewerOnly:true;friendly:set_real_time_clock_time_of_day;help:set_real_time_clock_time_of_day
+zeek.hart_ip_common_commands.set_real_time_clock_null_bytes=db:zeek.hart_ip_common_commands.set_real_time_clock_null_bytes;group:zeek_hart_ip_common_commands;kind:integer;viewerOnly:true;friendly:set_real_time_clock_null_bytes;help:set_real_time_clock_null_bytes
 
 # hart_ip_direct_pdu_command.log
 # https://github.com/cisagov/icsnpp-hart-ip
-zeek.hart_ip_direct_pdu_command.direct_pdu_command_data_data=db:zeek.hart_ip_direct_pdu_command.direct_pdu_command_data_data;group:zeek_hart_ip_direct_pdu_command;kind:termfield;friendly:direct_pdu_command_data_data;help:direct_pdu_command_data_data
-zeek.hart_ip_direct_pdu_command.direct_pdu_command_command_number=db:zeek.hart_ip_direct_pdu_command.direct_pdu_command_command_number;group:zeek_hart_ip_direct_pdu_command;kind:termfield;friendly:direct_pdu_command_command_number;help:direct_pdu_command_command_number
-zeek.hart_ip_direct_pdu_command.direct_pdu_command_byte_count=db:zeek.hart_ip_direct_pdu_command.direct_pdu_command_byte_count;group:zeek_hart_ip_direct_pdu_command;kind:integer;friendly:direct_pdu_command_byte_count;help:direct_pdu_command_byte_count
-zeek.hart_ip_direct_pdu_command.direct_pdu_contents_response_response_code=db:zeek.hart_ip_direct_pdu_command.direct_pdu_contents_response_response_code;group:zeek_hart_ip_direct_pdu_command;kind:integer;friendly:direct_pdu_contents_response_response_code;help:direct_pdu_contents_response_response_code
+zeek.hart_ip_direct_pdu_command.direct_pdu_command_data_data=db:zeek.hart_ip_direct_pdu_command.direct_pdu_command_data_data;group:zeek_hart_ip_direct_pdu_command;kind:termfield;viewerOnly:true;friendly:direct_pdu_command_data_data;help:direct_pdu_command_data_data
+zeek.hart_ip_direct_pdu_command.direct_pdu_command_command_number=db:zeek.hart_ip_direct_pdu_command.direct_pdu_command_command_number;group:zeek_hart_ip_direct_pdu_command;kind:termfield;viewerOnly:true;friendly:direct_pdu_command_command_number;help:direct_pdu_command_command_number
+zeek.hart_ip_direct_pdu_command.direct_pdu_command_byte_count=db:zeek.hart_ip_direct_pdu_command.direct_pdu_command_byte_count;group:zeek_hart_ip_direct_pdu_command;kind:integer;viewerOnly:true;friendly:direct_pdu_command_byte_count;help:direct_pdu_command_byte_count
+zeek.hart_ip_direct_pdu_command.direct_pdu_contents_response_response_code=db:zeek.hart_ip_direct_pdu_command.direct_pdu_contents_response_response_code;group:zeek_hart_ip_direct_pdu_command;kind:integer;viewerOnly:true;friendly:direct_pdu_contents_response_response_code;help:direct_pdu_contents_response_response_code
 
 # hart_ip.log
 # https://github.com/cisagov/icsnpp-hart-ip
-zeek.hart_ip.command_number_link_id=db:zeek.hart_ip.command_number_link_id;group:zeek_hart_ip;kind:termfield;friendly:command_number_link_id;help:command_number_link_id
-zeek.hart_ip.direct_pdu_command_link_id=db:zeek.hart_ip.direct_pdu_command_link_id;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_command_link_id;help:direct_pdu_command_link_id
-zeek.hart_ip.session_log_record_link_id=db:zeek.hart_ip.session_log_record_link_id;group:zeek_hart_ip;kind:termfield;friendly:session_log_record_link_id;help:session_log_record_link_id
-zeek.hart_ip.message_packet_bytes=db:zeek.hart_ip.message_packet_bytes;group:zeek_hart_ip;kind:termfield;friendly:message_packet_bytes;help:message_packet_bytes
-zeek.hart_ip.header_version=db:zeek.hart_ip.header_version;group:zeek_hart_ip;kind:integer;friendly:header_version;help:header_version
-zeek.hart_ip.header_message_type_reserved=db:zeek.hart_ip.header_message_type_reserved;group:zeek_hart_ip;kind:integer;friendly:header_message_type_reserved;help:header_message_type_reserved
-zeek.hart_ip.header_message_type_message_type=db:zeek.hart_ip.header_message_type_message_type;group:zeek_hart_ip;kind:termfield;friendly:header_message_type_message_type;help:header_message_type_message_type
-zeek.hart_ip.header_message_id=db:zeek.hart_ip.header_message_id;group:zeek_hart_ip;kind:termfield;friendly:header_message_id;help:header_message_id
-zeek.hart_ip.header_status_code=db:zeek.hart_ip.header_status_code;group:zeek_hart_ip;kind:termfield;friendly:header_status_code;help:header_status_code
-zeek.hart_ip.header_sequence_number=db:zeek.hart_ip.header_sequence_number;group:zeek_hart_ip;kind:integer;friendly:header_sequence_number;help:header_sequence_number
-zeek.hart_ip.header_length=db:zeek.hart_ip.header_length;group:zeek_hart_ip;kind:integer;friendly:header_length;help:header_length
-zeek.hart_ip.session_initiate_master_type=db:zeek.hart_ip.session_initiate_master_type;group:zeek_hart_ip;kind:integer;friendly:session_initiate_master_type;help:session_initiate_master_type
-zeek.hart_ip.session_initiate_inactivity_close_timer=db:zeek.hart_ip.session_initiate_inactivity_close_timer;group:zeek_hart_ip;kind:integer;friendly:session_initiate_inactivity_close_timer;help:session_initiate_inactivity_close_timer
-zeek.hart_ip.token_passing_pdu_delimiter_address_type=db:zeek.hart_ip.token_passing_pdu_delimiter_address_type;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_delimiter_address_type;help:token_passing_pdu_delimiter_address_type
-zeek.hart_ip.token_passing_pdu_delimiter_expansion_bytes=db:zeek.hart_ip.token_passing_pdu_delimiter_expansion_bytes;group:zeek_hart_ip;kind:integer;friendly:token_passing_pdu_delimiter_expansion_bytes;help:token_passing_pdu_delimiter_expansion_bytes
-zeek.hart_ip.token_passing_pdu_delimiter_physical_layer_type=db:zeek.hart_ip.token_passing_pdu_delimiter_physical_layer_type;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_delimiter_physical_layer_type;help:token_passing_pdu_delimiter_physical_layer_type
-zeek.hart_ip.token_passing_pdu_delimiter_frame_type=db:zeek.hart_ip.token_passing_pdu_delimiter_frame_type;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_delimiter_frame_type;help:token_passing_pdu_delimiter_frame_type
-zeek.hart_ip.token_passing_pdu_address_v4=db:zeek.hart_ip.token_passing_pdu_address_v4;group:zeek_hart_ip;kind:integer;friendly:token_passing_pdu_address_v4;help:token_passing_pdu_address_v4
-zeek.hart_ip.token_passing_pdu_address_v6=db:zeek.hart_ip.token_passing_pdu_address_v6;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_address_v6;help:token_passing_pdu_address_v6
-zeek.hart_ip.token_passing_pdu_command_number=db:zeek.hart_ip.token_passing_pdu_command_number;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_command_number;help:token_passing_pdu_command_number
-zeek.hart_ip.token_passing_pdu_byte_count=db:zeek.hart_ip.token_passing_pdu_byte_count;group:zeek_hart_ip;kind:integer;friendly:token_passing_pdu_byte_count;help:token_passing_pdu_byte_count
-zeek.hart_ip.token_passing_pdu_check_byte=db:zeek.hart_ip.token_passing_pdu_check_byte;group:zeek_hart_ip;kind:integer;friendly:token_passing_pdu_check_byte;help:token_passing_pdu_check_byte
-zeek.hart_ip.token_passing_pdu_contents_data_data=db:zeek.hart_ip.token_passing_pdu_contents_data_data;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_data_data;help:token_passing_pdu_contents_data_data
-zeek.hart_ip.token_passing_pdu_contents_response_response_code=db:zeek.hart_ip.token_passing_pdu_contents_response_response_code;group:zeek_hart_ip;kind:integer;friendly:token_passing_pdu_contents_response_response_code;help:token_passing_pdu_contents_response_response_code
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_device_malfunction=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_device_malfunction;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_device_malfunction;help:token_passing_pdu_contents_response_device_status_device_malfunction
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_configuration_changed=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_configuration_changed;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_configuration_changed;help:token_passing_pdu_contents_response_device_status_configuration_changed
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_cold_start=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_cold_start;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_cold_start;help:token_passing_pdu_contents_response_device_status_cold_start
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_more_status_available=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_more_status_available;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_more_status_available;help:token_passing_pdu_contents_response_device_status_more_status_available
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_fixed=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_fixed;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_loop_current_fixed;help:token_passing_pdu_contents_response_device_status_loop_current_fixed
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_saturated=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_saturated;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_loop_current_saturated;help:token_passing_pdu_contents_response_device_status_loop_current_saturated
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits;help:token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits
-zeek.hart_ip.token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;friendly:token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits;help:token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits
-zeek.hart_ip.direct_pdu_device_status_device_malfunction=db:zeek.hart_ip.direct_pdu_device_status_device_malfunction;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_device_malfunction;help:direct_pdu_device_status_device_malfunction
-zeek.hart_ip.direct_pdu_device_status_configuration_changed=db:zeek.hart_ip.direct_pdu_device_status_configuration_changed;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_configuration_changed;help:direct_pdu_device_status_configuration_changed
-zeek.hart_ip.direct_pdu_device_status_cold_start=db:zeek.hart_ip.direct_pdu_device_status_cold_start;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_cold_start;help:direct_pdu_device_status_cold_start
-zeek.hart_ip.direct_pdu_device_status_more_status_available=db:zeek.hart_ip.direct_pdu_device_status_more_status_available;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_more_status_available;help:direct_pdu_device_status_more_status_available
-zeek.hart_ip.direct_pdu_device_status_loop_current_fixed=db:zeek.hart_ip.direct_pdu_device_status_loop_current_fixed;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_loop_current_fixed;help:direct_pdu_device_status_loop_current_fixed
-zeek.hart_ip.direct_pdu_device_status_loop_current_saturated=db:zeek.hart_ip.direct_pdu_device_status_loop_current_saturated;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_loop_current_saturated;help:direct_pdu_device_status_loop_current_saturated
-zeek.hart_ip.direct_pdu_device_status_non_primary_variable_out_of_limits=db:zeek.hart_ip.direct_pdu_device_status_non_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_non_primary_variable_out_of_limits;help:direct_pdu_device_status_non_primary_variable_out_of_limits
-zeek.hart_ip.direct_pdu_device_status_primary_variable_out_of_limits=db:zeek.hart_ip.direct_pdu_device_status_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_device_status_primary_variable_out_of_limits;help:direct_pdu_device_status_primary_variable_out_of_limits
-zeek.hart_ip.direct_pdu_extended_status_undefined_bits=db:zeek.hart_ip.direct_pdu_extended_status_undefined_bits;group:zeek_hart_ip;kind:integer;friendly:direct_pdu_extended_status_undefined_bits;help:direct_pdu_extended_status_undefined_bits
-zeek.hart_ip.direct_pdu_extended_status_function_check=db:zeek.hart_ip.direct_pdu_extended_status_function_check;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_extended_status_function_check;help:direct_pdu_extended_status_function_check
-zeek.hart_ip.direct_pdu_extended_status_out_of_specification=db:zeek.hart_ip.direct_pdu_extended_status_out_of_specification;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_extended_status_out_of_specification;help:direct_pdu_extended_status_out_of_specification
-zeek.hart_ip.direct_pdu_extended_status_failure=db:zeek.hart_ip.direct_pdu_extended_status_failure;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_extended_status_failure;help:direct_pdu_extended_status_failure
-zeek.hart_ip.direct_pdu_extended_status_critical_power_failure=db:zeek.hart_ip.direct_pdu_extended_status_critical_power_failure;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_extended_status_critical_power_failure;help:direct_pdu_extended_status_critical_power_failure
-zeek.hart_ip.direct_pdu_extended_status_device_variable_alert=db:zeek.hart_ip.direct_pdu_extended_status_device_variable_alert;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_extended_status_device_variable_alert;help:direct_pdu_extended_status_device_variable_alert
-zeek.hart_ip.direct_pdu_extended_status_maintenance_required=db:zeek.hart_ip.direct_pdu_extended_status_maintenance_required;group:zeek_hart_ip;kind:termfield;friendly:direct_pdu_extended_status_maintenance_required;help:direct_pdu_extended_status_maintenance_required
-zeek.hart_ip.read_audit_log_start_record=db:zeek.hart_ip.read_audit_log_start_record;group:zeek_hart_ip;kind:integer;friendly:read_audit_log_start_record;help:read_audit_log_start_record
-zeek.hart_ip.read_audit_log_number_of_records=db:zeek.hart_ip.read_audit_log_number_of_records;group:zeek_hart_ip;kind:integer;friendly:read_audit_log_number_of_records;help:read_audit_log_number_of_records
-zeek.hart_ip.read_audit_log_power_up_time=db:zeek.hart_ip.read_audit_log_power_up_time;group:zeek_hart_ip;kind:integer;friendly:read_audit_log_power_up_time;help:read_audit_log_power_up_time
-zeek.hart_ip.read_audit_log_last_security_change=db:zeek.hart_ip.read_audit_log_last_security_change;group:zeek_hart_ip;kind:integer;friendly:read_audit_log_last_security_change;help:read_audit_log_last_security_change
-zeek.hart_ip.read_audit_log_server_status_undefined_bits=db:zeek.hart_ip.read_audit_log_server_status_undefined_bits;group:zeek_hart_ip;kind:integer;friendly:read_audit_log_server_status_undefined_bits;help:read_audit_log_server_status_undefined_bits
-zeek.hart_ip.read_audit_log_server_status_insecure_syslog_connection=db:zeek.hart_ip.read_audit_log_server_status_insecure_syslog_connection;group:zeek_hart_ip;kind:termfield;friendly:read_audit_log_server_status_insecure_syslog_connection;help:read_audit_log_server_status_insecure_syslog_connection
-zeek.hart_ip.read_audit_log_server_status_syslog_server_located_but_connection_failed=db:zeek.hart_ip.read_audit_log_server_status_syslog_server_located_but_connection_failed;group:zeek_hart_ip;kind:termfield;friendly:read_audit_log_server_status_syslog_server_located_but_connection_failed;help:read_audit_log_server_status_syslog_server_located_but_connection_failed
-zeek.hart_ip.read_audit_log_server_status_unable_to_locate_syslog_server=db:zeek.hart_ip.read_audit_log_server_status_unable_to_locate_syslog_server;group:zeek_hart_ip;kind:termfield;friendly:read_audit_log_server_status_unable_to_locate_syslog_server;help:read_audit_log_server_status_unable_to_locate_syslog_server
-zeek.hart_ip.read_audit_log_session_record_size=db:zeek.hart_ip.read_audit_log_session_record_size;group:zeek_hart_ip;kind:integer;friendly:read_audit_log_session_record_size;help:read_audit_log_session_record_size
+zeek.hart_ip.command_number_link_id=db:zeek.hart_ip.command_number_link_id;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:command_number_link_id;help:command_number_link_id
+zeek.hart_ip.direct_pdu_command_link_id=db:zeek.hart_ip.direct_pdu_command_link_id;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_command_link_id;help:direct_pdu_command_link_id
+zeek.hart_ip.session_log_record_link_id=db:zeek.hart_ip.session_log_record_link_id;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:session_log_record_link_id;help:session_log_record_link_id
+zeek.hart_ip.message_packet_bytes=db:zeek.hart_ip.message_packet_bytes;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:message_packet_bytes;help:message_packet_bytes
+zeek.hart_ip.header_version=db:zeek.hart_ip.header_version;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:header_version;help:header_version
+zeek.hart_ip.header_message_type_reserved=db:zeek.hart_ip.header_message_type_reserved;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:header_message_type_reserved;help:header_message_type_reserved
+zeek.hart_ip.header_message_type_message_type=db:zeek.hart_ip.header_message_type_message_type;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:header_message_type_message_type;help:header_message_type_message_type
+zeek.hart_ip.header_message_id=db:zeek.hart_ip.header_message_id;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:header_message_id;help:header_message_id
+zeek.hart_ip.header_status_code=db:zeek.hart_ip.header_status_code;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:header_status_code;help:header_status_code
+zeek.hart_ip.header_sequence_number=db:zeek.hart_ip.header_sequence_number;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:header_sequence_number;help:header_sequence_number
+zeek.hart_ip.header_length=db:zeek.hart_ip.header_length;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:header_length;help:header_length
+zeek.hart_ip.session_initiate_master_type=db:zeek.hart_ip.session_initiate_master_type;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:session_initiate_master_type;help:session_initiate_master_type
+zeek.hart_ip.session_initiate_inactivity_close_timer=db:zeek.hart_ip.session_initiate_inactivity_close_timer;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:session_initiate_inactivity_close_timer;help:session_initiate_inactivity_close_timer
+zeek.hart_ip.token_passing_pdu_delimiter_address_type=db:zeek.hart_ip.token_passing_pdu_delimiter_address_type;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_delimiter_address_type;help:token_passing_pdu_delimiter_address_type
+zeek.hart_ip.token_passing_pdu_delimiter_expansion_bytes=db:zeek.hart_ip.token_passing_pdu_delimiter_expansion_bytes;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:token_passing_pdu_delimiter_expansion_bytes;help:token_passing_pdu_delimiter_expansion_bytes
+zeek.hart_ip.token_passing_pdu_delimiter_physical_layer_type=db:zeek.hart_ip.token_passing_pdu_delimiter_physical_layer_type;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_delimiter_physical_layer_type;help:token_passing_pdu_delimiter_physical_layer_type
+zeek.hart_ip.token_passing_pdu_delimiter_frame_type=db:zeek.hart_ip.token_passing_pdu_delimiter_frame_type;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_delimiter_frame_type;help:token_passing_pdu_delimiter_frame_type
+zeek.hart_ip.token_passing_pdu_address_v4=db:zeek.hart_ip.token_passing_pdu_address_v4;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:token_passing_pdu_address_v4;help:token_passing_pdu_address_v4
+zeek.hart_ip.token_passing_pdu_address_v6=db:zeek.hart_ip.token_passing_pdu_address_v6;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_address_v6;help:token_passing_pdu_address_v6
+zeek.hart_ip.token_passing_pdu_command_number=db:zeek.hart_ip.token_passing_pdu_command_number;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_command_number;help:token_passing_pdu_command_number
+zeek.hart_ip.token_passing_pdu_byte_count=db:zeek.hart_ip.token_passing_pdu_byte_count;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:token_passing_pdu_byte_count;help:token_passing_pdu_byte_count
+zeek.hart_ip.token_passing_pdu_check_byte=db:zeek.hart_ip.token_passing_pdu_check_byte;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:token_passing_pdu_check_byte;help:token_passing_pdu_check_byte
+zeek.hart_ip.token_passing_pdu_contents_data_data=db:zeek.hart_ip.token_passing_pdu_contents_data_data;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_data_data;help:token_passing_pdu_contents_data_data
+zeek.hart_ip.token_passing_pdu_contents_response_response_code=db:zeek.hart_ip.token_passing_pdu_contents_response_response_code;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:token_passing_pdu_contents_response_response_code;help:token_passing_pdu_contents_response_response_code
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_device_malfunction=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_device_malfunction;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_device_malfunction;help:token_passing_pdu_contents_response_device_status_device_malfunction
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_configuration_changed=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_configuration_changed;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_configuration_changed;help:token_passing_pdu_contents_response_device_status_configuration_changed
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_cold_start=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_cold_start;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_cold_start;help:token_passing_pdu_contents_response_device_status_cold_start
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_more_status_available=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_more_status_available;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_more_status_available;help:token_passing_pdu_contents_response_device_status_more_status_available
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_fixed=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_fixed;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_loop_current_fixed;help:token_passing_pdu_contents_response_device_status_loop_current_fixed
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_saturated=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_saturated;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_loop_current_saturated;help:token_passing_pdu_contents_response_device_status_loop_current_saturated
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits;help:token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits
+zeek.hart_ip.token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits=db:zeek.hart_ip.token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits;help:token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits
+zeek.hart_ip.direct_pdu_device_status_device_malfunction=db:zeek.hart_ip.direct_pdu_device_status_device_malfunction;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_device_malfunction;help:direct_pdu_device_status_device_malfunction
+zeek.hart_ip.direct_pdu_device_status_configuration_changed=db:zeek.hart_ip.direct_pdu_device_status_configuration_changed;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_configuration_changed;help:direct_pdu_device_status_configuration_changed
+zeek.hart_ip.direct_pdu_device_status_cold_start=db:zeek.hart_ip.direct_pdu_device_status_cold_start;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_cold_start;help:direct_pdu_device_status_cold_start
+zeek.hart_ip.direct_pdu_device_status_more_status_available=db:zeek.hart_ip.direct_pdu_device_status_more_status_available;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_more_status_available;help:direct_pdu_device_status_more_status_available
+zeek.hart_ip.direct_pdu_device_status_loop_current_fixed=db:zeek.hart_ip.direct_pdu_device_status_loop_current_fixed;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_loop_current_fixed;help:direct_pdu_device_status_loop_current_fixed
+zeek.hart_ip.direct_pdu_device_status_loop_current_saturated=db:zeek.hart_ip.direct_pdu_device_status_loop_current_saturated;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_loop_current_saturated;help:direct_pdu_device_status_loop_current_saturated
+zeek.hart_ip.direct_pdu_device_status_non_primary_variable_out_of_limits=db:zeek.hart_ip.direct_pdu_device_status_non_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_non_primary_variable_out_of_limits;help:direct_pdu_device_status_non_primary_variable_out_of_limits
+zeek.hart_ip.direct_pdu_device_status_primary_variable_out_of_limits=db:zeek.hart_ip.direct_pdu_device_status_primary_variable_out_of_limits;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_device_status_primary_variable_out_of_limits;help:direct_pdu_device_status_primary_variable_out_of_limits
+zeek.hart_ip.direct_pdu_extended_status_undefined_bits=db:zeek.hart_ip.direct_pdu_extended_status_undefined_bits;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:direct_pdu_extended_status_undefined_bits;help:direct_pdu_extended_status_undefined_bits
+zeek.hart_ip.direct_pdu_extended_status_function_check=db:zeek.hart_ip.direct_pdu_extended_status_function_check;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_extended_status_function_check;help:direct_pdu_extended_status_function_check
+zeek.hart_ip.direct_pdu_extended_status_out_of_specification=db:zeek.hart_ip.direct_pdu_extended_status_out_of_specification;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_extended_status_out_of_specification;help:direct_pdu_extended_status_out_of_specification
+zeek.hart_ip.direct_pdu_extended_status_failure=db:zeek.hart_ip.direct_pdu_extended_status_failure;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_extended_status_failure;help:direct_pdu_extended_status_failure
+zeek.hart_ip.direct_pdu_extended_status_critical_power_failure=db:zeek.hart_ip.direct_pdu_extended_status_critical_power_failure;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_extended_status_critical_power_failure;help:direct_pdu_extended_status_critical_power_failure
+zeek.hart_ip.direct_pdu_extended_status_device_variable_alert=db:zeek.hart_ip.direct_pdu_extended_status_device_variable_alert;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_extended_status_device_variable_alert;help:direct_pdu_extended_status_device_variable_alert
+zeek.hart_ip.direct_pdu_extended_status_maintenance_required=db:zeek.hart_ip.direct_pdu_extended_status_maintenance_required;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:direct_pdu_extended_status_maintenance_required;help:direct_pdu_extended_status_maintenance_required
+zeek.hart_ip.read_audit_log_start_record=db:zeek.hart_ip.read_audit_log_start_record;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:read_audit_log_start_record;help:read_audit_log_start_record
+zeek.hart_ip.read_audit_log_number_of_records=db:zeek.hart_ip.read_audit_log_number_of_records;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:read_audit_log_number_of_records;help:read_audit_log_number_of_records
+zeek.hart_ip.read_audit_log_power_up_time=db:zeek.hart_ip.read_audit_log_power_up_time;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:read_audit_log_power_up_time;help:read_audit_log_power_up_time
+zeek.hart_ip.read_audit_log_last_security_change=db:zeek.hart_ip.read_audit_log_last_security_change;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:read_audit_log_last_security_change;help:read_audit_log_last_security_change
+zeek.hart_ip.read_audit_log_server_status_undefined_bits=db:zeek.hart_ip.read_audit_log_server_status_undefined_bits;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:read_audit_log_server_status_undefined_bits;help:read_audit_log_server_status_undefined_bits
+zeek.hart_ip.read_audit_log_server_status_insecure_syslog_connection=db:zeek.hart_ip.read_audit_log_server_status_insecure_syslog_connection;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:read_audit_log_server_status_insecure_syslog_connection;help:read_audit_log_server_status_insecure_syslog_connection
+zeek.hart_ip.read_audit_log_server_status_syslog_server_located_but_connection_failed=db:zeek.hart_ip.read_audit_log_server_status_syslog_server_located_but_connection_failed;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:read_audit_log_server_status_syslog_server_located_but_connection_failed;help:read_audit_log_server_status_syslog_server_located_but_connection_failed
+zeek.hart_ip.read_audit_log_server_status_unable_to_locate_syslog_server=db:zeek.hart_ip.read_audit_log_server_status_unable_to_locate_syslog_server;group:zeek_hart_ip;kind:termfield;viewerOnly:true;friendly:read_audit_log_server_status_unable_to_locate_syslog_server;help:read_audit_log_server_status_unable_to_locate_syslog_server
+zeek.hart_ip.read_audit_log_session_record_size=db:zeek.hart_ip.read_audit_log_session_record_size;group:zeek_hart_ip;kind:integer;viewerOnly:true;friendly:read_audit_log_session_record_size;help:read_audit_log_session_record_size
 
 # hart_ip_session_record.log
 # https://github.com/cisagov/icsnpp-hart-ip
-zeek.hart_ip_session_record.session_log_record_client_i_pv4_address=db:zeek.hart_ip_session_record.session_log_record_client_i_pv4_address;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_client_i_pv4_address;help:session_log_record_client_i_pv4_address
-zeek.hart_ip_session_record.session_log_record_client_i_pv6_address=db:zeek.hart_ip_session_record.session_log_record_client_i_pv6_address;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_client_i_pv6_address;help:session_log_record_client_i_pv6_address
-zeek.hart_ip_session_record.session_log_record_client_port=db:zeek.hart_ip_session_record.session_log_record_client_port;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_client_port;help:session_log_record_client_port
-zeek.hart_ip_session_record.session_log_record_server_port=db:zeek.hart_ip_session_record.session_log_record_server_port;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_server_port;help:session_log_record_server_port
-zeek.hart_ip_session_record.session_log_record_connect_time=db:zeek.hart_ip_session_record.session_log_record_connect_time;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_connect_time;help:session_log_record_connect_time
-zeek.hart_ip_session_record.session_log_record_disconnect_time=db:zeek.hart_ip_session_record.session_log_record_disconnect_time;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_disconnect_time;help:session_log_record_disconnect_time
-zeek.hart_ip_session_record.session_log_record_session_status_summary_undefined_bits=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_undefined_bits;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_session_status_summary_undefined_bits;help:session_log_record_session_status_summary_undefined_bits
-zeek.hart_ip_session_record.session_log_record_session_status_summary_insecure_session=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_insecure_session;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_session_status_summary_insecure_session;help:session_log_record_session_status_summary_insecure_session
-zeek.hart_ip_session_record.session_log_record_session_status_summary_session_timeout=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_session_timeout;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_session_status_summary_session_timeout;help:session_log_record_session_status_summary_session_timeout
-zeek.hart_ip_session_record.session_log_record_session_status_summary_aborted_session=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_aborted_session;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_session_status_summary_aborted_session;help:session_log_record_session_status_summary_aborted_session
-zeek.hart_ip_session_record.session_log_record_session_status_summary_bad_session_initialization=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_bad_session_initialization;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_session_status_summary_bad_session_initialization;help:session_log_record_session_status_summary_bad_session_initialization
-zeek.hart_ip_session_record.session_log_record_session_status_summary_writes_occured=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_writes_occured;group:zeek_hart_ip_session_record;kind:termfield;friendly:session_log_record_session_status_summary_writes_occured;help:session_log_record_session_status_summary_writes_occured
-zeek.hart_ip_session_record.session_log_record_start_configuration_change_count=db:zeek.hart_ip_session_record.session_log_record_start_configuration_change_count;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_start_configuration_change_count;help:session_log_record_start_configuration_change_count
-zeek.hart_ip_session_record.session_log_record_end_configuration_change_count=db:zeek.hart_ip_session_record.session_log_record_end_configuration_change_count;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_end_configuration_change_count;help:session_log_record_end_configuration_change_count
-zeek.hart_ip_session_record.session_log_record_num_publish_pdu=db:zeek.hart_ip_session_record.session_log_record_num_publish_pdu;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_num_publish_pdu;help:session_log_record_num_publish_pdu
-zeek.hart_ip_session_record.session_log_record_num_request_pdu=db:zeek.hart_ip_session_record.session_log_record_num_request_pdu;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_num_request_pdu;help:session_log_record_num_request_pdu
-zeek.hart_ip_session_record.session_log_record_num_response_pdu=db:zeek.hart_ip_session_record.session_log_record_num_response_pdu;group:zeek_hart_ip_session_record;kind:integer;friendly:session_log_record_num_response_pdu;help:session_log_record_num_response_pdu
+zeek.hart_ip_session_record.session_log_record_client_i_pv4_address=db:zeek.hart_ip_session_record.session_log_record_client_i_pv4_address;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_client_i_pv4_address;help:session_log_record_client_i_pv4_address
+zeek.hart_ip_session_record.session_log_record_client_i_pv6_address=db:zeek.hart_ip_session_record.session_log_record_client_i_pv6_address;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_client_i_pv6_address;help:session_log_record_client_i_pv6_address
+zeek.hart_ip_session_record.session_log_record_client_port=db:zeek.hart_ip_session_record.session_log_record_client_port;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_client_port;help:session_log_record_client_port
+zeek.hart_ip_session_record.session_log_record_server_port=db:zeek.hart_ip_session_record.session_log_record_server_port;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_server_port;help:session_log_record_server_port
+zeek.hart_ip_session_record.session_log_record_connect_time=db:zeek.hart_ip_session_record.session_log_record_connect_time;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_connect_time;help:session_log_record_connect_time
+zeek.hart_ip_session_record.session_log_record_disconnect_time=db:zeek.hart_ip_session_record.session_log_record_disconnect_time;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_disconnect_time;help:session_log_record_disconnect_time
+zeek.hart_ip_session_record.session_log_record_session_status_summary_undefined_bits=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_undefined_bits;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_session_status_summary_undefined_bits;help:session_log_record_session_status_summary_undefined_bits
+zeek.hart_ip_session_record.session_log_record_session_status_summary_insecure_session=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_insecure_session;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_session_status_summary_insecure_session;help:session_log_record_session_status_summary_insecure_session
+zeek.hart_ip_session_record.session_log_record_session_status_summary_session_timeout=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_session_timeout;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_session_status_summary_session_timeout;help:session_log_record_session_status_summary_session_timeout
+zeek.hart_ip_session_record.session_log_record_session_status_summary_aborted_session=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_aborted_session;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_session_status_summary_aborted_session;help:session_log_record_session_status_summary_aborted_session
+zeek.hart_ip_session_record.session_log_record_session_status_summary_bad_session_initialization=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_bad_session_initialization;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_session_status_summary_bad_session_initialization;help:session_log_record_session_status_summary_bad_session_initialization
+zeek.hart_ip_session_record.session_log_record_session_status_summary_writes_occured=db:zeek.hart_ip_session_record.session_log_record_session_status_summary_writes_occured;group:zeek_hart_ip_session_record;kind:termfield;viewerOnly:true;friendly:session_log_record_session_status_summary_writes_occured;help:session_log_record_session_status_summary_writes_occured
+zeek.hart_ip_session_record.session_log_record_start_configuration_change_count=db:zeek.hart_ip_session_record.session_log_record_start_configuration_change_count;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_start_configuration_change_count;help:session_log_record_start_configuration_change_count
+zeek.hart_ip_session_record.session_log_record_end_configuration_change_count=db:zeek.hart_ip_session_record.session_log_record_end_configuration_change_count;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_end_configuration_change_count;help:session_log_record_end_configuration_change_count
+zeek.hart_ip_session_record.session_log_record_num_publish_pdu=db:zeek.hart_ip_session_record.session_log_record_num_publish_pdu;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_num_publish_pdu;help:session_log_record_num_publish_pdu
+zeek.hart_ip_session_record.session_log_record_num_request_pdu=db:zeek.hart_ip_session_record.session_log_record_num_request_pdu;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_num_request_pdu;help:session_log_record_num_request_pdu
+zeek.hart_ip_session_record.session_log_record_num_response_pdu=db:zeek.hart_ip_session_record.session_log_record_num_response_pdu;group:zeek_hart_ip_session_record;kind:integer;viewerOnly:true;friendly:session_log_record_num_response_pdu;help:session_log_record_num_response_pdu
 
 # hart_ip_universal_commands.log
 # https://github.com/cisagov/icsnpp-hart-ip
-zeek.hart_ip_universal_commands.read_unique_identifier_response_254=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_254;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_254;help:read_unique_identifier_response_254
-zeek.hart_ip_universal_commands.read_unique_identifier_response_expanded_device_type=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_expanded_device_type;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_expanded_device_type;help:read_unique_identifier_response_expanded_device_type
-zeek.hart_ip_universal_commands.read_unique_identifier_response_minimum_preambles_master_slave=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_minimum_preambles_master_slave;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_minimum_preambles_master_slave;help:read_unique_identifier_response_minimum_preambles_master_slave
-zeek.hart_ip_universal_commands.read_unique_identifier_response_hart_protocol_major_revision=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_hart_protocol_major_revision;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_hart_protocol_major_revision;help:read_unique_identifier_response_hart_protocol_major_revision
-zeek.hart_ip_universal_commands.read_unique_identifier_response_device_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_device_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_device_revision_level;help:read_unique_identifier_response_device_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_response_software_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_software_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_software_revision_level;help:read_unique_identifier_response_software_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_c8_psk_in_multi_drop_only;help:read_unique_identifier_response_flags_c8_psk_in_multi_drop_only
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_c8_psk_capable_field_device;help:read_unique_identifier_response_flags_c8_psk_capable_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_undefined_5=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_undefined_5;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_undefined_5;help:read_unique_identifier_response_flags_undefined_5
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_safehart_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_safehart_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_safehart_capable_field_device;help:read_unique_identifier_response_flags_safehart_capable_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_protocol_bridge_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_protocol_bridge_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_protocol_bridge_device;help:read_unique_identifier_response_flags_protocol_bridge_device
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_eeprom_control=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_eeprom_control;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_eeprom_control;help:read_unique_identifier_response_flags_eeprom_control
-zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_flags_mutli_sensor_field_device;help:read_unique_identifier_response_flags_mutli_sensor_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_response_device_id=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_device_id;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_device_id;help:read_unique_identifier_response_device_id
-zeek.hart_ip_universal_commands.read_unique_identifier_response_number_preambles_slave_master=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_number_preambles_slave_master;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_number_preambles_slave_master;help:read_unique_identifier_response_number_preambles_slave_master
-zeek.hart_ip_universal_commands.read_unique_identifier_response_last_device_variable_this=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_last_device_variable_this;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_last_device_variable_this;help:read_unique_identifier_response_last_device_variable_this
-zeek.hart_ip_universal_commands.read_unique_identifier_response_configuration_change_counter=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_configuration_change_counter;help:read_unique_identifier_response_configuration_change_counter
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_response_extended_field_device_status_undefined_bits;help:read_unique_identifier_response_extended_field_device_status_undefined_bits
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_extended_field_device_status_function_check;help:read_unique_identifier_response_extended_field_device_status_function_check
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_extended_field_device_status_out_of_specification;help:read_unique_identifier_response_extended_field_device_status_out_of_specification
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_extended_field_device_status_failure;help:read_unique_identifier_response_extended_field_device_status_failure
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_extended_field_device_status_critical_power_failure;help:read_unique_identifier_response_extended_field_device_status_critical_power_failure
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_extended_field_device_status_device_variable_alert;help:read_unique_identifier_response_extended_field_device_status_device_variable_alert
-zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_extended_field_device_status_maintenance_required;help:read_unique_identifier_response_extended_field_device_status_maintenance_required
-zeek.hart_ip_universal_commands.read_unique_identifier_response_manufacturer_identification_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_manufacturer_identification_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_manufacturer_identification_code;help:read_unique_identifier_response_manufacturer_identification_code
-zeek.hart_ip_universal_commands.read_unique_identifier_response_private_label_distributor_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_private_label_distributor_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_private_label_distributor_code;help:read_unique_identifier_response_private_label_distributor_code
-zeek.hart_ip_universal_commands.read_unique_identifier_response_device_profile=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_device_profile;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_response_device_profile;help:read_unique_identifier_response_device_profile
-zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable_units=db:zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_primary_variable_response_primary_variable_units;help:read_primary_variable_response_primary_variable_units
-zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable=db:zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_primary_variable_response_primary_variable;help:read_primary_variable_response_primary_variable
-zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_loop_current=db:zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_loop_current;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_loop_current_response_primary_variable_loop_current;help:read_loop_current_response_primary_variable_loop_current
-zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_percent_range=db:zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_percent_range;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_loop_current_response_primary_variable_percent_range;help:read_loop_current_response_primary_variable_percent_range
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_loop_current=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_loop_current;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_primary_variable_loop_current;help:read_dynamic_variable_response_primary_variable_loop_current
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_primary_variable_units;help:read_dynamic_variable_response_primary_variable_units
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_primary_variable;help:read_dynamic_variable_response_primary_variable
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_secondary_variable_units;help:read_dynamic_variable_response_secondary_variable_units
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_secondary_variable;help:read_dynamic_variable_response_secondary_variable
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_tertiary_variable_units;help:read_dynamic_variable_response_tertiary_variable_units
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_tertiary_variable;help:read_dynamic_variable_response_tertiary_variable
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_quaternary_variable_units;help:read_dynamic_variable_response_quaternary_variable_units
-zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_response_quaternary_variable;help:read_dynamic_variable_response_quaternary_variable
-zeek.hart_ip_universal_commands.write_polling_address_polling_address_device=db:zeek.hart_ip_universal_commands.write_polling_address_polling_address_device;group:zeek_hart_ip_universal_commands;kind:integer;friendly:write_polling_address_polling_address_device;help:write_polling_address_polling_address_device
-zeek.hart_ip_universal_commands.write_polling_address_loop_current_mode=db:zeek.hart_ip_universal_commands.write_polling_address_loop_current_mode;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:write_polling_address_loop_current_mode;help:write_polling_address_loop_current_mode
-zeek.hart_ip_universal_commands.read_loop_configuration_response_polling_address_device=db:zeek.hart_ip_universal_commands.read_loop_configuration_response_polling_address_device;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_loop_configuration_response_polling_address_device;help:read_loop_configuration_response_polling_address_device
-zeek.hart_ip_universal_commands.read_loop_configuration_response_loop_current_mode=db:zeek.hart_ip_universal_commands.read_loop_configuration_response_loop_current_mode;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_loop_configuration_response_loop_current_mode;help:read_loop_configuration_response_loop_current_mode
-zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_primary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_primary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_classifications_response_primary_variable_classification;help:read_dynamic_variable_classifications_response_primary_variable_classification
-zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_secondary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_secondary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_classifications_response_secondary_variable_classification;help:read_dynamic_variable_classifications_response_secondary_variable_classification
-zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_tertiary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_tertiary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_classifications_response_tertiary_variable_classification;help:read_dynamic_variable_classifications_response_tertiary_variable_classification
-zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_quaternary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_quaternary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_dynamic_variable_classifications_response_quaternary_variable_classification;help:read_dynamic_variable_classifications_response_quaternary_variable_classification
-zeek.hart_ip_universal_commands.read_device_variable_request_slot0_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot0_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot0_device_variable_code;help:read_device_variable_request_slot0_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot1_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot1_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot1_device_variable_code;help:read_device_variable_request_slot1_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot2_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot2_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot2_device_variable_code;help:read_device_variable_request_slot2_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot3_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot3_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot3_device_variable_code;help:read_device_variable_request_slot3_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot4_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot4_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot4_device_variable_code;help:read_device_variable_request_slot4_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot5_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot5_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot5_device_variable_code;help:read_device_variable_request_slot5_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot6_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot6_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot6_device_variable_code;help:read_device_variable_request_slot6_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_request_slot7_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot7_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_request_slot7_device_variable_code;help:read_device_variable_request_slot7_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_extended_field_device_status_undefined_bits;help:read_device_variable_response_extended_field_device_status_undefined_bits
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_extended_field_device_status_function_check;help:read_device_variable_response_extended_field_device_status_function_check
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_extended_field_device_status_out_of_specification;help:read_device_variable_response_extended_field_device_status_out_of_specification
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_extended_field_device_status_failure;help:read_device_variable_response_extended_field_device_status_failure
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_extended_field_device_status_critical_power_failure;help:read_device_variable_response_extended_field_device_status_critical_power_failure
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_extended_field_device_status_device_variable_alert;help:read_device_variable_response_extended_field_device_status_device_variable_alert
-zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_extended_field_device_status_maintenance_required;help:read_device_variable_response_extended_field_device_status_maintenance_required
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot0_device_variable_code;help:read_device_variable_response_slot0_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot0_device_variable_class;help:read_device_variable_response_slot0_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot0_units_code;help:read_device_variable_response_slot0_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot0_device_variable;help:read_device_variable_response_slot0_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot0_device_variable_status_process_data_status;help:read_device_variable_response_slot0_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot0_device_variable_status_limit_status;help:read_device_variable_response_slot0_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot0_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot0_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot1_device_variable_code;help:read_device_variable_response_slot1_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot1_device_variable_class;help:read_device_variable_response_slot1_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot1_units_code;help:read_device_variable_response_slot1_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot1_device_variable;help:read_device_variable_response_slot1_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot1_device_variable_status_process_data_status;help:read_device_variable_response_slot1_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot1_device_variable_status_limit_status;help:read_device_variable_response_slot1_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot1_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot1_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot2_device_variable_code;help:read_device_variable_response_slot2_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot2_device_variable_class;help:read_device_variable_response_slot2_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot2_units_code;help:read_device_variable_response_slot2_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot2_device_variable;help:read_device_variable_response_slot2_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot2_device_variable_status_process_data_status;help:read_device_variable_response_slot2_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot2_device_variable_status_limit_status;help:read_device_variable_response_slot2_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot2_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot2_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot3_device_variable_code;help:read_device_variable_response_slot3_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot3_device_variable_class;help:read_device_variable_response_slot3_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot3_units_code;help:read_device_variable_response_slot3_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot3_device_variable;help:read_device_variable_response_slot3_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot3_device_variable_status_process_data_status;help:read_device_variable_response_slot3_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot3_device_variable_status_limit_status;help:read_device_variable_response_slot3_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot3_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot3_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot4_device_variable_code;help:read_device_variable_response_slot4_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot4_device_variable_class;help:read_device_variable_response_slot4_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot4_units_code;help:read_device_variable_response_slot4_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot4_device_variable;help:read_device_variable_response_slot4_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot4_device_variable_status_process_data_status;help:read_device_variable_response_slot4_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot4_device_variable_status_limit_status;help:read_device_variable_response_slot4_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot4_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot4_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot5_device_variable_code;help:read_device_variable_response_slot5_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot5_device_variable_class;help:read_device_variable_response_slot5_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot5_units_code;help:read_device_variable_response_slot5_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot5_device_variable;help:read_device_variable_response_slot5_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot5_device_variable_status_process_data_status;help:read_device_variable_response_slot5_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot5_device_variable_status_limit_status;help:read_device_variable_response_slot5_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot5_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot5_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot6_device_variable_code;help:read_device_variable_response_slot6_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot6_device_variable_class;help:read_device_variable_response_slot6_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot6_units_code;help:read_device_variable_response_slot6_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot6_device_variable;help:read_device_variable_response_slot6_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot6_device_variable_status_process_data_status;help:read_device_variable_response_slot6_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot6_device_variable_status_limit_status;help:read_device_variable_response_slot6_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot6_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot6_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot7_device_variable_code;help:read_device_variable_response_slot7_device_variable_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot7_device_variable_class;help:read_device_variable_response_slot7_device_variable_class
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot7_units_code;help:read_device_variable_response_slot7_units_code
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot7_device_variable;help:read_device_variable_response_slot7_device_variable
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot7_device_variable_status_process_data_status;help:read_device_variable_response_slot7_device_variable_status_process_data_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot7_device_variable_status_limit_status;help:read_device_variable_response_slot7_device_variable_status_limit_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available
-zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot7_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot7_device_variable_status_device_family_specific_status
-zeek.hart_ip_universal_commands.read_device_variable_response_slot0_time=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_time;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_variable_response_slot0_time;help:read_device_variable_response_slot0_time
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_request_tag=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_request_tag;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_request_tag;help:read_unique_identifier_tag_request_tag
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_254=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_254;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_254;help:read_unique_identifier_tag_response_254
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_expanded_device_type=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_expanded_device_type;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_expanded_device_type;help:read_unique_identifier_tag_response_expanded_device_type
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_minimum_preambles_master_slave=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_minimum_preambles_master_slave;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_minimum_preambles_master_slave;help:read_unique_identifier_tag_response_minimum_preambles_master_slave
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hart_protocol_major_revision=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hart_protocol_major_revision;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_hart_protocol_major_revision;help:read_unique_identifier_tag_response_hart_protocol_major_revision
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_device_revision_level;help:read_unique_identifier_tag_response_device_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_software_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_software_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_software_revision_level;help:read_unique_identifier_tag_response_software_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only;help:read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_c8_psk_capable_field_device;help:read_unique_identifier_tag_response_flags_c8_psk_capable_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_undefined_5=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_undefined_5;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_undefined_5;help:read_unique_identifier_tag_response_flags_undefined_5
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_safehart_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_safehart_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_safehart_capable_field_device;help:read_unique_identifier_tag_response_flags_safehart_capable_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_protocol_bridge_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_protocol_bridge_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_protocol_bridge_device;help:read_unique_identifier_tag_response_flags_protocol_bridge_device
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_eeprom_control=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_eeprom_control;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_eeprom_control;help:read_unique_identifier_tag_response_flags_eeprom_control
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_flags_mutli_sensor_field_device;help:read_unique_identifier_tag_response_flags_mutli_sensor_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_id=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_id;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_device_id;help:read_unique_identifier_tag_response_device_id
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_number_preambles_slave_master=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_number_preambles_slave_master;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_number_preambles_slave_master;help:read_unique_identifier_tag_response_number_preambles_slave_master
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_last_device_variable_this=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_last_device_variable_this;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_last_device_variable_this;help:read_unique_identifier_tag_response_last_device_variable_this
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_configuration_change_counter=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_configuration_change_counter;help:read_unique_identifier_tag_response_configuration_change_counter
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_tag_response_extended_field_device_status_undefined_bits;help:read_unique_identifier_tag_response_extended_field_device_status_undefined_bits
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_extended_field_device_status_function_check;help:read_unique_identifier_tag_response_extended_field_device_status_function_check
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_extended_field_device_status_out_of_specification;help:read_unique_identifier_tag_response_extended_field_device_status_out_of_specification
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_extended_field_device_status_failure;help:read_unique_identifier_tag_response_extended_field_device_status_failure
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure;help:read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert;help:read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_extended_field_device_status_maintenance_required;help:read_unique_identifier_tag_response_extended_field_device_status_maintenance_required
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_manufacturer_identification_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_manufacturer_identification_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_manufacturer_identification_code;help:read_unique_identifier_tag_response_manufacturer_identification_code
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_private_label_distributor_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_private_label_distributor_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_private_label_distributor_code;help:read_unique_identifier_tag_response_private_label_distributor_code
-zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_profile=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_profile;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_tag_response_device_profile;help:read_unique_identifier_tag_response_device_profile
-zeek.hart_ip_universal_commands.read_message_response_message=db:zeek.hart_ip_universal_commands.read_message_response_message;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_message_response_message;help:read_message_response_message
-zeek.hart_ip_universal_commands.read_tag_response_tag=db:zeek.hart_ip_universal_commands.read_tag_response_tag;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_tag_response_tag;help:read_tag_response_tag
-zeek.hart_ip_universal_commands.read_tag_response_descriptor=db:zeek.hart_ip_universal_commands.read_tag_response_descriptor;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_tag_response_descriptor;help:read_tag_response_descriptor
-zeek.hart_ip_universal_commands.read_tag_response_date_code=db:zeek.hart_ip_universal_commands.read_tag_response_date_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_tag_response_date_code;help:read_tag_response_date_code
-zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_serial_number=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_serial_number;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_primary_variable_transducer_information_response_p_v_transducer_serial_number;help:read_primary_variable_transducer_information_response_p_v_transducer_serial_number
-zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_limits_units=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_limits_units;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_primary_variable_transducer_information_response_p_v_transducer_limits_units;help:read_primary_variable_transducer_information_response_p_v_transducer_limits_units
-zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_upper_transducer_limit=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_upper_transducer_limit;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_primary_variable_transducer_information_response_p_v_upper_transducer_limit;help:read_primary_variable_transducer_information_response_p_v_upper_transducer_limit
-zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_lower_transducer_limit=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_lower_transducer_limit;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_primary_variable_transducer_information_response_p_v_lower_transducer_limit;help:read_primary_variable_transducer_information_response_p_v_lower_transducer_limit
-zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_minimum_span=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_minimum_span;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_primary_variable_transducer_information_response_p_v_minimum_span;help:read_primary_variable_transducer_information_response_p_v_minimum_span
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_alarm_selection_code=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_alarm_selection_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_alarm_selection_code;help:read_device_information_response_p_v_alarm_selection_code
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_transfer_function_code=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_transfer_function_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_transfer_function_code;help:read_device_information_response_p_v_transfer_function_code
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_lower_range=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_lower_range;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_upper_lower_range;help:read_device_information_response_p_v_upper_lower_range
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_range_value=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_range_value;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_upper_range_value;help:read_device_information_response_p_v_upper_range_value
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_lower_range_value=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_lower_range_value;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_lower_range_value;help:read_device_information_response_p_v_lower_range_value
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_damping_value=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_damping_value;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_damping_value;help:read_device_information_response_p_v_damping_value
-zeek.hart_ip_universal_commands.read_device_information_response_write_protect_code=db:zeek.hart_ip_universal_commands.read_device_information_response_write_protect_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_write_protect_code;help:read_device_information_response_write_protect_code
-zeek.hart_ip_universal_commands.read_device_information_response_250=db:zeek.hart_ip_universal_commands.read_device_information_response_250;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_information_response_250;help:read_device_information_response_250
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_undefined_bits=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_device_information_response_p_v_analog_channel_flags_undefined_bits;help:read_device_information_response_p_v_analog_channel_flags_undefined_bits
-zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_analog_channel=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_analog_channel;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_device_information_response_p_v_analog_channel_flags_analog_channel;help:read_device_information_response_p_v_analog_channel_flags_analog_channel
-zeek.hart_ip_universal_commands.read_final_assembly_number_response_final_assembly_number=db:zeek.hart_ip_universal_commands.read_final_assembly_number_response_final_assembly_number;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_final_assembly_number_response_final_assembly_number;help:read_final_assembly_number_response_final_assembly_number
-zeek.hart_ip_universal_commands.write_message_message_string=db:zeek.hart_ip_universal_commands.write_message_message_string;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:write_message_message_string;help:write_message_message_string
-zeek.hart_ip_universal_commands.write_tag_descriptor_date_tag=db:zeek.hart_ip_universal_commands.write_tag_descriptor_date_tag;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:write_tag_descriptor_date_tag;help:write_tag_descriptor_date_tag
-zeek.hart_ip_universal_commands.write_tag_descriptor_date_record_keeping_descriptor=db:zeek.hart_ip_universal_commands.write_tag_descriptor_date_record_keeping_descriptor;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:write_tag_descriptor_date_record_keeping_descriptor;help:write_tag_descriptor_date_record_keeping_descriptor
-zeek.hart_ip_universal_commands.write_tag_descriptor_date_date_code=db:zeek.hart_ip_universal_commands.write_tag_descriptor_date_date_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:write_tag_descriptor_date_date_code;help:write_tag_descriptor_date_date_code
-zeek.hart_ip_universal_commands.write_final_assembly_number_final_assembly_number=db:zeek.hart_ip_universal_commands.write_final_assembly_number_final_assembly_number;group:zeek_hart_ip_universal_commands;kind:integer;friendly:write_final_assembly_number_final_assembly_number;help:write_final_assembly_number_final_assembly_number
-zeek.hart_ip_universal_commands.read_long_tag_response_long_tag=db:zeek.hart_ip_universal_commands.read_long_tag_response_long_tag;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_long_tag_response_long_tag;help:read_long_tag_response_long_tag
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_request_long_tag=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_request_long_tag;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_request_long_tag;help:read_unique_identifier_long_tag_request_long_tag
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_254=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_254;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_254;help:read_unique_identifier_long_tag_response_254
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_expanded_device_type=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_expanded_device_type;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_expanded_device_type;help:read_unique_identifier_long_tag_response_expanded_device_type
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_minimum_preambles_master_slave=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_minimum_preambles_master_slave;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_minimum_preambles_master_slave;help:read_unique_identifier_long_tag_response_minimum_preambles_master_slave
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hart_protocol_major_revision=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hart_protocol_major_revision;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_hart_protocol_major_revision;help:read_unique_identifier_long_tag_response_hart_protocol_major_revision
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_device_revision_level;help:read_unique_identifier_long_tag_response_device_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_software_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_software_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_software_revision_level;help:read_unique_identifier_long_tag_response_software_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only;help:read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device;help:read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_undefined_5=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_undefined_5;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_undefined_5;help:read_unique_identifier_long_tag_response_flags_undefined_5
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_safehart_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_safehart_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_safehart_capable_field_device;help:read_unique_identifier_long_tag_response_flags_safehart_capable_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_protocol_bridge_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_protocol_bridge_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_protocol_bridge_device;help:read_unique_identifier_long_tag_response_flags_protocol_bridge_device
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_eeprom_control=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_eeprom_control;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_eeprom_control;help:read_unique_identifier_long_tag_response_flags_eeprom_control
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device;help:read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_id=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_id;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_device_id;help:read_unique_identifier_long_tag_response_device_id
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_number_preambles_slave_master=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_number_preambles_slave_master;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_number_preambles_slave_master;help:read_unique_identifier_long_tag_response_number_preambles_slave_master
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_last_device_variable_this=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_last_device_variable_this;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_last_device_variable_this;help:read_unique_identifier_long_tag_response_last_device_variable_this
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_configuration_change_counter=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_configuration_change_counter;help:read_unique_identifier_long_tag_response_configuration_change_counter
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits;help:read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_function_check;help:read_unique_identifier_long_tag_response_extended_field_device_status_function_check
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification;help:read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_failure;help:read_unique_identifier_long_tag_response_extended_field_device_status_failure
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure;help:read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert;help:read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required;help:read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_manufacturer_identification_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_manufacturer_identification_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_manufacturer_identification_code;help:read_unique_identifier_long_tag_response_manufacturer_identification_code
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_private_label_distributor_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_private_label_distributor_code;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_private_label_distributor_code;help:read_unique_identifier_long_tag_response_private_label_distributor_code
-zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_profile=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_profile;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_unique_identifier_long_tag_response_device_profile;help:read_unique_identifier_long_tag_response_device_profile
-zeek.hart_ip_universal_commands.write_long_tag_long_tag=db:zeek.hart_ip_universal_commands.write_long_tag_long_tag;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:write_long_tag_long_tag;help:write_long_tag_long_tag
-zeek.hart_ip_universal_commands.reset_configuration_changed_flag_configuration_change_counter=db:zeek.hart_ip_universal_commands.reset_configuration_changed_flag_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;friendly:reset_configuration_changed_flag_configuration_change_counter;help:reset_configuration_changed_flag_configuration_change_counter
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_0=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_0;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_device_specific_status_0;help:read_additional_device_status_contents_device_specific_status_0
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_additional_device_status_contents_extended_field_device_status_undefined_bits;help:read_additional_device_status_contents_extended_field_device_status_undefined_bits
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_extended_field_device_status_function_check;help:read_additional_device_status_contents_extended_field_device_status_function_check
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_extended_field_device_status_out_of_specification;help:read_additional_device_status_contents_extended_field_device_status_out_of_specification
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_extended_field_device_status_failure;help:read_additional_device_status_contents_extended_field_device_status_failure
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_extended_field_device_status_critical_power_failure;help:read_additional_device_status_contents_extended_field_device_status_critical_power_failure
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_extended_field_device_status_device_variable_alert;help:read_additional_device_status_contents_extended_field_device_status_device_variable_alert
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_extended_field_device_status_maintenance_required;help:read_additional_device_status_contents_extended_field_device_status_maintenance_required
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_operating_mode=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_operating_mode;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_device_operating_mode;help:read_additional_device_status_contents_device_operating_mode
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_configuration_lock=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_configuration_lock;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_device_configuration_lock;help:read_additional_device_status_contents_standardized_status0_device_configuration_lock
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_electronic_defect=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_electronic_defect;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_electronic_defect;help:read_additional_device_status_contents_standardized_status0_electronic_defect
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range;help:read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range;help:read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_watchdog_reset_executed=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_watchdog_reset_executed;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_watchdog_reset_executed;help:read_additional_device_status_contents_standardized_status0_watchdog_reset_executed
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_volatile_memory_defect=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_volatile_memory_defect;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_volatile_memory_defect;help:read_additional_device_status_contents_standardized_status0_volatile_memory_defect
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect;help:read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_variable_simulation_active=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_variable_simulation_active;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status0_device_variable_simulation_active;help:read_additional_device_status_contents_standardized_status0_device_variable_simulation_active
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_additional_device_status_contents_standardized_status1_undefined_bits;help:read_additional_device_status_contents_standardized_status1_undefined_bits
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_reserved=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_reserved;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status1_reserved;help:read_additional_device_status_contents_standardized_status1_reserved
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance;help:read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_event_notification_overflow=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_event_notification_overflow;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status1_event_notification_overflow;help:read_additional_device_status_contents_standardized_status1_event_notification_overflow
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active;help:read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_status_simulation_active=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_status_simulation_active;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status1_status_simulation_active;help:read_additional_device_status_contents_standardized_status1_status_simulation_active
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_additional_device_status_contents_analog_channel_saturated_undefined_bits;help:read_additional_device_status_contents_analog_channel_saturated_undefined_bits
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quinary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quinary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_analog_channel_saturated_quinary_analog;help:read_additional_device_status_contents_analog_channel_saturated_quinary_analog
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quaternary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quaternary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_analog_channel_saturated_quaternary_analog;help:read_additional_device_status_contents_analog_channel_saturated_quaternary_analog
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_tertiary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_tertiary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_analog_channel_saturated_tertiary_analog;help:read_additional_device_status_contents_analog_channel_saturated_tertiary_analog
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_secondary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_secondary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_analog_channel_saturated_secondary_analog;help:read_additional_device_status_contents_analog_channel_saturated_secondary_analog
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_additional_device_status_contents_standardized_status2_undefined_bits;help:read_additional_device_status_contents_standardized_status2_undefined_bits
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_stale_data_notice=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_stale_data_notice;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status2_stale_data_notice;help:read_additional_device_status_contents_standardized_status2_stale_data_notice
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id;help:read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_mismatch=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_mismatch;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status2_sub_device_mismatch;help:read_additional_device_status_contents_standardized_status2_sub_device_mismatch
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_duplicate_master_detected=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_duplicate_master_detected;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status2_duplicate_master_detected;help:read_additional_device_status_contents_standardized_status2_duplicate_master_detected
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_list_changed=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_list_changed;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status2_sub_device_list_changed;help:read_additional_device_status_contents_standardized_status2_sub_device_list_changed
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_additional_device_status_contents_standardized_status3_undefined_bits;help:read_additional_device_status_contents_standardized_status3_undefined_bits
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_radio_failure=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_radio_failure;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status3_radio_failure;help:read_additional_device_status_contents_standardized_status3_radio_failure
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_block_transfer_pending=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_block_transfer_pending;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status3_block_transfer_pending;help:read_additional_device_status_contents_standardized_status3_block_transfer_pending
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending;help:read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_resereved=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_resereved;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status3_resereved;help:read_additional_device_status_contents_standardized_status3_resereved
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_capacity_denied=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_capacity_denied;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_standardized_status3_capacity_denied;help:read_additional_device_status_contents_standardized_status3_capacity_denied
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;friendly:read_additional_device_status_contents_analog_channel_undefined_bits;help:read_additional_device_status_contents_analog_channel_undefined_bits
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_analog_channel=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_analog_channel;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_analog_channel_analog_channel;help:read_additional_device_status_contents_analog_channel_analog_channel
-zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_1=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_1;group:zeek_hart_ip_universal_commands;kind:termfield;friendly:read_additional_device_status_contents_device_specific_status_1;help:read_additional_device_status_contents_device_specific_status_1
+zeek.hart_ip_universal_commands.read_unique_identifier_response_254=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_254;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_254;help:read_unique_identifier_response_254
+zeek.hart_ip_universal_commands.read_unique_identifier_response_expanded_device_type=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_expanded_device_type;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_expanded_device_type;help:read_unique_identifier_response_expanded_device_type
+zeek.hart_ip_universal_commands.read_unique_identifier_response_minimum_preambles_master_slave=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_minimum_preambles_master_slave;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_minimum_preambles_master_slave;help:read_unique_identifier_response_minimum_preambles_master_slave
+zeek.hart_ip_universal_commands.read_unique_identifier_response_hart_protocol_major_revision=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_hart_protocol_major_revision;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_hart_protocol_major_revision;help:read_unique_identifier_response_hart_protocol_major_revision
+zeek.hart_ip_universal_commands.read_unique_identifier_response_device_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_device_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_device_revision_level;help:read_unique_identifier_response_device_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_response_software_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_software_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_software_revision_level;help:read_unique_identifier_response_software_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:read_unique_identifier_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_c8_psk_in_multi_drop_only;help:read_unique_identifier_response_flags_c8_psk_in_multi_drop_only
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_c8_psk_capable_field_device;help:read_unique_identifier_response_flags_c8_psk_capable_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_undefined_5=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_undefined_5;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_undefined_5;help:read_unique_identifier_response_flags_undefined_5
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_safehart_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_safehart_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_safehart_capable_field_device;help:read_unique_identifier_response_flags_safehart_capable_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:read_unique_identifier_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_protocol_bridge_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_protocol_bridge_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_protocol_bridge_device;help:read_unique_identifier_response_flags_protocol_bridge_device
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_eeprom_control=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_eeprom_control;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_eeprom_control;help:read_unique_identifier_response_flags_eeprom_control
+zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_flags_mutli_sensor_field_device;help:read_unique_identifier_response_flags_mutli_sensor_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_response_device_id=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_device_id;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_device_id;help:read_unique_identifier_response_device_id
+zeek.hart_ip_universal_commands.read_unique_identifier_response_number_preambles_slave_master=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_number_preambles_slave_master;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_number_preambles_slave_master;help:read_unique_identifier_response_number_preambles_slave_master
+zeek.hart_ip_universal_commands.read_unique_identifier_response_last_device_variable_this=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_last_device_variable_this;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_last_device_variable_this;help:read_unique_identifier_response_last_device_variable_this
+zeek.hart_ip_universal_commands.read_unique_identifier_response_configuration_change_counter=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_configuration_change_counter;help:read_unique_identifier_response_configuration_change_counter
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_undefined_bits;help:read_unique_identifier_response_extended_field_device_status_undefined_bits
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_function_check;help:read_unique_identifier_response_extended_field_device_status_function_check
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_out_of_specification;help:read_unique_identifier_response_extended_field_device_status_out_of_specification
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_failure;help:read_unique_identifier_response_extended_field_device_status_failure
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_critical_power_failure;help:read_unique_identifier_response_extended_field_device_status_critical_power_failure
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_device_variable_alert;help:read_unique_identifier_response_extended_field_device_status_device_variable_alert
+zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_extended_field_device_status_maintenance_required;help:read_unique_identifier_response_extended_field_device_status_maintenance_required
+zeek.hart_ip_universal_commands.read_unique_identifier_response_manufacturer_identification_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_manufacturer_identification_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_manufacturer_identification_code;help:read_unique_identifier_response_manufacturer_identification_code
+zeek.hart_ip_universal_commands.read_unique_identifier_response_private_label_distributor_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_private_label_distributor_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_private_label_distributor_code;help:read_unique_identifier_response_private_label_distributor_code
+zeek.hart_ip_universal_commands.read_unique_identifier_response_device_profile=db:zeek.hart_ip_universal_commands.read_unique_identifier_response_device_profile;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_response_device_profile;help:read_unique_identifier_response_device_profile
+zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable_units=db:zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_primary_variable_response_primary_variable_units;help:read_primary_variable_response_primary_variable_units
+zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable=db:zeek.hart_ip_universal_commands.read_primary_variable_response_primary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_primary_variable_response_primary_variable;help:read_primary_variable_response_primary_variable
+zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_loop_current=db:zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_loop_current;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_loop_current_response_primary_variable_loop_current;help:read_loop_current_response_primary_variable_loop_current
+zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_percent_range=db:zeek.hart_ip_universal_commands.read_loop_current_response_primary_variable_percent_range;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_loop_current_response_primary_variable_percent_range;help:read_loop_current_response_primary_variable_percent_range
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_loop_current=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_loop_current;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_primary_variable_loop_current;help:read_dynamic_variable_response_primary_variable_loop_current
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_primary_variable_units;help:read_dynamic_variable_response_primary_variable_units
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_primary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_primary_variable;help:read_dynamic_variable_response_primary_variable
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_secondary_variable_units;help:read_dynamic_variable_response_secondary_variable_units
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_secondary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_secondary_variable;help:read_dynamic_variable_response_secondary_variable
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_tertiary_variable_units;help:read_dynamic_variable_response_tertiary_variable_units
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_tertiary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_tertiary_variable;help:read_dynamic_variable_response_tertiary_variable
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable_units=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable_units;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_quaternary_variable_units;help:read_dynamic_variable_response_quaternary_variable_units
+zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable=db:zeek.hart_ip_universal_commands.read_dynamic_variable_response_quaternary_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_response_quaternary_variable;help:read_dynamic_variable_response_quaternary_variable
+zeek.hart_ip_universal_commands.write_polling_address_polling_address_device=db:zeek.hart_ip_universal_commands.write_polling_address_polling_address_device;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:write_polling_address_polling_address_device;help:write_polling_address_polling_address_device
+zeek.hart_ip_universal_commands.write_polling_address_loop_current_mode=db:zeek.hart_ip_universal_commands.write_polling_address_loop_current_mode;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:write_polling_address_loop_current_mode;help:write_polling_address_loop_current_mode
+zeek.hart_ip_universal_commands.read_loop_configuration_response_polling_address_device=db:zeek.hart_ip_universal_commands.read_loop_configuration_response_polling_address_device;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_loop_configuration_response_polling_address_device;help:read_loop_configuration_response_polling_address_device
+zeek.hart_ip_universal_commands.read_loop_configuration_response_loop_current_mode=db:zeek.hart_ip_universal_commands.read_loop_configuration_response_loop_current_mode;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_loop_configuration_response_loop_current_mode;help:read_loop_configuration_response_loop_current_mode
+zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_primary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_primary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_classifications_response_primary_variable_classification;help:read_dynamic_variable_classifications_response_primary_variable_classification
+zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_secondary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_secondary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_classifications_response_secondary_variable_classification;help:read_dynamic_variable_classifications_response_secondary_variable_classification
+zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_tertiary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_tertiary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_classifications_response_tertiary_variable_classification;help:read_dynamic_variable_classifications_response_tertiary_variable_classification
+zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_quaternary_variable_classification=db:zeek.hart_ip_universal_commands.read_dynamic_variable_classifications_response_quaternary_variable_classification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_dynamic_variable_classifications_response_quaternary_variable_classification;help:read_dynamic_variable_classifications_response_quaternary_variable_classification
+zeek.hart_ip_universal_commands.read_device_variable_request_slot0_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot0_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot0_device_variable_code;help:read_device_variable_request_slot0_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot1_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot1_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot1_device_variable_code;help:read_device_variable_request_slot1_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot2_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot2_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot2_device_variable_code;help:read_device_variable_request_slot2_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot3_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot3_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot3_device_variable_code;help:read_device_variable_request_slot3_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot4_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot4_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot4_device_variable_code;help:read_device_variable_request_slot4_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot5_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot5_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot5_device_variable_code;help:read_device_variable_request_slot5_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot6_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot6_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot6_device_variable_code;help:read_device_variable_request_slot6_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_request_slot7_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_request_slot7_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_request_slot7_device_variable_code;help:read_device_variable_request_slot7_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_undefined_bits;help:read_device_variable_response_extended_field_device_status_undefined_bits
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_function_check;help:read_device_variable_response_extended_field_device_status_function_check
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_out_of_specification;help:read_device_variable_response_extended_field_device_status_out_of_specification
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_failure;help:read_device_variable_response_extended_field_device_status_failure
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_critical_power_failure;help:read_device_variable_response_extended_field_device_status_critical_power_failure
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_device_variable_alert;help:read_device_variable_response_extended_field_device_status_device_variable_alert
+zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_device_variable_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_extended_field_device_status_maintenance_required;help:read_device_variable_response_extended_field_device_status_maintenance_required
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable_code;help:read_device_variable_response_slot0_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable_class;help:read_device_variable_response_slot0_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot0_units_code;help:read_device_variable_response_slot0_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable;help:read_device_variable_response_slot0_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable_status_process_data_status;help:read_device_variable_response_slot0_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable_status_limit_status;help:read_device_variable_response_slot0_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot0_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot0_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot0_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable_code;help:read_device_variable_response_slot1_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable_class;help:read_device_variable_response_slot1_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot1_units_code;help:read_device_variable_response_slot1_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable;help:read_device_variable_response_slot1_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable_status_process_data_status;help:read_device_variable_response_slot1_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable_status_limit_status;help:read_device_variable_response_slot1_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot1_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot1_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot1_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot1_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable_code;help:read_device_variable_response_slot2_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable_class;help:read_device_variable_response_slot2_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot2_units_code;help:read_device_variable_response_slot2_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable;help:read_device_variable_response_slot2_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable_status_process_data_status;help:read_device_variable_response_slot2_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable_status_limit_status;help:read_device_variable_response_slot2_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot2_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot2_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot2_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot2_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable_code;help:read_device_variable_response_slot3_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable_class;help:read_device_variable_response_slot3_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot3_units_code;help:read_device_variable_response_slot3_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable;help:read_device_variable_response_slot3_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable_status_process_data_status;help:read_device_variable_response_slot3_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable_status_limit_status;help:read_device_variable_response_slot3_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot3_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot3_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot3_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot3_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable_code;help:read_device_variable_response_slot4_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable_class;help:read_device_variable_response_slot4_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot4_units_code;help:read_device_variable_response_slot4_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable;help:read_device_variable_response_slot4_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable_status_process_data_status;help:read_device_variable_response_slot4_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable_status_limit_status;help:read_device_variable_response_slot4_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot4_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot4_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot4_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot4_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable_code;help:read_device_variable_response_slot5_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable_class;help:read_device_variable_response_slot5_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot5_units_code;help:read_device_variable_response_slot5_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable;help:read_device_variable_response_slot5_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable_status_process_data_status;help:read_device_variable_response_slot5_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable_status_limit_status;help:read_device_variable_response_slot5_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot5_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot5_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot5_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot5_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable_code;help:read_device_variable_response_slot6_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable_class;help:read_device_variable_response_slot6_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot6_units_code;help:read_device_variable_response_slot6_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable;help:read_device_variable_response_slot6_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable_status_process_data_status;help:read_device_variable_response_slot6_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable_status_limit_status;help:read_device_variable_response_slot6_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot6_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot6_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot6_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot6_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_code;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable_code;help:read_device_variable_response_slot7_device_variable_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_class=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_class;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable_class;help:read_device_variable_response_slot7_device_variable_class
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_units_code=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_units_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot7_units_code;help:read_device_variable_response_slot7_units_code
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable;help:read_device_variable_response_slot7_device_variable
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_process_data_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_process_data_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable_status_process_data_status;help:read_device_variable_response_slot7_device_variable_status_process_data_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_limit_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_limit_status;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable_status_limit_status;help:read_device_variable_response_slot7_device_variable_status_limit_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available;help:read_device_variable_response_slot7_device_variable_status_more_device_variable_status_available
+zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_device_family_specific_status=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot7_device_variable_status_device_family_specific_status;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot7_device_variable_status_device_family_specific_status;help:read_device_variable_response_slot7_device_variable_status_device_family_specific_status
+zeek.hart_ip_universal_commands.read_device_variable_response_slot0_time=db:zeek.hart_ip_universal_commands.read_device_variable_response_slot0_time;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_variable_response_slot0_time;help:read_device_variable_response_slot0_time
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_request_tag=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_request_tag;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_request_tag;help:read_unique_identifier_tag_request_tag
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_254=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_254;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_254;help:read_unique_identifier_tag_response_254
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_expanded_device_type=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_expanded_device_type;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_expanded_device_type;help:read_unique_identifier_tag_response_expanded_device_type
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_minimum_preambles_master_slave=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_minimum_preambles_master_slave;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_minimum_preambles_master_slave;help:read_unique_identifier_tag_response_minimum_preambles_master_slave
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hart_protocol_major_revision=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hart_protocol_major_revision;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_hart_protocol_major_revision;help:read_unique_identifier_tag_response_hart_protocol_major_revision
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_device_revision_level;help:read_unique_identifier_tag_response_device_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_software_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_software_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_software_revision_level;help:read_unique_identifier_tag_response_software_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:read_unique_identifier_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only;help:read_unique_identifier_tag_response_flags_c8_psk_in_multi_drop_only
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_c8_psk_capable_field_device;help:read_unique_identifier_tag_response_flags_c8_psk_capable_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_undefined_5=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_undefined_5;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_undefined_5;help:read_unique_identifier_tag_response_flags_undefined_5
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_safehart_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_safehart_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_safehart_capable_field_device;help:read_unique_identifier_tag_response_flags_safehart_capable_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:read_unique_identifier_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_protocol_bridge_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_protocol_bridge_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_protocol_bridge_device;help:read_unique_identifier_tag_response_flags_protocol_bridge_device
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_eeprom_control=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_eeprom_control;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_eeprom_control;help:read_unique_identifier_tag_response_flags_eeprom_control
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_flags_mutli_sensor_field_device;help:read_unique_identifier_tag_response_flags_mutli_sensor_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_id=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_id;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_device_id;help:read_unique_identifier_tag_response_device_id
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_number_preambles_slave_master=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_number_preambles_slave_master;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_number_preambles_slave_master;help:read_unique_identifier_tag_response_number_preambles_slave_master
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_last_device_variable_this=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_last_device_variable_this;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_last_device_variable_this;help:read_unique_identifier_tag_response_last_device_variable_this
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_configuration_change_counter=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_configuration_change_counter;help:read_unique_identifier_tag_response_configuration_change_counter
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_undefined_bits;help:read_unique_identifier_tag_response_extended_field_device_status_undefined_bits
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_function_check;help:read_unique_identifier_tag_response_extended_field_device_status_function_check
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_out_of_specification;help:read_unique_identifier_tag_response_extended_field_device_status_out_of_specification
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_failure;help:read_unique_identifier_tag_response_extended_field_device_status_failure
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure;help:read_unique_identifier_tag_response_extended_field_device_status_critical_power_failure
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert;help:read_unique_identifier_tag_response_extended_field_device_status_device_variable_alert
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_extended_field_device_status_maintenance_required;help:read_unique_identifier_tag_response_extended_field_device_status_maintenance_required
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_manufacturer_identification_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_manufacturer_identification_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_manufacturer_identification_code;help:read_unique_identifier_tag_response_manufacturer_identification_code
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_private_label_distributor_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_private_label_distributor_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_private_label_distributor_code;help:read_unique_identifier_tag_response_private_label_distributor_code
+zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_profile=db:zeek.hart_ip_universal_commands.read_unique_identifier_tag_response_device_profile;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_tag_response_device_profile;help:read_unique_identifier_tag_response_device_profile
+zeek.hart_ip_universal_commands.read_message_response_message=db:zeek.hart_ip_universal_commands.read_message_response_message;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_message_response_message;help:read_message_response_message
+zeek.hart_ip_universal_commands.read_tag_response_tag=db:zeek.hart_ip_universal_commands.read_tag_response_tag;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_tag_response_tag;help:read_tag_response_tag
+zeek.hart_ip_universal_commands.read_tag_response_descriptor=db:zeek.hart_ip_universal_commands.read_tag_response_descriptor;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_tag_response_descriptor;help:read_tag_response_descriptor
+zeek.hart_ip_universal_commands.read_tag_response_date_code=db:zeek.hart_ip_universal_commands.read_tag_response_date_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_tag_response_date_code;help:read_tag_response_date_code
+zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_serial_number=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_serial_number;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_primary_variable_transducer_information_response_p_v_transducer_serial_number;help:read_primary_variable_transducer_information_response_p_v_transducer_serial_number
+zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_limits_units=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_transducer_limits_units;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_primary_variable_transducer_information_response_p_v_transducer_limits_units;help:read_primary_variable_transducer_information_response_p_v_transducer_limits_units
+zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_upper_transducer_limit=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_upper_transducer_limit;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_primary_variable_transducer_information_response_p_v_upper_transducer_limit;help:read_primary_variable_transducer_information_response_p_v_upper_transducer_limit
+zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_lower_transducer_limit=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_lower_transducer_limit;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_primary_variable_transducer_information_response_p_v_lower_transducer_limit;help:read_primary_variable_transducer_information_response_p_v_lower_transducer_limit
+zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_minimum_span=db:zeek.hart_ip_universal_commands.read_primary_variable_transducer_information_response_p_v_minimum_span;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_primary_variable_transducer_information_response_p_v_minimum_span;help:read_primary_variable_transducer_information_response_p_v_minimum_span
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_alarm_selection_code=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_alarm_selection_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_alarm_selection_code;help:read_device_information_response_p_v_alarm_selection_code
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_transfer_function_code=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_transfer_function_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_transfer_function_code;help:read_device_information_response_p_v_transfer_function_code
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_lower_range=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_lower_range;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_upper_lower_range;help:read_device_information_response_p_v_upper_lower_range
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_range_value=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_upper_range_value;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_upper_range_value;help:read_device_information_response_p_v_upper_range_value
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_lower_range_value=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_lower_range_value;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_lower_range_value;help:read_device_information_response_p_v_lower_range_value
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_damping_value=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_damping_value;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_damping_value;help:read_device_information_response_p_v_damping_value
+zeek.hart_ip_universal_commands.read_device_information_response_write_protect_code=db:zeek.hart_ip_universal_commands.read_device_information_response_write_protect_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_write_protect_code;help:read_device_information_response_write_protect_code
+zeek.hart_ip_universal_commands.read_device_information_response_250=db:zeek.hart_ip_universal_commands.read_device_information_response_250;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_information_response_250;help:read_device_information_response_250
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_undefined_bits=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_device_information_response_p_v_analog_channel_flags_undefined_bits;help:read_device_information_response_p_v_analog_channel_flags_undefined_bits
+zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_analog_channel=db:zeek.hart_ip_universal_commands.read_device_information_response_p_v_analog_channel_flags_analog_channel;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_device_information_response_p_v_analog_channel_flags_analog_channel;help:read_device_information_response_p_v_analog_channel_flags_analog_channel
+zeek.hart_ip_universal_commands.read_final_assembly_number_response_final_assembly_number=db:zeek.hart_ip_universal_commands.read_final_assembly_number_response_final_assembly_number;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_final_assembly_number_response_final_assembly_number;help:read_final_assembly_number_response_final_assembly_number
+zeek.hart_ip_universal_commands.write_message_message_string=db:zeek.hart_ip_universal_commands.write_message_message_string;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:write_message_message_string;help:write_message_message_string
+zeek.hart_ip_universal_commands.write_tag_descriptor_date_tag=db:zeek.hart_ip_universal_commands.write_tag_descriptor_date_tag;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:write_tag_descriptor_date_tag;help:write_tag_descriptor_date_tag
+zeek.hart_ip_universal_commands.write_tag_descriptor_date_record_keeping_descriptor=db:zeek.hart_ip_universal_commands.write_tag_descriptor_date_record_keeping_descriptor;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:write_tag_descriptor_date_record_keeping_descriptor;help:write_tag_descriptor_date_record_keeping_descriptor
+zeek.hart_ip_universal_commands.write_tag_descriptor_date_date_code=db:zeek.hart_ip_universal_commands.write_tag_descriptor_date_date_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:write_tag_descriptor_date_date_code;help:write_tag_descriptor_date_date_code
+zeek.hart_ip_universal_commands.write_final_assembly_number_final_assembly_number=db:zeek.hart_ip_universal_commands.write_final_assembly_number_final_assembly_number;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:write_final_assembly_number_final_assembly_number;help:write_final_assembly_number_final_assembly_number
+zeek.hart_ip_universal_commands.read_long_tag_response_long_tag=db:zeek.hart_ip_universal_commands.read_long_tag_response_long_tag;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_long_tag_response_long_tag;help:read_long_tag_response_long_tag
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_request_long_tag=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_request_long_tag;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_request_long_tag;help:read_unique_identifier_long_tag_request_long_tag
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_254=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_254;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_254;help:read_unique_identifier_long_tag_response_254
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_expanded_device_type=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_expanded_device_type;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_expanded_device_type;help:read_unique_identifier_long_tag_response_expanded_device_type
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_minimum_preambles_master_slave=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_minimum_preambles_master_slave;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_minimum_preambles_master_slave;help:read_unique_identifier_long_tag_response_minimum_preambles_master_slave
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hart_protocol_major_revision=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hart_protocol_major_revision;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_hart_protocol_major_revision;help:read_unique_identifier_long_tag_response_hart_protocol_major_revision
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_device_revision_level;help:read_unique_identifier_long_tag_response_device_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_software_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_software_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_software_revision_level;help:read_unique_identifier_long_tag_response_software_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level;help:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_hardware_revision_level
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code;help:read_unique_identifier_long_tag_response_hardware_revision_level_and_physical_signaling_codes_physical_signaling_code
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only;help:read_unique_identifier_long_tag_response_flags_c8_psk_in_multi_drop_only
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device;help:read_unique_identifier_long_tag_response_flags_c8_psk_capable_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_undefined_5=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_undefined_5;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_undefined_5;help:read_unique_identifier_long_tag_response_flags_undefined_5
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_safehart_capable_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_safehart_capable_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_safehart_capable_field_device;help:read_unique_identifier_long_tag_response_flags_safehart_capable_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation;help:read_unique_identifier_long_tag_response_flags_ieee_802_15_4_dsss_o_qpsk_modulation
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_protocol_bridge_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_protocol_bridge_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_protocol_bridge_device;help:read_unique_identifier_long_tag_response_flags_protocol_bridge_device
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_eeprom_control=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_eeprom_control;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_eeprom_control;help:read_unique_identifier_long_tag_response_flags_eeprom_control
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device;help:read_unique_identifier_long_tag_response_flags_mutli_sensor_field_device
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_id=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_id;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_device_id;help:read_unique_identifier_long_tag_response_device_id
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_number_preambles_slave_master=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_number_preambles_slave_master;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_number_preambles_slave_master;help:read_unique_identifier_long_tag_response_number_preambles_slave_master
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_last_device_variable_this=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_last_device_variable_this;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_last_device_variable_this;help:read_unique_identifier_long_tag_response_last_device_variable_this
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_configuration_change_counter=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_configuration_change_counter;help:read_unique_identifier_long_tag_response_configuration_change_counter
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits;help:read_unique_identifier_long_tag_response_extended_field_device_status_undefined_bits
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_function_check;help:read_unique_identifier_long_tag_response_extended_field_device_status_function_check
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification;help:read_unique_identifier_long_tag_response_extended_field_device_status_out_of_specification
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_failure;help:read_unique_identifier_long_tag_response_extended_field_device_status_failure
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure;help:read_unique_identifier_long_tag_response_extended_field_device_status_critical_power_failure
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert;help:read_unique_identifier_long_tag_response_extended_field_device_status_device_variable_alert
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required;help:read_unique_identifier_long_tag_response_extended_field_device_status_maintenance_required
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_manufacturer_identification_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_manufacturer_identification_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_manufacturer_identification_code;help:read_unique_identifier_long_tag_response_manufacturer_identification_code
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_private_label_distributor_code=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_private_label_distributor_code;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_private_label_distributor_code;help:read_unique_identifier_long_tag_response_private_label_distributor_code
+zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_profile=db:zeek.hart_ip_universal_commands.read_unique_identifier_long_tag_response_device_profile;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_unique_identifier_long_tag_response_device_profile;help:read_unique_identifier_long_tag_response_device_profile
+zeek.hart_ip_universal_commands.write_long_tag_long_tag=db:zeek.hart_ip_universal_commands.write_long_tag_long_tag;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:write_long_tag_long_tag;help:write_long_tag_long_tag
+zeek.hart_ip_universal_commands.reset_configuration_changed_flag_configuration_change_counter=db:zeek.hart_ip_universal_commands.reset_configuration_changed_flag_configuration_change_counter;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:reset_configuration_changed_flag_configuration_change_counter;help:reset_configuration_changed_flag_configuration_change_counter
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_0=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_0;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_device_specific_status_0;help:read_additional_device_status_contents_device_specific_status_0
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_undefined_bits;help:read_additional_device_status_contents_extended_field_device_status_undefined_bits
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_function_check=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_function_check;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_function_check;help:read_additional_device_status_contents_extended_field_device_status_function_check
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_out_of_specification=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_out_of_specification;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_out_of_specification;help:read_additional_device_status_contents_extended_field_device_status_out_of_specification
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_failure=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_failure;help:read_additional_device_status_contents_extended_field_device_status_failure
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_critical_power_failure=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_critical_power_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_critical_power_failure;help:read_additional_device_status_contents_extended_field_device_status_critical_power_failure
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_device_variable_alert=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_device_variable_alert;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_device_variable_alert;help:read_additional_device_status_contents_extended_field_device_status_device_variable_alert
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_maintenance_required=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_extended_field_device_status_maintenance_required;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_extended_field_device_status_maintenance_required;help:read_additional_device_status_contents_extended_field_device_status_maintenance_required
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_operating_mode=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_operating_mode;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_device_operating_mode;help:read_additional_device_status_contents_device_operating_mode
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_configuration_lock=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_configuration_lock;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_device_configuration_lock;help:read_additional_device_status_contents_standardized_status0_device_configuration_lock
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_electronic_defect=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_electronic_defect;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_electronic_defect;help:read_additional_device_status_contents_standardized_status0_electronic_defect
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range;help:read_additional_device_status_contents_standardized_status0_environmental_conditions_out_of_range
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range;help:read_additional_device_status_contents_standardized_status0_power_supply_conditions_out_of_range
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_watchdog_reset_executed=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_watchdog_reset_executed;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_watchdog_reset_executed;help:read_additional_device_status_contents_standardized_status0_watchdog_reset_executed
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_volatile_memory_defect=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_volatile_memory_defect;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_volatile_memory_defect;help:read_additional_device_status_contents_standardized_status0_volatile_memory_defect
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect;help:read_additional_device_status_contents_standardized_status0_non_volatile_memory_defect
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_variable_simulation_active=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status0_device_variable_simulation_active;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status0_device_variable_simulation_active;help:read_additional_device_status_contents_standardized_status0_device_variable_simulation_active
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status1_undefined_bits;help:read_additional_device_status_contents_standardized_status1_undefined_bits
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_reserved=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_reserved;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status1_reserved;help:read_additional_device_status_contents_standardized_status1_reserved
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance;help:read_additional_device_status_contents_standardized_status1_battery_or_power_supply_needs_maintenance
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_event_notification_overflow=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_event_notification_overflow;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status1_event_notification_overflow;help:read_additional_device_status_contents_standardized_status1_event_notification_overflow
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active;help:read_additional_device_status_contents_standardized_status1_discrete_variable_simulation_active
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_status_simulation_active=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status1_status_simulation_active;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status1_status_simulation_active;help:read_additional_device_status_contents_standardized_status1_status_simulation_active
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_saturated_undefined_bits;help:read_additional_device_status_contents_analog_channel_saturated_undefined_bits
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quinary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quinary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_saturated_quinary_analog;help:read_additional_device_status_contents_analog_channel_saturated_quinary_analog
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quaternary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_quaternary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_saturated_quaternary_analog;help:read_additional_device_status_contents_analog_channel_saturated_quaternary_analog
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_tertiary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_tertiary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_saturated_tertiary_analog;help:read_additional_device_status_contents_analog_channel_saturated_tertiary_analog
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_secondary_analog=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_saturated_secondary_analog;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_saturated_secondary_analog;help:read_additional_device_status_contents_analog_channel_saturated_secondary_analog
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status2_undefined_bits;help:read_additional_device_status_contents_standardized_status2_undefined_bits
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_stale_data_notice=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_stale_data_notice;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status2_stale_data_notice;help:read_additional_device_status_contents_standardized_status2_stale_data_notice
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id;help:read_additional_device_status_contents_standardized_status2_sub_device_with_duplicate_id
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_mismatch=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_mismatch;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status2_sub_device_mismatch;help:read_additional_device_status_contents_standardized_status2_sub_device_mismatch
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_duplicate_master_detected=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_duplicate_master_detected;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status2_duplicate_master_detected;help:read_additional_device_status_contents_standardized_status2_duplicate_master_detected
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_list_changed=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status2_sub_device_list_changed;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status2_sub_device_list_changed;help:read_additional_device_status_contents_standardized_status2_sub_device_list_changed
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status3_undefined_bits;help:read_additional_device_status_contents_standardized_status3_undefined_bits
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_radio_failure=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_radio_failure;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status3_radio_failure;help:read_additional_device_status_contents_standardized_status3_radio_failure
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_block_transfer_pending=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_block_transfer_pending;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status3_block_transfer_pending;help:read_additional_device_status_contents_standardized_status3_block_transfer_pending
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending;help:read_additional_device_status_contents_standardized_status3_bandwith_allocation_pending
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_resereved=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_resereved;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status3_resereved;help:read_additional_device_status_contents_standardized_status3_resereved
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_capacity_denied=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_standardized_status3_capacity_denied;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_standardized_status3_capacity_denied;help:read_additional_device_status_contents_standardized_status3_capacity_denied
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_undefined_bits=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_undefined_bits;group:zeek_hart_ip_universal_commands;kind:integer;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_undefined_bits;help:read_additional_device_status_contents_analog_channel_undefined_bits
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_analog_channel=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_analog_channel_analog_channel;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_analog_channel_analog_channel;help:read_additional_device_status_contents_analog_channel_analog_channel
+zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_1=db:zeek.hart_ip_universal_commands.read_additional_device_status_contents_device_specific_status_1;group:zeek_hart_ip_universal_commands;kind:termfield;viewerOnly:true;friendly:read_additional_device_status_contents_device_specific_status_1;help:read_additional_device_status_contents_device_specific_status_1
 
 # http.log
 # https://docs.zeek.org/en/stable/scripts/base/protocols/http/main.zeek.html#type-HTTP::Info
@@ -1352,7 +1352,7 @@ zeek.modbus.exception=db:zeek.modbus.exception;group:zeek_modbus;kind:termfield;
 zeek.modbus.unit_id=db:zeek.modbus.unit_id;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Unit/Server ID;help:Unit/Server ID
 zeek.modbus.trans_id=db:zeek.modbus.trans_id;group:zeek_modbus;kind:integer;viewerOnly:true;friendly:Transaction ID;help:Transaction ID
 zeek.modbus.network_direction=db:zeek.modbus.network_direction;group:zeek_modbus;kind:termfield;viewerOnly:true;friendly:PDU Type;help:Request or Response
-zeek.modbus.mei_type=db:zeek.modbus.mei_type;group:modbus;kind:termfield;friendly:MEI Type;help:MEI Type
+zeek.modbus.mei_type=db:zeek.modbus.mei_type;group:modbus;kind:termfield;viewerOnly:true;friendly:MEI Type;help:MEI Type
 
 # modbus_detailed.log
 # https://github.com/cisagov/ICSNPP
@@ -1367,12 +1367,12 @@ zeek.modbus_mask_write_register.or_mask=db:zeek.modbus_mask_write_register.or_ma
 
 # modbus_read_device_identification.log
 # https://github.com/cisagov/icsnpp-modbus
-zeek.modbus_read_device_identification.conformity_level_code=db:zeek.modbus_read_device_identification.conformity_level_code;group:zeek_modbus_read_device_identification;kind:termfield;friendly:Conformity Level Code;help:Conformity Level Code
-zeek.modbus_read_device_identification.conformity_level=db:zeek.modbus_read_device_identification.conformity_level;group:zeek_modbus_read_device_identification;kind:termfield;friendly:Conformity Level;help:Conformity Level
-zeek.modbus_read_device_identification.device_id_code=db:zeek.modbus_read_device_identification.device_id_code;group:zeek_modbus_read_device_identification;kind:integer;friendly:Device ID Code;help:Device ID Code
-zeek.modbus_read_device_identification.object_id_code=db:zeek.modbus_read_device_identification.object_id_code;group:zeek_modbus_read_device_identification;kind:termfield;friendly:Object ID Code;help:Object ID Code
-zeek.modbus_read_device_identification.object_id=db:zeek.modbus_read_device_identification.object_id;group:zeek_modbus_read_device_identification;kind:termfield;friendly:Object ID;help:Object ID
-zeek.modbus_read_device_identification.object_value=db:zeek.modbus_read_device_identification.object_value;group:zeek_modbus_read_device_identification;kind:termfield;friendly:Object Value;help:Object Value
+zeek.modbus_read_device_identification.conformity_level_code=db:zeek.modbus_read_device_identification.conformity_level_code;group:zeek_modbus_read_device_identification;kind:termfield;viewerOnly:true;friendly:Conformity Level Code;help:Conformity Level Code
+zeek.modbus_read_device_identification.conformity_level=db:zeek.modbus_read_device_identification.conformity_level;group:zeek_modbus_read_device_identification;kind:termfield;viewerOnly:true;friendly:Conformity Level;help:Conformity Level
+zeek.modbus_read_device_identification.device_id_code=db:zeek.modbus_read_device_identification.device_id_code;group:zeek_modbus_read_device_identification;kind:integer;viewerOnly:true;friendly:Device ID Code;help:Device ID Code
+zeek.modbus_read_device_identification.object_id_code=db:zeek.modbus_read_device_identification.object_id_code;group:zeek_modbus_read_device_identification;kind:termfield;viewerOnly:true;friendly:Object ID Code;help:Object ID Code
+zeek.modbus_read_device_identification.object_id=db:zeek.modbus_read_device_identification.object_id;group:zeek_modbus_read_device_identification;kind:termfield;viewerOnly:true;friendly:Object ID;help:Object ID
+zeek.modbus_read_device_identification.object_value=db:zeek.modbus_read_device_identification.object_value;group:zeek_modbus_read_device_identification;kind:termfield;viewerOnly:true;friendly:Object Value;help:Object Value
 
 # modbus_read_write_multiple_registers.log
 # https://github.com/cisagov/ICSNPP
@@ -1466,6 +1466,253 @@ zeek.ntp.rec_time=db:zeek.ntp.rec_time;group:zeek_ntp;kind:termfield;viewerOnly:
 zeek.ntp.xmt_time=db:zeek.ntp.xmt_time;group:zeek_ntp;kind:termfield;viewerOnly:true;friendly:Transmit Timestamp;help:Transmit Timestamp
 zeek.ntp.num_exts=db:zeek.ntp.num_exts;group:zeek_ntp;kind:integer;viewerOnly:true;friendly:Extension Fields;help:Extension Fields
 
+# omron_fins_data_link_status_read.log
+# https://github.com/cisagov/icsnpp-omron-fins
+zeek.omron_fins_data_link_status_read.command_code=db:zeek.omron_fins_data_link_status_read.command_code;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_data_link_status_read.icf_data_type=db:zeek.omron_fins_data_link_status_read.icf_data_type;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_data_link_status_read.response_code=db:zeek.omron_fins_data_link_status_read.response_code;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_data_link_status_read.node_number=db:zeek.omron_fins_data_link_status_read.node_number;group:zeek_data_link_status_read_log;kind:integer;viewerOnly:true;friendly:node_number;help:node_number
+zeek.omron_fins_data_link_status_read.data_links=db:zeek.omron_fins_data_link_status_read.data_links;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:data_links;help:data_links
+zeek.omron_fins_data_link_status_read.node_setting=db:zeek.omron_fins_data_link_status_read.node_setting;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:node_setting;help:node_setting
+zeek.omron_fins_data_link_status_read.master_node_number=db:zeek.omron_fins_data_link_status_read.master_node_number;group:zeek_data_link_status_read_log;kind:integer;viewerOnly:true;friendly:master_node_number;help:master_node_number
+zeek.omron_fins_data_link_status_read.error_status=db:zeek.omron_fins_data_link_status_read.error_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:error_status;help:error_status
+zeek.omron_fins_data_link_status_read.mode_status=db:zeek.omron_fins_data_link_status_read.mode_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:mode_status;help:mode_status
+zeek.omron_fins_data_link_status_read.warning_status=db:zeek.omron_fins_data_link_status_read.warning_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:warning_status;help:warning_status
+
+# omron_fins_detail_error.log
+# https://github.com/cisagov/icsnpp-omron-fins
+zeek.omron_fins_detail_error.command_code=db:zeek.omron_fins_detail_error.command_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_detail_error.icf_data_type=db:zeek.omron_fins_detail_error.icf_data_type;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_detail_error.response_code=db:zeek.omron_fins_detail_error.response_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_detail_error.error_reset_fal_no=db:zeek.omron_fins_detail_error.error_reset_fal_no;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_reset_fal_no;help:error_reset_fal_no
+zeek.omron_fins_detail_error.beginning_record_no=db:zeek.omron_fins_detail_error.beginning_record_no;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:beginning_record_no;help:beginning_record_no
+zeek.omron_fins_detail_error.max_no_stored_records=db:zeek.omron_fins_detail_error.max_no_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:max_no_stored_records;help:max_no_stored_records
+zeek.omron_fins_detail_error.no_of_stored_records=db:zeek.omron_fins_detail_error.no_of_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_stored_records;help:no_of_stored_records
+zeek.omron_fins_detail_error.no_of_records=db:zeek.omron_fins_detail_error.no_of_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_records;help:no_of_records
+zeek.omron_fins_detail_error.error_code_1=db:zeek.omron_fins_detail_error.error_code_1;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_1;help:error_code_1
+zeek.omron_fins_detail_error.error_code_2=db:zeek.omron_fins_detail_error.error_code_2;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_2;help:error_code_2
+zeek.omron_fins_detail_error.minute=db:zeek.omron_fins_detail_error.minute;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins_detail_error.second=db:zeek.omron_fins_detail_error.second;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins_detail_error.day=db:zeek.omron_fins_detail_error.day;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins_detail_error.hour=db:zeek.omron_fins_detail_error.hour;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins_detail_error.year=db:zeek.omron_fins_detail_error.year;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins_detail_error.month=db:zeek.omron_fins_detail_error.month;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:month;help:month
+
+# omron_fins_detail_file.log
+# https://github.com/cisagov/icsnpp-omron-fins
+zeek.omron_fins_detail_file.command_code=db:zeek.omron_fins_detail_file.command_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_detail_file.icf_data_type=db:zeek.omron_fins_detail_file.icf_data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_detail_file.response_code=db:zeek.omron_fins_detail_file.response_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_detail_file.disk_no=db:zeek.omron_fins_detail_file.disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:disk_no;help:disk_no
+zeek.omron_fins_detail_file.beginning_file_position=db:zeek.omron_fins_detail_file.beginning_file_position;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_file_position;help:beginning_file_position
+zeek.omron_fins_detail_file.no_of_files=db:zeek.omron_fins_detail_file.no_of_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_files;help:no_of_files
+zeek.omron_fins_detail_file.volume_label=db:zeek.omron_fins_detail_file.volume_label;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:volume_label;help:volume_label
+zeek.omron_fins_detail_file.year=db:zeek.omron_fins_detail_file.year;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins_detail_file.month=db:zeek.omron_fins_detail_file.month;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:month;help:month
+zeek.omron_fins_detail_file.day=db:zeek.omron_fins_detail_file.day;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins_detail_file.hour=db:zeek.omron_fins_detail_file.hour;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins_detail_file.minute=db:zeek.omron_fins_detail_file.minute;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins_detail_file.second=db:zeek.omron_fins_detail_file.second;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins_detail_file.total_capacity=db:zeek.omron_fins_detail_file.total_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_capacity;help:total_capacity
+zeek.omron_fins_detail_file.unused_capacity=db:zeek.omron_fins_detail_file.unused_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:unused_capacity;help:unused_capacity
+zeek.omron_fins_detail_file.total_no_files=db:zeek.omron_fins_detail_file.total_no_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_files;help:total_no_files
+zeek.omron_fins_detail_file.no_files_read=db:zeek.omron_fins_detail_file.no_files_read;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_files_read;help:no_files_read
+zeek.omron_fins_detail_file.last_file=db:zeek.omron_fins_detail_file.last_file;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_file;help:last_file
+zeek.omron_fins_detail_file.file_name=db:zeek.omron_fins_detail_file.file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:file_name;help:file_name
+zeek.omron_fins_detail_file.file_capacity=db:zeek.omron_fins_detail_file.file_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_capacity;help:file_capacity
+zeek.omron_fins_detail_file.file_position=db:zeek.omron_fins_detail_file.file_position;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_position;help:file_position
+zeek.omron_fins_detail_file.data_length=db:zeek.omron_fins_detail_file.data_length;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:data_length;help:data_length
+zeek.omron_fins_detail_file.parameter_code=db:zeek.omron_fins_detail_file.parameter_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_code;help:parameter_code
+zeek.omron_fins_detail_file.src_disk_no=db:zeek.omron_fins_detail_file.src_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:src_disk_no;help:src_disk_no
+zeek.omron_fins_detail_file.src_file_name=db:zeek.omron_fins_detail_file.src_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:src_file_name;help:src_file_name
+zeek.omron_fins_detail_file.dst_disk_no=db:zeek.omron_fins_detail_file.dst_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:dst_disk_no;help:dst_disk_no
+zeek.omron_fins_detail_file.dst_file_name=db:zeek.omron_fins_detail_file.dst_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:dst_file_name;help:dst_file_name
+zeek.omron_fins_detail_file.old_file_name=db:zeek.omron_fins_detail_file.old_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:old_file_name;help:old_file_name
+zeek.omron_fins_detail_file.new_file_name=db:zeek.omron_fins_detail_file.new_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:new_file_name;help:new_file_name
+zeek.omron_fins_detail_file.parameter_area_code=db:zeek.omron_fins_detail_file.parameter_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
+zeek.omron_fins_detail_file.beginning_address=db:zeek.omron_fins_detail_file.beginning_address;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
+zeek.omron_fins_detail_file.no_of_words=db:zeek.omron_fins_detail_file.no_of_words;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_words;help:no_of_words
+zeek.omron_fins_detail_file.memory_area_code=db:zeek.omron_fins_detail_file.memory_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
+zeek.omron_fins_detail_file.no_of_items=db:zeek.omron_fins_detail_file.no_of_items;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_items;help:no_of_items
+zeek.omron_fins_detail_file.program_no=db:zeek.omron_fins_detail_file.program_no;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:program_no;help:program_no
+zeek.omron_fins_detail_file.no_of_bytes=db:zeek.omron_fins_detail_file.no_of_bytes;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_bytes;help:no_of_bytes
+zeek.omron_fins_detail_file.beginning_word=db:zeek.omron_fins_detail_file.beginning_word;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
+zeek.omron_fins_detail_file.beginning_block_no=db:zeek.omron_fins_detail_file.beginning_block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:beginning_block_no;help:beginning_block_no
+zeek.omron_fins_detail_file.no_of_blocks=db:zeek.omron_fins_detail_file.no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_blocks;help:no_of_blocks
+zeek.omron_fins_detail_file.remaining_blocks=db:zeek.omron_fins_detail_file.remaining_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:remaining_blocks;help:remaining_blocks
+zeek.omron_fins_detail_file.total_no_of_blocks=db:zeek.omron_fins_detail_file.total_no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_of_blocks;help:total_no_of_blocks
+zeek.omron_fins_detail_file.memory_type=db:zeek.omron_fins_detail_file.memory_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_type;help:memory_type
+zeek.omron_fins_detail_file.data_type=db:zeek.omron_fins_detail_file.data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:data_type;help:data_type
+zeek.omron_fins_detail_file.last_block=db:zeek.omron_fins_detail_file.last_block;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_block;help:last_block
+zeek.omron_fins_detail_file.protected=db:zeek.omron_fins_detail_file.protected;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:protected;help:protected
+zeek.omron_fins_detail_file.control_data=db:zeek.omron_fins_detail_file.control_data;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:control_data;help:control_data
+zeek.omron_fins_detail_file.block_no=db:zeek.omron_fins_detail_file.block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:block_no;help:block_no
+zeek.omron_fins_detail_file.memory_data=db:zeek.omron_fins_detail_file.memory_data;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_data;help:memory_data
+
+# omron_fins_detail.log
+# https://github.com/cisagov/icsnpp-omron-fins
+zeek.omron_fins_detail.command_code=db:zeek.omron_fins_detail.command_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_detail.icf_data_type=db:zeek.omron_fins_detail.icf_data_type;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_detail.memory_area_code=db:zeek.omron_fins_detail.memory_area_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
+zeek.omron_fins_detail.beginning_address=db:zeek.omron_fins_detail.beginning_address;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
+zeek.omron_fins_detail.number_of_items=db:zeek.omron_fins_detail.number_of_items;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_items;help:number_of_items
+zeek.omron_fins_detail.parameter_area_code=db:zeek.omron_fins_detail.parameter_area_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
+zeek.omron_fins_detail.beginning_word=db:zeek.omron_fins_detail.beginning_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
+zeek.omron_fins_detail.number_of_words=db:zeek.omron_fins_detail.number_of_words;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_words;help:number_of_words
+zeek.omron_fins_detail.last_word_bit=db:zeek.omron_fins_detail.last_word_bit;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:last_word_bit;help:last_word_bit
+zeek.omron_fins_detail.response_code=db:zeek.omron_fins_detail.response_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_detail.data=db:zeek.omron_fins_detail.data;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:data;help:data
+zeek.omron_fins_detail.year=db:zeek.omron_fins_detail.year;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins_detail.month=db:zeek.omron_fins_detail.month;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:month;help:month
+zeek.omron_fins_detail.date=db:zeek.omron_fins_detail.date;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:date;help:date
+zeek.omron_fins_detail.hour=db:zeek.omron_fins_detail.hour;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins_detail.minute=db:zeek.omron_fins_detail.minute;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins_detail.second=db:zeek.omron_fins_detail.second;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins_detail.day=db:zeek.omron_fins_detail.day;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins_detail.clock_time=db:zeek.omron_fins_detail.clock_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:clock_time;help:clock_time
+zeek.omron_fins_detail.intelligent_id_no=db:zeek.omron_fins_detail.intelligent_id_no;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:intelligent_id_no;help:intelligent_id_no
+zeek.omron_fins_detail.first_word=db:zeek.omron_fins_detail.first_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:first_word;help:first_word
+zeek.omron_fins_detail.read_length=db:zeek.omron_fins_detail.read_length;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:read_length;help:read_length
+zeek.omron_fins_detail.data_length=db:zeek.omron_fins_detail.data_length;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:data_length;help:data_length
+zeek.omron_fins_detail.num_of_link_nodes=db:zeek.omron_fins_detail.num_of_link_nodes;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:num_of_link_nodes;help:num_of_link_nodes
+zeek.omron_fins_detail.block_record_data_link_status=db:zeek.omron_fins_detail.block_record_data_link_status;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_data_link_status;help:block_record_data_link_status
+zeek.omron_fins_detail.block_record_num_of_link_nodes=db:zeek.omron_fins_detail.block_record_num_of_link_nodes;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:block_record_num_of_link_nodes;help:block_record_num_of_link_nodes
+zeek.omron_fins_detail.block_record_node_num=db:zeek.omron_fins_detail.block_record_node_num;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:block_record_node_num;help:block_record_node_num
+zeek.omron_fins_detail.block_record_cio_area_first_word=db:zeek.omron_fins_detail.block_record_cio_area_first_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_cio_area_first_word;help:block_record_cio_area_first_word
+zeek.omron_fins_detail.block_record_kind_of_dm=db:zeek.omron_fins_detail.block_record_kind_of_dm;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_kind_of_dm;help:block_record_kind_of_dm
+zeek.omron_fins_detail.block_record_dm_area_first_word=db:zeek.omron_fins_detail.block_record_dm_area_first_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_dm_area_first_word;help:block_record_dm_area_first_word
+zeek.omron_fins_detail.block_record_num_of_total_words=db:zeek.omron_fins_detail.block_record_num_of_total_words;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:block_record_num_of_total_words;help:block_record_num_of_total_words
+zeek.omron_fins_detail.program_no=db:zeek.omron_fins_detail.program_no;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:program_no;help:program_no
+zeek.omron_fins_detail.protect_code=db:zeek.omron_fins_detail.protect_code;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:protect_code;help:protect_code
+zeek.omron_fins_detail.last_word=db:zeek.omron_fins_detail.last_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:last_word;help:last_word
+zeek.omron_fins_detail.clear_code=db:zeek.omron_fins_detail.clear_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:clear_code;help:clear_code
+zeek.omron_fins_detail.number_of_bytes=db:zeek.omron_fins_detail.number_of_bytes;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_bytes;help:number_of_bytes
+zeek.omron_fins_detail.run_mode=db:zeek.omron_fins_detail.run_mode;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:run_mode;help:run_mode
+zeek.omron_fins_detail.controller_data_to_read=db:zeek.omron_fins_detail.controller_data_to_read;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_data_to_read;help:controller_data_to_read
+zeek.omron_fins_detail.controller_model=db:zeek.omron_fins_detail.controller_model;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_model;help:controller_model
+zeek.omron_fins_detail.controller_version=db:zeek.omron_fins_detail.controller_version;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_version;help:controller_version
+zeek.omron_fins_detail.for_system_use=db:zeek.omron_fins_detail.for_system_use;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:for_system_use;help:for_system_use
+zeek.omron_fins_detail.program_area_size=db:zeek.omron_fins_detail.program_area_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:program_area_size;help:program_area_size
+zeek.omron_fins_detail.iom_size=db:zeek.omron_fins_detail.iom_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:iom_size;help:iom_size
+zeek.omron_fins_detail.no_of_dm_words=db:zeek.omron_fins_detail.no_of_dm_words;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_dm_words;help:no_of_dm_words
+zeek.omron_fins_detail.timer_size=db:zeek.omron_fins_detail.timer_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:timer_size;help:timer_size
+zeek.omron_fins_detail.expansion_dm_size=db:zeek.omron_fins_detail.expansion_dm_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:expansion_dm_size;help:expansion_dm_size
+zeek.omron_fins_detail.no_of_steps_transitions=db:zeek.omron_fins_detail.no_of_steps_transitions;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_steps_transitions;help:no_of_steps_transitions
+zeek.omron_fins_detail.kind_of_memory_card=db:zeek.omron_fins_detail.kind_of_memory_card;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:kind_of_memory_card;help:kind_of_memory_card
+zeek.omron_fins_detail.memory_card_size=db:zeek.omron_fins_detail.memory_card_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:memory_card_size;help:memory_card_size
+zeek.omron_fins_detail.cpu_bus_unit_config=db:zeek.omron_fins_detail.cpu_bus_unit_config;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:cpu_bus_unit_config;help:cpu_bus_unit_config
+zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted=db:zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_sysmac_bus_master_mounted;help:no_of_sysmac_bus_master_mounted
+zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted=db:zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_sysmac_bus2_master_mounted;help:no_of_sysmac_bus2_master_mounted
+zeek.omron_fins_detail.peripheral_device_connected=db:zeek.omron_fins_detail.peripheral_device_connected;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:peripheral_device_connected;help:peripheral_device_connected
+zeek.omron_fins_detail.built_in_host_interface=db:zeek.omron_fins_detail.built_in_host_interface;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:built_in_host_interface;help:built_in_host_interface
+zeek.omron_fins_detail.no_of_racks_connected=db:zeek.omron_fins_detail.no_of_racks_connected;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_racks_connected;help:no_of_racks_connected
+zeek.omron_fins_detail.no_of_units=db:zeek.omron_fins_detail.no_of_units;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_units;help:no_of_units
+zeek.omron_fins_detail.unit_address=db:zeek.omron_fins_detail.unit_address;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:unit_address;help:unit_address
+zeek.omron_fins_detail.model_number=db:zeek.omron_fins_detail.model_number;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:model_number;help:model_number
+zeek.omron_fins_detail.controller_status_data_read_status=db:zeek.omron_fins_detail.controller_status_data_read_status;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_status_data_read_status;help:controller_status_data_read_status
+zeek.omron_fins_detail.controller_status_data_read_mode=db:zeek.omron_fins_detail.controller_status_data_read_mode;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_status_data_read_mode;help:controller_status_data_read_mode
+zeek.omron_fins_detail.fatal_error=db:zeek.omron_fins_detail.fatal_error;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fatal_error;help:fatal_error
+zeek.omron_fins_detail.non_fatal_error=db:zeek.omron_fins_detail.non_fatal_error;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:non_fatal_error;help:non_fatal_error
+zeek.omron_fins_detail.message_yes_no=db:zeek.omron_fins_detail.message_yes_no;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_yes_no;help:message_yes_no
+zeek.omron_fins_detail.fal_fals_no=db:zeek.omron_fins_detail.fal_fals_no;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:fal_fals_no;help:fal_fals_no
+zeek.omron_fins_detail.error_message=db:zeek.omron_fins_detail.error_message;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:error_message;help:error_message
+zeek.omron_fins_detail.cycle_time_read_parameter=db:zeek.omron_fins_detail.cycle_time_read_parameter;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:cycle_time_read_parameter;help:cycle_time_read_parameter
+zeek.omron_fins_detail.average_cycle_time=db:zeek.omron_fins_detail.average_cycle_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:average_cycle_time;help:average_cycle_time
+zeek.omron_fins_detail.max_cycle_time=db:zeek.omron_fins_detail.max_cycle_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:max_cycle_time;help:max_cycle_time
+zeek.omron_fins_detail.min_cycle_time=db:zeek.omron_fins_detail.min_cycle_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:min_cycle_time;help:min_cycle_time
+zeek.omron_fins_detail.test_data=db:zeek.omron_fins_detail.test_data;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:test_data;help:test_data
+zeek.omron_fins_detail.number_of_receptions=db:zeek.omron_fins_detail.number_of_receptions;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_receptions;help:number_of_receptions
+zeek.omron_fins_detail.command=db:zeek.omron_fins_detail.command;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:command;help:command
+zeek.omron_fins_detail.message_no_0=db:zeek.omron_fins_detail.message_no_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_0;help:message_no_0
+zeek.omron_fins_detail.message_no_1=db:zeek.omron_fins_detail.message_no_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_1;help:message_no_1
+zeek.omron_fins_detail.message_no_2=db:zeek.omron_fins_detail.message_no_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_2;help:message_no_2
+zeek.omron_fins_detail.message_no_3=db:zeek.omron_fins_detail.message_no_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_3;help:message_no_3
+zeek.omron_fins_detail.message_no_4=db:zeek.omron_fins_detail.message_no_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_4;help:message_no_4
+zeek.omron_fins_detail.message_no_5=db:zeek.omron_fins_detail.message_no_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_5;help:message_no_5
+zeek.omron_fins_detail.message_no_6=db:zeek.omron_fins_detail.message_no_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_6;help:message_no_6
+zeek.omron_fins_detail.message_no_7=db:zeek.omron_fins_detail.message_no_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_7;help:message_no_7
+zeek.omron_fins_detail.message_0=db:zeek.omron_fins_detail.message_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_0;help:message_0
+zeek.omron_fins_detail.message_1=db:zeek.omron_fins_detail.message_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_1;help:message_1
+zeek.omron_fins_detail.message_2=db:zeek.omron_fins_detail.message_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_2;help:message_2
+zeek.omron_fins_detail.message_3=db:zeek.omron_fins_detail.message_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_3;help:message_3
+zeek.omron_fins_detail.message_4=db:zeek.omron_fins_detail.message_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_4;help:message_4
+zeek.omron_fins_detail.message_5=db:zeek.omron_fins_detail.message_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_5;help:message_5
+zeek.omron_fins_detail.message_6=db:zeek.omron_fins_detail.message_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_6;help:message_6
+zeek.omron_fins_detail.message_7=db:zeek.omron_fins_detail.message_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_7;help:message_7
+zeek.omron_fins_detail.fal_fals_no_0=db:zeek.omron_fins_detail.fal_fals_no_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_0;help:fal_fals_no_0
+zeek.omron_fins_detail.fal_fals_no_1=db:zeek.omron_fins_detail.fal_fals_no_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_1;help:fal_fals_no_1
+zeek.omron_fins_detail.fal_fals_no_2=db:zeek.omron_fins_detail.fal_fals_no_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_2;help:fal_fals_no_2
+zeek.omron_fins_detail.fal_fals_no_3=db:zeek.omron_fins_detail.fal_fals_no_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_3;help:fal_fals_no_3
+zeek.omron_fins_detail.fal_fals_no_4=db:zeek.omron_fins_detail.fal_fals_no_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_4;help:fal_fals_no_4
+zeek.omron_fins_detail.fal_fals_no_5=db:zeek.omron_fins_detail.fal_fals_no_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_5;help:fal_fals_no_5
+zeek.omron_fins_detail.fal_fals_no_6=db:zeek.omron_fins_detail.fal_fals_no_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_6;help:fal_fals_no_6
+zeek.omron_fins_detail.fal_fals_no_7=db:zeek.omron_fins_detail.fal_fals_no_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_7;help:fal_fals_no_7
+zeek.omron_fins_detail.fal_fals_no_8=db:zeek.omron_fins_detail.fal_fals_no_8;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_8;help:fal_fals_no_8
+zeek.omron_fins_detail.fal_fals_no_9=db:zeek.omron_fins_detail.fal_fals_no_9;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_9;help:fal_fals_no_9
+zeek.omron_fins_detail.fal_fals_no_10=db:zeek.omron_fins_detail.fal_fals_no_10;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_10;help:fal_fals_no_10
+zeek.omron_fins_detail.fal_fals_no_11=db:zeek.omron_fins_detail.fal_fals_no_11;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_11;help:fal_fals_no_11
+zeek.omron_fins_detail.fal_fals_no_12=db:zeek.omron_fins_detail.fal_fals_no_12;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_12;help:fal_fals_no_12
+zeek.omron_fins_detail.fal_fals_no_13=db:zeek.omron_fins_detail.fal_fals_no_13;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_13;help:fal_fals_no_13
+zeek.omron_fins_detail.fal_fals_0=db:zeek.omron_fins_detail.fal_fals_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_0;help:fal_fals_0
+zeek.omron_fins_detail.fal_fals_1=db:zeek.omron_fins_detail.fal_fals_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_1;help:fal_fals_1
+zeek.omron_fins_detail.fal_fals_2=db:zeek.omron_fins_detail.fal_fals_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_2;help:fal_fals_2
+zeek.omron_fins_detail.fal_fals_3=db:zeek.omron_fins_detail.fal_fals_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_3;help:fal_fals_3
+zeek.omron_fins_detail.fal_fals_4=db:zeek.omron_fins_detail.fal_fals_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_4;help:fal_fals_4
+zeek.omron_fins_detail.fal_fals_5=db:zeek.omron_fins_detail.fal_fals_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_5;help:fal_fals_5
+zeek.omron_fins_detail.fal_fals_6=db:zeek.omron_fins_detail.fal_fals_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_6;help:fal_fals_6
+zeek.omron_fins_detail.fal_fals_7=db:zeek.omron_fins_detail.fal_fals_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_7;help:fal_fals_7
+zeek.omron_fins_detail.fal_fals_8=db:zeek.omron_fins_detail.fal_fals_8;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_8;help:fal_fals_8
+zeek.omron_fins_detail.fal_fals_9=db:zeek.omron_fins_detail.fal_fals_9;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_9;help:fal_fals_9
+zeek.omron_fins_detail.fal_fals_10=db:zeek.omron_fins_detail.fal_fals_10;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_10;help:fal_fals_10
+zeek.omron_fins_detail.fal_fals_11=db:zeek.omron_fins_detail.fal_fals_11;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_11;help:fal_fals_11
+zeek.omron_fins_detail.fal_fals_12=db:zeek.omron_fins_detail.fal_fals_12;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_12;help:fal_fals_12
+zeek.omron_fins_detail.fal_fals_13=db:zeek.omron_fins_detail.fal_fals_13;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_13;help:fal_fals_13
+zeek.omron_fins_detail.acquire_network_address=db:zeek.omron_fins_detail.acquire_network_address;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:acquire_network_address;help:acquire_network_address
+zeek.omron_fins_detail.acquire_node_number=db:zeek.omron_fins_detail.acquire_node_number;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:acquire_node_number;help:acquire_node_number
+zeek.omron_fins_detail.acquire_unit_address=db:zeek.omron_fins_detail.acquire_unit_address;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:acquire_unit_address;help:acquire_unit_address
+zeek.omron_fins_detail.no_of_bits=db:zeek.omron_fins_detail.no_of_bits;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_bits;help:no_of_bits
+zeek.omron_fins_detail.set_reset_specification=db:zeek.omron_fins_detail.set_reset_specification;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:set_reset_specification;help:set_reset_specification
+zeek.omron_fins_detail.bit_flag=db:zeek.omron_fins_detail.bit_flag;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:bit_flag;help:bit_flag
+
+# omron_fins_general.log
+# https://github.com/cisagov/icsnpp-omron-fins
+zeek.omron_fins_general.omron_fins_link_id=db:zeek.omron_fins_general.omron_fins_link_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:omron_fins_link_id;help:omron_fins_link_id
+zeek.omron_fins_general.tcp_header=db:zeek.omron_fins_general.tcp_header;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_header;help:tcp_header
+zeek.omron_fins_general.tcp_length=db:zeek.omron_fins_general.tcp_length;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:tcp_length;help:tcp_length
+zeek.omron_fins_general.tcp_command=db:zeek.omron_fins_general.tcp_command;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_command;help:tcp_command
+zeek.omron_fins_general.tcp_error_code=db:zeek.omron_fins_general.tcp_error_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_error_code;help:tcp_error_code
+zeek.omron_fins_general.client_node_address=db:zeek.omron_fins_general.client_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:client_node_address;help:client_node_address
+zeek.omron_fins_general.server_node_address=db:zeek.omron_fins_general.server_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:server_node_address;help:server_node_address
+zeek.omron_fins_general.icf_gateway=db:zeek.omron_fins_general.icf_gateway;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_gateway;help:icf_gateway
+zeek.omron_fins_general.icf_data_type=db:zeek.omron_fins_general.icf_data_type;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_general.icf_response_setting=db:zeek.omron_fins_general.icf_response_setting;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_response_setting;help:icf_response_setting
+zeek.omron_fins_general.gateway_count=db:zeek.omron_fins_general.gateway_count;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:gateway_count;help:gateway_count
+zeek.omron_fins_general.destination_network_address=db:zeek.omron_fins_general.destination_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_network_address;help:destination_network_address
+zeek.omron_fins_general.destination_node_number=db:zeek.omron_fins_general.destination_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_node_number;help:destination_node_number
+zeek.omron_fins_general.destination_unit_address=db:zeek.omron_fins_general.destination_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_unit_address;help:destination_unit_address
+zeek.omron_fins_general.source_network_address=db:zeek.omron_fins_general.source_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_network_address;help:source_network_address
+zeek.omron_fins_general.source_node_number=db:zeek.omron_fins_general.source_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_node_number;help:source_node_number
+zeek.omron_fins_general.source_unit_address=db:zeek.omron_fins_general.source_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_unit_address;help:source_unit_address
+zeek.omron_fins_general.service_id=db:zeek.omron_fins_general.service_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:service_id;help:service_id
+zeek.omron_fins_general.command_code=db:zeek.omron_fins_general.command_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_general.response_code=db:zeek.omron_fins_general.response_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+
+# omron_fins_network_status_read.log
+# https://github.com/cisagov/icsnpp-omron-fins
+zeek.omron_fins_network_status_read.command_code=db:zeek.omron_fins_network_status_read.command_code;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_network_status_read.icf_data_type=db:zeek.omron_fins_network_status_read.icf_data_type;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_network_status_read.response_code=db:zeek.omron_fins_network_status_read.response_code;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_network_status_read.node_number=db:zeek.omron_fins_network_status_read.node_number;group:zeek_network_status_read_log;kind:integer;viewerOnly:true;friendly:node_number;help:node_number
+zeek.omron_fins_network_status_read.in_network=db:zeek.omron_fins_network_status_read.in_network;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:in_network;help:in_network
+zeek.omron_fins_network_status_read.exit_status=db:zeek.omron_fins_network_status_read.exit_status;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:exit_status;help:exit_status
+zeek.omron_fins_network_status_read.polling=db:zeek.omron_fins_network_status_read.polling;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:polling;help:polling
+zeek.omron_fins_network_status_read.communication_cycle_time=db:zeek.omron_fins_network_status_read.communication_cycle_time;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:communication_cycle_time;help:communication_cycle_time
+zeek.omron_fins_network_status_read.current_polling_node_number=db:zeek.omron_fins_network_status_read.current_polling_node_number;group:zeek_network_status_read_log;kind:integer;viewerOnly:true;friendly:current_polling_node_number;help:current_polling_node_number
+zeek.omron_fins_network_status_read.cyclic_operation=db:zeek.omron_fins_network_status_read.cyclic_operation;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:cyclic_operation;help:cyclic_operation
+zeek.omron_fins_network_status_read.cyclic_transmission_status=db:zeek.omron_fins_network_status_read.cyclic_transmission_status;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:cyclic_transmission_status;help:cyclic_transmission_status
+zeek.omron_fins_network_status_read.non_fatal_error=db:zeek.omron_fins_network_status_read.non_fatal_error;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:non_fatal_error;help:non_fatal_error
+zeek.omron_fins_network_status_read.cyclic_error_count=db:zeek.omron_fins_network_status_read.cyclic_error_count;group:zeek_network_status_read_log;kind:integer;viewerOnly:true;friendly:cyclic_error_count;help:cyclic_error_count
+
 # opcua_binary_activate_session.log
 # https://github.com/cisagov/icsnpp-opcua-binary
 zeek.opcua_binary_activate_session.client_algorithm=db:zeek.opcua_binary_activate_session.client_algorithm;group:zeek_opcua;kind:termfield;viewerOnly:true;friendly:client_algorithm;help:client_algorithm
@@ -2067,20 +2314,20 @@ zeek.opcua_binary_variant_metadata.variant_data_array_dim=db:zeek.opcua_binary_v
 
 # opcua_binary_write.log
 # https://github.com/cisagov/icsnpp-opcua-binary
-zeek.opcua_binary_write.node_id_encoding_mask=db:zeek.opcua_binary_write.node_id_encoding_mask;group:zeek_opcua_binary_write;kind:termfield;friendly:node_id_encoding_mask;help:node_id_encoding_mask
-zeek.opcua_binary_write.node_id_namespace_idx=db:zeek.opcua_binary_write.node_id_namespace_idx;group:zeek_opcua_binary_write;kind:integer;friendly:node_id_namespace_idx;help:node_id_namespace_idx
-zeek.opcua_binary_write.node_id_numeric=db:zeek.opcua_binary_write.node_id_numeric;group:zeek_opcua_binary_write;kind:integer;friendly:node_id_numeric;help:node_id_numeric
-zeek.opcua_binary_write.node_id_string=db:zeek.opcua_binary_write.node_id_string;group:zeek_opcua_binary_write;kind:termfield;friendly:node_id_string;help:node_id_string
-zeek.opcua_binary_write.node_id_guid=db:zeek.opcua_binary_write.node_id_guid;group:zeek_opcua_binary_write;kind:termfield;friendly:node_id_guid;help:node_id_guid
-zeek.opcua_binary_write.node_id_opaque=db:zeek.opcua_binary_write.node_id_opaque;group:zeek_opcua_binary_write;kind:termfield;friendly:node_id_opaque;help:node_id_opaque
-zeek.opcua_binary_write.attribute_id=db:zeek.opcua_binary_write.attribute_id;group:zeek_opcua_binary_write;kind:integer;friendly:attribute_id;help:attribute_id
-zeek.opcua_binary_write.attribute_id_str=db:zeek.opcua_binary_write.attribute_id_str;group:zeek_opcua_binary_write;kind:termfield;friendly:attribute_id_str;help:attribute_id_str
-zeek.opcua_binary_write.index_range=db:zeek.opcua_binary_write.index_range;group:zeek_opcua_binary_write;kind:termfield;friendly:index_range;help:index_range
-zeek.opcua_binary_write.data_value_encoding_mask=db:zeek.opcua_binary_write.data_value_encoding_mask;group:zeek_opcua_binary_write;kind:termfield;friendly:data_value_encoding_mask;help:data_value_encoding_mask
-zeek.opcua_binary_write.source_timestamp=db:zeek.opcua_binary_write.source_timestamp;group:zeek_opcua_binary_write;kind:termfield;friendly:source_timestamp;help:source_timestamp
-zeek.opcua_binary_write.source_pico_sec=db:zeek.opcua_binary_write.source_pico_sec;group:zeek_opcua_binary_write;kind:integer;friendly:source_pico_sec;help:source_pico_sec
-zeek.opcua_binary_write.server_timestamp=db:zeek.opcua_binary_write.server_timestamp;group:zeek_opcua_binary_write;kind:termfield;friendly:server_timestamp;help:server_timestamp
-zeek.opcua_binary_write.server_pico_sec=db:zeek.opcua_binary_write.server_pico_sec;group:zeek_opcua_binary_write;kind:integer;friendly:server_pico_sec;help:server_pico_sec
+zeek.opcua_binary_write.node_id_encoding_mask=db:zeek.opcua_binary_write.node_id_encoding_mask;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:node_id_encoding_mask;help:node_id_encoding_mask
+zeek.opcua_binary_write.node_id_namespace_idx=db:zeek.opcua_binary_write.node_id_namespace_idx;group:zeek_opcua_binary_write;kind:integer;viewerOnly:true;friendly:node_id_namespace_idx;help:node_id_namespace_idx
+zeek.opcua_binary_write.node_id_numeric=db:zeek.opcua_binary_write.node_id_numeric;group:zeek_opcua_binary_write;kind:integer;viewerOnly:true;friendly:node_id_numeric;help:node_id_numeric
+zeek.opcua_binary_write.node_id_string=db:zeek.opcua_binary_write.node_id_string;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:node_id_string;help:node_id_string
+zeek.opcua_binary_write.node_id_guid=db:zeek.opcua_binary_write.node_id_guid;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:node_id_guid;help:node_id_guid
+zeek.opcua_binary_write.node_id_opaque=db:zeek.opcua_binary_write.node_id_opaque;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:node_id_opaque;help:node_id_opaque
+zeek.opcua_binary_write.attribute_id=db:zeek.opcua_binary_write.attribute_id;group:zeek_opcua_binary_write;kind:integer;viewerOnly:true;friendly:attribute_id;help:attribute_id
+zeek.opcua_binary_write.attribute_id_str=db:zeek.opcua_binary_write.attribute_id_str;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:attribute_id_str;help:attribute_id_str
+zeek.opcua_binary_write.index_range=db:zeek.opcua_binary_write.index_range;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:index_range;help:index_range
+zeek.opcua_binary_write.data_value_encoding_mask=db:zeek.opcua_binary_write.data_value_encoding_mask;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:data_value_encoding_mask;help:data_value_encoding_mask
+zeek.opcua_binary_write.source_timestamp=db:zeek.opcua_binary_write.source_timestamp;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:source_timestamp;help:source_timestamp
+zeek.opcua_binary_write.source_pico_sec=db:zeek.opcua_binary_write.source_pico_sec;group:zeek_opcua_binary_write;kind:integer;viewerOnly:true;friendly:source_pico_sec;help:source_pico_sec
+zeek.opcua_binary_write.server_timestamp=db:zeek.opcua_binary_write.server_timestamp;group:zeek_opcua_binary_write;kind:termfield;viewerOnly:true;friendly:server_timestamp;help:server_timestamp
+zeek.opcua_binary_write.server_pico_sec=db:zeek.opcua_binary_write.server_pico_sec;group:zeek_opcua_binary_write;kind:integer;viewerOnly:true;friendly:server_pico_sec;help:server_pico_sec
 
 # ocsp.log
 # https://docs.zeek.org/en/stable/scripts/policy/files/x509/log-ocsp.zeek.html#type-OCSP::Info
@@ -2143,13 +2390,13 @@ zeek.pe.section_names=db:zeek.pe.section_names;group:zeek_pe;kind:termfield;view
 
 # postgresql.log
 # https://docs.zeek.org/en/master/scripts/base/protocols/postgresql/main.zeek.html
-zeek.postgresql.database=db:zeek.postgresql.database;group:zeek_postgresql;kind:termfield;friendly:Database;help:Database
-zeek.postgresql.application_name=db:zeek.postgresql.application_name;group:zeek_postgresql;kind:termfield;friendly:Application;help:Application
-zeek.postgresql.frontend=db:zeek.postgresql.frontend;group:zeek_postgresql;kind:termfield;friendly:Frontend;help:Frontend
-zeek.postgresql.frontend_arg=db:zeek.postgresql.frontend_arg;group:zeek_postgresql;kind:termfield;friendly:Frontend Argument;help:Frontend Argument
-zeek.postgresql.backend=db:zeek.postgresql.backend;group:zeek_postgresql;kind:termfield;friendly:Backend;help:Backend
-zeek.postgresql.backend_arg=db:zeek.postgresql.backend_arg;group:zeek_postgresql;kind:termfield;friendly:Backend Argument;help:Backend Argument
-zeek.postgresql.rows=db:zeek.postgresql.rows;group:zeek_postgresql;kind:integer;friendly:Rows Affected;help:Rows Affected
+zeek.postgresql.database=db:zeek.postgresql.database;group:zeek_postgresql;kind:termfield;viewerOnly:true;friendly:Database;help:Database
+zeek.postgresql.application_name=db:zeek.postgresql.application_name;group:zeek_postgresql;kind:termfield;viewerOnly:true;friendly:Application;help:Application
+zeek.postgresql.frontend=db:zeek.postgresql.frontend;group:zeek_postgresql;kind:termfield;viewerOnly:true;friendly:Frontend;help:Frontend
+zeek.postgresql.frontend_arg=db:zeek.postgresql.frontend_arg;group:zeek_postgresql;kind:termfield;viewerOnly:true;friendly:Frontend Argument;help:Frontend Argument
+zeek.postgresql.backend=db:zeek.postgresql.backend;group:zeek_postgresql;kind:termfield;viewerOnly:true;friendly:Backend;help:Backend
+zeek.postgresql.backend_arg=db:zeek.postgresql.backend_arg;group:zeek_postgresql;kind:termfield;viewerOnly:true;friendly:Backend Argument;help:Backend Argument
+zeek.postgresql.rows=db:zeek.postgresql.rows;group:zeek_postgresql;kind:integer;viewerOnly:true;friendly:Rows Affected;help:Rows Affected
 
 # profinet.log
 # https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek
@@ -2171,41 +2418,41 @@ zeek.profinet_dce_rpc.operation=db:zeek.profinet_dce_rpc.operation;group:zeek_pr
 
 # profinet_io_cm.log
 # https://github.com/cisagov/icsnpp-profinet-io-cm
-zeek.profinet_io_cm.rpc_version=db:zeek.profinet_io_cm.rpc_version;group:zeek_profinet_io_cm;kind:integer;friendly:RPC version;help:RPC version
-zeek.profinet_io_cm.packet_type=db:zeek.profinet_io_cm.packet_type;group:zeek_profinet_io_cm;kind:termfield;friendly:Packet type;help:Packet type
-zeek.profinet_io_cm.reserved_for_impl_1=db:zeek.profinet_io_cm.reserved_for_impl_1;group:zeek_profinet_io_cm;kind:termfield;friendly:Implementation flag 0;help:Implementation flag 0
-zeek.profinet_io_cm.last_fragment=db:zeek.profinet_io_cm.last_fragment;group:zeek_profinet_io_cm;kind:termfield;friendly:Last fragment flag;help:Last fragment flag
-zeek.profinet_io_cm.fragment=db:zeek.profinet_io_cm.fragment;group:zeek_profinet_io_cm;kind:termfield;friendly:Fragment flag;help:Fragment flag
-zeek.profinet_io_cm.no_fragment_requested=db:zeek.profinet_io_cm.no_fragment_requested;group:zeek_profinet_io_cm;kind:termfield;friendly:No fragment ACK req flag;help:No fragment ACK req flag
-zeek.profinet_io_cm.maybe=db:zeek.profinet_io_cm.maybe;group:zeek_profinet_io_cm;kind:termfield;friendly:Maybe flag;help:Maybe flag
-zeek.profinet_io_cm.idempotent=db:zeek.profinet_io_cm.idempotent;group:zeek_profinet_io_cm;kind:termfield;friendly:Idempotent flag;help:Idempotent flag
-zeek.profinet_io_cm.broadcast=db:zeek.profinet_io_cm.broadcast;group:zeek_profinet_io_cm;kind:termfield;friendly:Broadcast flag;help:Broadcast flag
-zeek.profinet_io_cm.reserved_for_impl_2=db:zeek.profinet_io_cm.reserved_for_impl_2;group:zeek_profinet_io_cm;kind:termfield;friendly:Implementation flag 7;help:Implementation flag 7
-zeek.profinet_io_cm.cancel_was_pending_at_call_end=db:zeek.profinet_io_cm.cancel_was_pending_at_call_end;group:zeek_profinet_io_cm;kind:termfield;friendly:Cancel pending;help:Cancel pending
-zeek.profinet_io_cm.integer_encoding=db:zeek.profinet_io_cm.integer_encoding;group:zeek_profinet_io_cm;kind:termfield;friendly:Integer encoding;help:Integer encoding
-zeek.profinet_io_cm.character_encoding=db:zeek.profinet_io_cm.character_encoding;group:zeek_profinet_io_cm;kind:termfield;friendly:Character encoding;help:Character encoding
-zeek.profinet_io_cm.floating_point_encoding=db:zeek.profinet_io_cm.floating_point_encoding;group:zeek_profinet_io_cm;kind:termfield;friendly:Floating point encoding;help:Floating point encoding
-zeek.profinet_io_cm.serial_high=db:zeek.profinet_io_cm.serial_high;group:zeek_profinet_io_cm;kind:integer;friendly:Fragment number high octet;help:Fragment number high octet
-zeek.profinet_io_cm.object_uuid=db:zeek.profinet_io_cm.object_uuid;group:zeek_profinet_io_cm;kind:termfield;friendly:Object UUID;help:Object UUID
-zeek.profinet_io_cm.interface_uuid=db:zeek.profinet_io_cm.interface_uuid;group:zeek_profinet_io_cm;kind:termfield;friendly:Interface UUID;help:Interface UUID
-zeek.profinet_io_cm.activity_uuid=db:zeek.profinet_io_cm.activity_uuid;group:zeek_profinet_io_cm;kind:termfield;friendly:Activity UUID;help:Activity UUID
-zeek.profinet_io_cm.server_boot_time=db:zeek.profinet_io_cm.server_boot_time;group:zeek_profinet_io_cm;kind:integer;friendly:Server boot time;help:Server boot time
-zeek.profinet_io_cm.uuid_version=db:zeek.profinet_io_cm.uuid_version;group:zeek_profinet_io_cm;kind:termfield;friendly:Interface version;help:UUID version
-zeek.profinet_io_cm.sequence_num=db:zeek.profinet_io_cm.sequence_num;group:zeek_profinet_io_cm;kind:integer;friendly:Activity sequence number;help:Activity sequence number
-zeek.profinet_io_cm.operation=db:zeek.profinet_io_cm.operation;group:zeek_profinet_io_cm;kind:termfield;friendly:PNIO operation;help:PNIO operation
-zeek.profinet_io_cm.interface_hint=db:zeek.profinet_io_cm.interface_hint;group:zeek_profinet_io_cm;kind:integer;friendly:Interface hint;help:Interface hint
-zeek.profinet_io_cm.activity_hint=db:zeek.profinet_io_cm.activity_hint;group:zeek_profinet_io_cm;kind:integer;friendly:Activity hint;help:Activity hint
-zeek.profinet_io_cm.len_of_body=db:zeek.profinet_io_cm.len_of_body;group:zeek_profinet_io_cm;kind:integer;friendly:NDRD data length;help:NDRD data length
-zeek.profinet_io_cm.fragment_num=db:zeek.profinet_io_cm.fragment_num;group:zeek_profinet_io_cm;kind:integer;friendly:Fragment number;help:Fragment number
-zeek.profinet_io_cm.auth_protocol=db:zeek.profinet_io_cm.auth_protocol;group:zeek_profinet_io_cm;kind:integer;friendly:Auth protocol;help:Auth protocol
-zeek.profinet_io_cm.serial_low=db:zeek.profinet_io_cm.serial_low;group:zeek_profinet_io_cm;kind:integer;friendly:Fragment number low octet;help:Fragment number low octet
-zeek.profinet_io_cm.vers_fack=db:zeek.profinet_io_cm.vers_fack;group:zeek_profinet_io_cm;kind:termfield;friendly:Version FACK;help:Version FACK
-zeek.profinet_io_cm.window_size=db:zeek.profinet_io_cm.window_size;group:zeek_profinet_io_cm;kind:integer;friendly:Window size;help:Window size
-zeek.profinet_io_cm.max_tsdu=db:zeek.profinet_io_cm.max_tsdu;group:zeek_profinet_io_cm;kind:integer;friendly:Maximum TSDU;help:Maximum TSDU
-zeek.profinet_io_cm.max_frag_size=db:zeek.profinet_io_cm.max_frag_size;group:zeek_profinet_io_cm;kind:integer;friendly:Maximum fragment size;help:Maximum fragment size
-zeek.profinet_io_cm.serial_number=db:zeek.profinet_io_cm.serial_number;group:zeek_profinet_io_cm;kind:integer;friendly:Serial number;help:Serial number
-zeek.profinet_io_cm.sel_ack_len=db:zeek.profinet_io_cm.sel_ack_len;group:zeek_profinet_io_cm;kind:integer;friendly:Selective ACKs length;help:Selective ACKs length
-zeek.profinet_io_cm.sel_ack=db:zeek.profinet_io_cm.sel_ack;group:zeek_profinet_io_cm;kind:termfield;friendly:Selective ACKs;help:Selective ACKs
+zeek.profinet_io_cm.rpc_version=db:zeek.profinet_io_cm.rpc_version;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:RPC version;help:RPC version
+zeek.profinet_io_cm.packet_type=db:zeek.profinet_io_cm.packet_type;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Packet type;help:Packet type
+zeek.profinet_io_cm.reserved_for_impl_1=db:zeek.profinet_io_cm.reserved_for_impl_1;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Implementation flag 0;help:Implementation flag 0
+zeek.profinet_io_cm.last_fragment=db:zeek.profinet_io_cm.last_fragment;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Last fragment flag;help:Last fragment flag
+zeek.profinet_io_cm.fragment=db:zeek.profinet_io_cm.fragment;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Fragment flag;help:Fragment flag
+zeek.profinet_io_cm.no_fragment_requested=db:zeek.profinet_io_cm.no_fragment_requested;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:No fragment ACK req flag;help:No fragment ACK req flag
+zeek.profinet_io_cm.maybe=db:zeek.profinet_io_cm.maybe;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Maybe flag;help:Maybe flag
+zeek.profinet_io_cm.idempotent=db:zeek.profinet_io_cm.idempotent;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Idempotent flag;help:Idempotent flag
+zeek.profinet_io_cm.broadcast=db:zeek.profinet_io_cm.broadcast;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Broadcast flag;help:Broadcast flag
+zeek.profinet_io_cm.reserved_for_impl_2=db:zeek.profinet_io_cm.reserved_for_impl_2;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Implementation flag 7;help:Implementation flag 7
+zeek.profinet_io_cm.cancel_was_pending_at_call_end=db:zeek.profinet_io_cm.cancel_was_pending_at_call_end;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Cancel pending;help:Cancel pending
+zeek.profinet_io_cm.integer_encoding=db:zeek.profinet_io_cm.integer_encoding;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Integer encoding;help:Integer encoding
+zeek.profinet_io_cm.character_encoding=db:zeek.profinet_io_cm.character_encoding;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Character encoding;help:Character encoding
+zeek.profinet_io_cm.floating_point_encoding=db:zeek.profinet_io_cm.floating_point_encoding;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Floating point encoding;help:Floating point encoding
+zeek.profinet_io_cm.serial_high=db:zeek.profinet_io_cm.serial_high;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Fragment number high octet;help:Fragment number high octet
+zeek.profinet_io_cm.object_uuid=db:zeek.profinet_io_cm.object_uuid;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Object UUID;help:Object UUID
+zeek.profinet_io_cm.interface_uuid=db:zeek.profinet_io_cm.interface_uuid;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Interface UUID;help:Interface UUID
+zeek.profinet_io_cm.activity_uuid=db:zeek.profinet_io_cm.activity_uuid;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Activity UUID;help:Activity UUID
+zeek.profinet_io_cm.server_boot_time=db:zeek.profinet_io_cm.server_boot_time;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Server boot time;help:Server boot time
+zeek.profinet_io_cm.uuid_version=db:zeek.profinet_io_cm.uuid_version;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Interface version;help:UUID version
+zeek.profinet_io_cm.sequence_num=db:zeek.profinet_io_cm.sequence_num;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Activity sequence number;help:Activity sequence number
+zeek.profinet_io_cm.operation=db:zeek.profinet_io_cm.operation;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:PNIO operation;help:PNIO operation
+zeek.profinet_io_cm.interface_hint=db:zeek.profinet_io_cm.interface_hint;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Interface hint;help:Interface hint
+zeek.profinet_io_cm.activity_hint=db:zeek.profinet_io_cm.activity_hint;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Activity hint;help:Activity hint
+zeek.profinet_io_cm.len_of_body=db:zeek.profinet_io_cm.len_of_body;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:NDRD data length;help:NDRD data length
+zeek.profinet_io_cm.fragment_num=db:zeek.profinet_io_cm.fragment_num;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Fragment number;help:Fragment number
+zeek.profinet_io_cm.auth_protocol=db:zeek.profinet_io_cm.auth_protocol;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Auth protocol;help:Auth protocol
+zeek.profinet_io_cm.serial_low=db:zeek.profinet_io_cm.serial_low;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Fragment number low octet;help:Fragment number low octet
+zeek.profinet_io_cm.vers_fack=db:zeek.profinet_io_cm.vers_fack;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Version FACK;help:Version FACK
+zeek.profinet_io_cm.window_size=db:zeek.profinet_io_cm.window_size;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Window size;help:Window size
+zeek.profinet_io_cm.max_tsdu=db:zeek.profinet_io_cm.max_tsdu;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Maximum TSDU;help:Maximum TSDU
+zeek.profinet_io_cm.max_frag_size=db:zeek.profinet_io_cm.max_frag_size;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Maximum fragment size;help:Maximum fragment size
+zeek.profinet_io_cm.serial_number=db:zeek.profinet_io_cm.serial_number;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Serial number;help:Serial number
+zeek.profinet_io_cm.sel_ack_len=db:zeek.profinet_io_cm.sel_ack_len;group:zeek_profinet_io_cm;kind:integer;viewerOnly:true;friendly:Selective ACKs length;help:Selective ACKs length
+zeek.profinet_io_cm.sel_ack=db:zeek.profinet_io_cm.sel_ack;group:zeek_profinet_io_cm;kind:termfield;viewerOnly:true;friendly:Selective ACKs;help:Selective ACKs
 
 # radius.log
 # https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info
@@ -3385,6 +3632,11 @@ o_zeek_notice=require:zeek.notice;title:Zeek notice.log;fields:rule.category,rul
 o_zeek_ntlm=require:zeek.ntlm;title:Zeek ntlm.log;fields:zeek.ntlm.host,zeek.ntlm.domain,zeek.ntlm.success,zeek.ntlm.status,zeek.ntlm.server_nb_computer,zeek.ntlm.server_dns_computer,zeek.ntlm.server_tree
 o_zeek_ntp=require:zeek.ntp;title:Zeek ntp.log;fields:zeek.ntp.version,zeek.ntp.mode,zeek.ntp.mode_str,zeek.ntp.stratum,zeek.ntp.poll,zeek.ntp.precision,zeek.ntp.root_delay,zeek.ntp.root_disp,zeek.ntp.ref_id,zeek.ntp.ref_time,zeek.ntp.org_time,zeek.ntp.rec_time,zeek.ntp.xmt_time,zeek.ntp.num_exts
 o_zeek_ocsp=require:zeek.ocsp;title:Zeek ocsp.log;fields:zeek.ocsp.hashAlgorithm,zeek.ocsp.issuerNameHash,zeek.ocsp.issuerKeyHash,zeek.ocsp.serialNumber,zeek.ocsp.certStatus,zeek.ocsp.revoketime,zeek.ocsp.revokereason,zeek.ocsp.thisUpdate,zeek.ocsp.nextUpdate
+o_zeek_omron_fins_detail_error_log=require:zeek.omron_fins_detail_error;title:Zeek omron_fins_detail_error.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_detail_error.command_code,zeek.omron_fins_detail_error.icf_data_type,zeek.omron_fins_detail_error.response_code,zeek.omron_fins_detail_error.error_reset_fal_no,zeek.omron_fins_detail_error.beginning_record_no,zeek.omron_fins_detail_error.max_no_stored_records,zeek.omron_fins_detail_error.no_of_stored_records,zeek.omron_fins_detail_error.no_of_records,zeek.omron_fins_detail_error.error_code_1,zeek.omron_fins_detail_error.error_code_2,zeek.omron_fins_detail_error.minute,zeek.omron_fins_detail_error.second,zeek.omron_fins_detail_error.day,zeek.omron_fins_detail_error.hour,zeek.omron_fins_detail_error.year,zeek.omron_fins_detail_error.month
+o_zeek_omron_fins_detail_file_log=require:zeek.omron_fins_detail_file;title:Zeek omron_fins_detail_file.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_detail_file.command_code,zeek.omron_fins_detail_file.icf_data_type,zeek.omron_fins_detail_file.response_code,zeek.omron_fins_detail_file.disk_no,zeek.omron_fins_detail_file.beginning_file_position,zeek.omron_fins_detail_file.no_of_files,zeek.omron_fins_detail_file.volume_label,zeek.omron_fins_detail_file.year,zeek.omron_fins_detail_file.month,zeek.omron_fins_detail_file.day,zeek.omron_fins_detail_file.hour,zeek.omron_fins_detail_file.minute,zeek.omron_fins_detail_file.second,zeek.omron_fins_detail_file.total_capacity,zeek.omron_fins_detail_file.unused_capacity,zeek.omron_fins_detail_file.total_no_files,zeek.omron_fins_detail_file.no_files_read,zeek.omron_fins_detail_file.last_file,zeek.omron_fins_detail_file.file_name,zeek.omron_fins_detail_file.file_capacity,zeek.omron_fins_detail_file.file_position,zeek.omron_fins_detail_file.data_length,zeek.omron_fins_detail_file.parameter_code,zeek.omron_fins_detail_file.src_disk_no,zeek.omron_fins_detail_file.src_file_name,zeek.omron_fins_detail_file.dst_disk_no,zeek.omron_fins_detail_file.dst_file_name,zeek.omron_fins_detail_file.old_file_name,zeek.omron_fins_detail_file.new_file_name,zeek.omron_fins_detail_file.parameter_area_code,zeek.omron_fins_detail_file.beginning_address,zeek.omron_fins_detail_file.no_of_words,zeek.omron_fins_detail_file.memory_area_code,zeek.omron_fins_detail_file.no_of_items,zeek.omron_fins_detail_file.program_no,zeek.omron_fins_detail_file.no_of_bytes,zeek.omron_fins_detail_file.beginning_word,zeek.omron_fins_detail_file.beginning_block_no,zeek.omron_fins_detail_file.no_of_blocks,zeek.omron_fins_detail_file.remaining_blocks,zeek.omron_fins_detail_file.total_no_of_blocks,zeek.omron_fins_detail_file.memory_type,zeek.omron_fins_detail_file.data_type,zeek.omron_fins_detail_file.last_block,zeek.omron_fins_detail_file.protected,zeek.omron_fins_detail_file.control_data,zeek.omron_fins_detail_file.block_no,zeek.omron_fins_detail_file.memory_data
+o_zeek_omron_fins_detail_log=require:zeek.omron_fins_detail;title:Zeek omron_fins_detail.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_detail.command_code,zeek.omron_fins_detail.icf_data_type,zeek.omron_fins_detail.memory_area_code,zeek.omron_fins_detail.beginning_address,zeek.omron_fins_detail.number_of_items,zeek.omron_fins_detail.parameter_area_code,zeek.omron_fins_detail.beginning_word,zeek.omron_fins_detail.number_of_words,zeek.omron_fins_detail.last_word_bit,zeek.omron_fins_detail.response_code,zeek.omron_fins_detail.data,zeek.omron_fins_detail.year,zeek.omron_fins_detail.month,zeek.omron_fins_detail.date,zeek.omron_fins_detail.hour,zeek.omron_fins_detail.minute,zeek.omron_fins_detail.second,zeek.omron_fins_detail.day,zeek.omron_fins_detail.clock_time,zeek.omron_fins_detail.intelligent_id_no,zeek.omron_fins_detail.first_word,zeek.omron_fins_detail.read_length,zeek.omron_fins_detail.data_length,zeek.omron_fins_detail.num_of_link_nodes,zeek.omron_fins_detail.block_record_data_link_status,zeek.omron_fins_detail.block_record_num_of_link_nodes,zeek.omron_fins_detail.block_record_node_num,zeek.omron_fins_detail.block_record_cio_area_first_word,zeek.omron_fins_detail.block_record_kind_of_dm,zeek.omron_fins_detail.block_record_dm_area_first_word,zeek.omron_fins_detail.block_record_num_of_total_words,zeek.omron_fins_detail.program_no,zeek.omron_fins_detail.protect_code,zeek.omron_fins_detail.last_word,zeek.omron_fins_detail.clear_code,zeek.omron_fins_detail.number_of_bytes,zeek.omron_fins_detail.run_mode,zeek.omron_fins_detail.controller_data_to_read,zeek.omron_fins_detail.controller_model,zeek.omron_fins_detail.controller_version,zeek.omron_fins_detail.for_system_use,zeek.omron_fins_detail.program_area_size,zeek.omron_fins_detail.iom_size,zeek.omron_fins_detail.no_of_dm_words,zeek.omron_fins_detail.timer_size,zeek.omron_fins_detail.expansion_dm_size,zeek.omron_fins_detail.no_of_steps_transitions,zeek.omron_fins_detail.kind_of_memory_card,zeek.omron_fins_detail.memory_card_size,zeek.omron_fins_detail.cpu_bus_unit_config,zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted,zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted,zeek.omron_fins_detail.peripheral_device_connected,zeek.omron_fins_detail.built_in_host_interface,zeek.omron_fins_detail.no_of_racks_connected,zeek.omron_fins_detail.no_of_units,zeek.omron_fins_detail.unit_address,zeek.omron_fins_detail.model_number,zeek.omron_fins_detail.controller_status_data_read_status,zeek.omron_fins_detail.controller_status_data_read_mode,zeek.omron_fins_detail.fatal_error,zeek.omron_fins_detail.non_fatal_error,zeek.omron_fins_detail.message_yes_no,zeek.omron_fins_detail.fal_fals_no,zeek.omron_fins_detail.error_message,zeek.omron_fins_detail.cycle_time_read_parameter,zeek.omron_fins_detail.average_cycle_time,zeek.omron_fins_detail.max_cycle_time,zeek.omron_fins_detail.min_cycle_time,zeek.omron_fins_detail.test_data,zeek.omron_fins_detail.number_of_receptions,zeek.omron_fins_detail.command,zeek.omron_fins_detail.message_no_0,zeek.omron_fins_detail.message_no_1,zeek.omron_fins_detail.message_no_2,zeek.omron_fins_detail.message_no_3,zeek.omron_fins_detail.message_no_4,zeek.omron_fins_detail.message_no_5,zeek.omron_fins_detail.message_no_6,zeek.omron_fins_detail.message_no_7,zeek.omron_fins_detail.message_0,zeek.omron_fins_detail.message_1,zeek.omron_fins_detail.message_2,zeek.omron_fins_detail.message_3,zeek.omron_fins_detail.message_4,zeek.omron_fins_detail.message_5,zeek.omron_fins_detail.message_6,zeek.omron_fins_detail.message_7,zeek.omron_fins_detail.fal_fals_no_0,zeek.omron_fins_detail.fal_fals_no_1,zeek.omron_fins_detail.fal_fals_no_2,zeek.omron_fins_detail.fal_fals_no_3,zeek.omron_fins_detail.fal_fals_no_4,zeek.omron_fins_detail.fal_fals_no_5,zeek.omron_fins_detail.fal_fals_no_6,zeek.omron_fins_detail.fal_fals_no_7,zeek.omron_fins_detail.fal_fals_no_8,zeek.omron_fins_detail.fal_fals_no_9,zeek.omron_fins_detail.fal_fals_no_10,zeek.omron_fins_detail.fal_fals_no_11,zeek.omron_fins_detail.fal_fals_no_12,zeek.omron_fins_detail.fal_fals_no_13,zeek.omron_fins_detail.fal_fals_0,zeek.omron_fins_detail.fal_fals_1,zeek.omron_fins_detail.fal_fals_2,zeek.omron_fins_detail.fal_fals_3,zeek.omron_fins_detail.fal_fals_4,zeek.omron_fins_detail.fal_fals_5,zeek.omron_fins_detail.fal_fals_6,zeek.omron_fins_detail.fal_fals_7,zeek.omron_fins_detail.fal_fals_8,zeek.omron_fins_detail.fal_fals_9,zeek.omron_fins_detail.fal_fals_10,zeek.omron_fins_detail.fal_fals_11,zeek.omron_fins_detail.fal_fals_12,zeek.omron_fins_detail.fal_fals_13,zeek.omron_fins_detail.acquire_network_address,zeek.omron_fins_detail.acquire_node_number,zeek.omron_fins_detail.acquire_unit_address,zeek.omron_fins_detail.no_of_bits,zeek.omron_fins_detail.set_reset_specification,zeek.omron_fins_detail.bit_flag
+o_zeek_omron_fins_general_log=require:zeek.omron_fins_general;title:Zeek omron_fins_general.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_general.tcp_header,zeek.omron_fins_general.tcp_length,zeek.omron_fins_general.tcp_command,zeek.omron_fins_general.tcp_error_code,zeek.omron_fins_general.client_node_address,zeek.omron_fins_general.server_node_address,zeek.omron_fins_general.icf_gateway,zeek.omron_fins_general.icf_data_type,zeek.omron_fins_general.icf_response_setting,zeek.omron_fins_general.gateway_count,zeek.omron_fins_general.destination_network_address,zeek.omron_fins_general.destination_node_number,zeek.omron_fins_general.destination_unit_address,zeek.omron_fins_general.source_network_address,zeek.omron_fins_general.source_node_number,zeek.omron_fins_general.source_unit_address,zeek.omron_fins_general.service_id,zeek.omron_fins_general.command_code,zeek.omron_fins_general.response_code
+o_zeek_omron_fins_network_status_read_log=require:zeek.omron_fins_network_status_read;title:Zeek omron_fins_network_status_read.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_network_status_read.command_code,zeek.omron_fins_network_status_read.icf_data_type,zeek.omron_fins_network_status_read.response_code,zeek.omron_fins_network_status_read.node_number,zeek.omron_fins_network_status_read.in_network,zeek.omron_fins_network_status_read.exit_status,zeek.omron_fins_network_status_read.polling,zeek.omron_fins_network_status_read.communication_cycle_time,zeek.omron_fins_network_status_read.current_polling_node_number,zeek.omron_fins_network_status_read.cyclic_operation,zeek.omron_fins_network_status_read.cyclic_transmission_status,zeek.omron_fins_network_status_read.non_fatal_error,zeek.omron_fins_network_status_read.cyclic_error_count
 o_zeek_opcua=require:zeek.opcua_binary;title:Zeek OPC UA Binary logs;fields:zeek.opcua_binary.filter_source_link_id,zeek.opcua_binary.operand_source_link_id,zeek.opcua_binary.variant_source_link_id,zeek.opcua_binary.encoding_mask,zeek.opcua_binary.endpoint_url,zeek.opcua_binary.error,zeek.opcua_binary.identifier,zeek.opcua_binary.identifier_str,zeek.opcua_binary.is_final,zeek.opcua_binary.max_chunk_cnt,zeek.opcua_binary.max_msg_size,zeek.opcua_binary.msg_size,zeek.opcua_binary.msg_type,zeek.opcua_binary.namespace_idx,zeek.opcua_binary.opcua_link_id,zeek.opcua_binary.rcv_buf_size,zeek.opcua_binary.rcv_cert,zeek.opcua_binary.rcv_cert_len,zeek.opcua_binary.reason,zeek.opcua_binary.req_hdr_add_hdr_enc_mask,zeek.opcua_binary.req_hdr_add_hdr_type_id,zeek.opcua_binary.req_hdr_audit_entry_id,zeek.opcua_binary.req_hdr_node_id_guid,zeek.opcua_binary.req_hdr_node_id_namespace_idx,zeek.opcua_binary.req_hdr_node_id_numeric,zeek.opcua_binary.req_hdr_node_id_opaque,zeek.opcua_binary.req_hdr_node_id_string,zeek.opcua_binary.req_hdr_node_id_type,zeek.opcua_binary.req_hdr_request_handle,zeek.opcua_binary.req_hdr_return_diag,zeek.opcua_binary.req_hdr_timeout_hint,zeek.opcua_binary.req_hdr_timestamp,zeek.opcua_binary.request_id,zeek.opcua_binary.res_hdr_add_hdr_enc_mask,zeek.opcua_binary.res_hdr_add_hdr_type_id,zeek.opcua_binary.res_hdr_request_handle,zeek.opcua_binary.res_hdr_service_diag_encoding,zeek.opcua_binary.res_hdr_timestamp,zeek.opcua_binary.sec_channel_id,zeek.opcua_binary.sec_policy_uri,zeek.opcua_binary.sec_policy_uri_len,zeek.opcua_binary.seq_number,zeek.opcua_binary.snd_buf_size,zeek.opcua_binary.snd_cert,zeek.opcua_binary.snd_cert_len,zeek.opcua_binary.version,zeek.opcua_binary_activate_session.client_algorithm,zeek.opcua_binary_activate_session.client_signature,zeek.opcua_binary_activate_session.ext_obj_certificate_data,zeek.opcua_binary_activate_session.ext_obj_encoding,zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom,zeek.opcua_binary_activate_session.ext_obj_password,zeek.opcua_binary_activate_session.ext_obj_policy_id,zeek.opcua_binary_activate_session.ext_obj_token_data,zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask,zeek.opcua_binary_activate_session.ext_obj_type_id_guid,zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx,zeek.opcua_binary_activate_session.ext_obj_type_id_numeric,zeek.opcua_binary_activate_session.ext_obj_type_id_opaque,zeek.opcua_binary_activate_session.ext_obj_type_id_str,zeek.opcua_binary_activate_session.ext_obj_type_id_string,zeek.opcua_binary_activate_session.ext_obj_user_name,zeek.opcua_binary_activate_session.server_nonce,zeek.opcua_binary_activate_session.user_token_algorithm,zeek.opcua_binary_activate_session.user_token_signature,zeek.opcua_binary_activate_session_client_software_cert.cert_data,zeek.opcua_binary_activate_session_client_software_cert.cert_signature,zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id,zeek.opcua_binary_activate_session_locale_id.local_id,zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id,zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask,zeek.opcua_binary_aggregate_filter.aggregate_type_guid,zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx,zeek.opcua_binary_aggregate_filter.aggregate_type_numeric,zeek.opcua_binary_aggregate_filter.aggregate_type_opaque,zeek.opcua_binary_aggregate_filter.aggregate_type_string,zeek.opcua_binary_aggregate_filter.percent_data_bad,zeek.opcua_binary_aggregate_filter.percent_data_good,zeek.opcua_binary_aggregate_filter.processing_interval,zeek.opcua_binary_aggregate_filter.revised_percent_data_bad,zeek.opcua_binary_aggregate_filter.revised_percent_data_good,zeek.opcua_binary_aggregate_filter.revised_processing_interval,zeek.opcua_binary_aggregate_filter.revised_start_time,zeek.opcua_binary_aggregate_filter.revised_start_time_str,zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation,zeek.opcua_binary_aggregate_filter.start_time,zeek.opcua_binary_aggregate_filter.start_time_str,zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation,zeek.opcua_binary_browse.browse_next_release_continuation_point,zeek.opcua_binary_browse.browse_service_type,zeek.opcua_binary_browse.browse_view_description_timestamp,zeek.opcua_binary_browse.browse_view_description_view_version,zeek.opcua_binary_browse.browse_view_id_encoding_mask,zeek.opcua_binary_browse.browse_view_id_guid,zeek.opcua_binary_browse.browse_view_id_namespace_idx,zeek.opcua_binary_browse.browse_view_id_numeric,zeek.opcua_binary_browse.browse_view_id_opaque,zeek.opcua_binary_browse.browse_view_id_string,zeek.opcua_binary_browse.req_max_ref_nodes,zeek.opcua_binary_browse_description.browse_description_encoding_mask,zeek.opcua_binary_browse_description.browse_description_guid,zeek.opcua_binary_browse_description.browse_description_include_subtypes,zeek.opcua_binary_browse_description.browse_description_link_id,zeek.opcua_binary_browse_description.browse_description_namespace_idx,zeek.opcua_binary_browse_description.browse_description_numeric,zeek.opcua_binary_browse_description.browse_description_opaque,zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask,zeek.opcua_binary_browse_description.browse_description_ref_guid,zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx,zeek.opcua_binary_browse_description.browse_description_ref_numeric,zeek.opcua_binary_browse_description.browse_description_ref_opaque,zeek.opcua_binary_browse_description.browse_description_ref_string,zeek.opcua_binary_browse_description.browse_description_string,zeek.opcua_binary_browse_description.browse_direction,zeek.opcua_binary_browse_description.browse_node_class_mask,zeek.opcua_binary_browse_description.browse_result_mask,zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id,zeek.opcua_binary_browse_request_continuation_point.continuation_point,zeek.opcua_binary_browse_response_references.browse_reference_link_id,zeek.opcua_binary_browse_response_references.browse_response_display_name_locale,zeek.opcua_binary_browse_response_references.browse_response_display_name_mask,zeek.opcua_binary_browse_response_references.browse_response_display_name_text,zeek.opcua_binary_browse_response_references.browse_response_is_forward,zeek.opcua_binary_browse_response_references.browse_response_node_class,zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_name,zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_string,zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_string,zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_type_def_guid,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric,zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque,zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_string,zeek.opcua_binary_browse_result.browse_response_link_id,zeek.opcua_binary_browse_result.browse_result_continuation_point,zeek.opcua_binary_close_session.del_subscriptions,zeek.opcua_binary_create_monitored_items.subscription_id,zeek.opcua_binary_create_monitored_items.timestamps_to_return,zeek.opcua_binary_create_monitored_items.timestamps_to_return_str,zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id,zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval,zeek.opcua_binary_create_session.algorithm,zeek.opcua_binary_create_session.application_type,zeek.opcua_binary_create_session.application_uri,zeek.opcua_binary_create_session.auth_token_encoding_mask,zeek.opcua_binary_create_session.auth_token_guid,zeek.opcua_binary_create_session.auth_token_namespace_idx,zeek.opcua_binary_create_session.auth_token_numeric,zeek.opcua_binary_create_session.auth_token_opaque,zeek.opcua_binary_create_session.auth_token_string,zeek.opcua_binary_create_session.client_cert,zeek.opcua_binary_create_session.client_cert_size,zeek.opcua_binary_create_session.client_nonce,zeek.opcua_binary_create_session.discovery_profile_uri,zeek.opcua_binary_create_session.encoding_mask,zeek.opcua_binary_create_session.endpoint_url,zeek.opcua_binary_create_session.gateway_server_uri,zeek.opcua_binary_create_session.locale,zeek.opcua_binary_create_session.max_req_msg_size,zeek.opcua_binary_create_session.max_res_msg_size,zeek.opcua_binary_create_session.product_uri,zeek.opcua_binary_create_session.req_session_timeout,zeek.opcua_binary_create_session.revised_session_timeout,zeek.opcua_binary_create_session.server_cert,zeek.opcua_binary_create_session.server_cert_size,zeek.opcua_binary_create_session.server_nonce,zeek.opcua_binary_create_session.server_uri,zeek.opcua_binary_create_session.session_id_encoding_mask,zeek.opcua_binary_create_session.session_id_guid,zeek.opcua_binary_create_session.session_id_namespace_idx,zeek.opcua_binary_create_session.session_id_numeric,zeek.opcua_binary_create_session.session_id_opaque,zeek.opcua_binary_create_session.session_id_string,zeek.opcua_binary_create_session.session_name,zeek.opcua_binary_create_session.signature,zeek.opcua_binary_create_session.text,zeek.opcua_binary_create_session_discovery.discovery_profile_link_id,zeek.opcua_binary_create_session_discovery.discovery_profile_uri,zeek.opcua_binary_create_session_discovery.discovery_profile_url,zeek.opcua_binary_create_session_endpoints.application_type,zeek.opcua_binary_create_session_endpoints.application_uri,zeek.opcua_binary_create_session_endpoints.cert_size,zeek.opcua_binary_create_session_endpoints.discovery_profile_uri,zeek.opcua_binary_create_session_endpoints.encoding_mask,zeek.opcua_binary_create_session_endpoints.endpoint_link_id,zeek.opcua_binary_create_session_endpoints.endpoint_url,zeek.opcua_binary_create_session_endpoints.gateway_server_uri,zeek.opcua_binary_create_session_endpoints.locale,zeek.opcua_binary_create_session_endpoints.message_security_mode,zeek.opcua_binary_create_session_endpoints.product_uri,zeek.opcua_binary_create_session_endpoints.security_level,zeek.opcua_binary_create_session_endpoints.security_policy_uri,zeek.opcua_binary_create_session_endpoints.server_cert,zeek.opcua_binary_create_session_endpoints.text,zeek.opcua_binary_create_session_endpoints.transport_profile_uri,zeek.opcua_binary_create_session_user_token.user_token_endpoint_url,zeek.opcua_binary_create_session_user_token.user_token_issued_type,zeek.opcua_binary_create_session_user_token.user_token_link_id,zeek.opcua_binary_create_session_user_token.user_token_policy_id,zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri,zeek.opcua_binary_create_session_user_token.user_token_type,zeek.opcua_binary_create_subscription.max_notifications_per_publish,zeek.opcua_binary_create_subscription.priority,zeek.opcua_binary_create_subscription.publishing_enabled,zeek.opcua_binary_create_subscription.requested_lifetime_count,zeek.opcua_binary_create_subscription.requested_max_keep_alive_count,zeek.opcua_binary_create_subscription.requested_publishing_interval,zeek.opcua_binary_create_subscription.revised_lifetime_count,zeek.opcua_binary_create_subscription.revised_max_keep_alive_count,zeek.opcua_binary_create_subscription.revised_publishing_interval,zeek.opcua_binary_create_subscription.subscription_id,zeek.opcua_binary_data_change_filter.deadband_type,zeek.opcua_binary_data_change_filter.deadband_value,zeek.opcua_binary_data_change_filter.trigger,zeek.opcua_binary_diag_info_detail.addl_info,zeek.opcua_binary_diag_info_detail.diag_info_link_id,zeek.opcua_binary_diag_info_detail.has_addl_info,zeek.opcua_binary_diag_info_detail.has_inner_diag_info,zeek.opcua_binary_diag_info_detail.has_inner_stat_code,zeek.opcua_binary_diag_info_detail.has_locale,zeek.opcua_binary_diag_info_detail.has_locale_txt,zeek.opcua_binary_diag_info_detail.has_namespace_uri,zeek.opcua_binary_diag_info_detail.has_symbolic_id,zeek.opcua_binary_diag_info_detail.inner_diag_level,zeek.opcua_binary_diag_info_detail.inner_stat_code,zeek.opcua_binary_diag_info_detail.locale,zeek.opcua_binary_diag_info_detail.locale_str,zeek.opcua_binary_diag_info_detail.locale_txt,zeek.opcua_binary_diag_info_detail.locale_txt_str,zeek.opcua_binary_diag_info_detail.namespace_uri,zeek.opcua_binary_diag_info_detail.namespace_uri_str,zeek.opcua_binary_diag_info_detail.root_object_id,zeek.opcua_binary_diag_info_detail.source,zeek.opcua_binary_diag_info_detail.source_str,zeek.opcua_binary_diag_info_detail.symbolic_id,zeek.opcua_binary_diag_info_detail.symbolic_id_str,zeek.opcua_binary_event_filter_attribute_operand.alias,zeek.opcua_binary_event_filter_attribute_operand.attribute,zeek.opcua_binary_event_filter_attribute_operand.index_range,zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand.node_id_guid,zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric,zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque,zeek.opcua_binary_event_filter_attribute_operand.node_id_string,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string,zeek.opcua_binary_event_filter_element_operand.element_index,zeek.opcua_binary_event_filter_select_clause.attribute_id,zeek.opcua_binary_event_filter_select_clause.index_range,zeek.opcua_binary_event_filter_select_clause.select_clause_link_id,zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask,zeek.opcua_binary_event_filter_select_clause.type_id_guid,zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx,zeek.opcua_binary_event_filter_select_clause.type_id_numeric,zeek.opcua_binary_event_filter_select_clause.type_id_opaque,zeek.opcua_binary_event_filter_select_clause.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id,zeek.opcua_binary_event_filter_simple_attribute_operand.index_range,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id,zeek.opcua_binary_event_filter_where_clause.where_clause_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string,zeek.opcua_binary_event_filter_where_clause_elements.filter_operator,zeek.opcua_binary_get_endpoints.endpoint_url,zeek.opcua_binary_get_endpoints_description.application_type,zeek.opcua_binary_get_endpoints_description.application_uri,zeek.opcua_binary_get_endpoints_description.cert_size,zeek.opcua_binary_get_endpoints_description.discovery_profile_uri,zeek.opcua_binary_get_endpoints_description.encoding_mask,zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id,zeek.opcua_binary_get_endpoints_description.endpoint_uri,zeek.opcua_binary_get_endpoints_description.gateway_server_uri,zeek.opcua_binary_get_endpoints_description.locale,zeek.opcua_binary_get_endpoints_description.message_security_mode,zeek.opcua_binary_get_endpoints_description.product_uri,zeek.opcua_binary_get_endpoints_description.security_level,zeek.opcua_binary_get_endpoints_description.security_policy_uri,zeek.opcua_binary_get_endpoints_description.server_cert,zeek.opcua_binary_get_endpoints_description.text,zeek.opcua_binary_get_endpoints_description.transport_profile_uri,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url,zeek.opcua_binary_get_endpoints_locale_id.locale_id,zeek.opcua_binary_get_endpoints_locale_id.locale_link_id,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url,zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type,zeek.opcua_binary_get_endpoints_user_token.user_token_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id,zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri,zeek.opcua_binary_get_endpoints_user_token.user_token_type,zeek.opcua_binary_opensecure_channel.client_nonce,zeek.opcua_binary_opensecure_channel.client_proto_ver,zeek.opcua_binary_opensecure_channel.message_security_mode,zeek.opcua_binary_opensecure_channel.req_lifetime,zeek.opcua_binary_opensecure_channel.sec_token_created_at,zeek.opcua_binary_opensecure_channel.sec_token_id,zeek.opcua_binary_opensecure_channel.sec_token_request_type,zeek.opcua_binary_opensecure_channel.sec_token_revised_time,zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id,zeek.opcua_binary_opensecure_channel.server_nonce,zeek.opcua_binary_opensecure_channel.server_proto_ver,zeek.opcua_binary_read.max_age,zeek.opcua_binary_read.timestamps_to_return,zeek.opcua_binary_read.timestamps_to_return_str,zeek.opcua_binary_read_nodes_to_read.attribute_id,zeek.opcua_binary_read_nodes_to_read.attribute_id_str,zeek.opcua_binary_read_nodes_to_read.data_encoding_name,zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx,zeek.opcua_binary_read_nodes_to_read.index_range,zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask,zeek.opcua_binary_read_nodes_to_read.node_id_guid,zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx,zeek.opcua_binary_read_nodes_to_read.node_id_numeric,zeek.opcua_binary_read_nodes_to_read.node_id_opaque,zeek.opcua_binary_read_nodes_to_read.node_id_string,zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id,zeek.opcua_binary_read_results.data_value_encoding_mask,zeek.opcua_binary_read_results.level,zeek.opcua_binary_read_results.results_link_id,zeek.opcua_binary_read_results.server_pico_sec,zeek.opcua_binary_read_results.server_timestamp,zeek.opcua_binary_read_results.source_pico_sec,zeek.opcua_binary_read_results.source_timestamp,zeek.opcua_binary_status_code_detail.historian_bits,zeek.opcua_binary_status_code_detail.historian_bits_str,zeek.opcua_binary_status_code_detail.historianextradata,zeek.opcua_binary_status_code_detail.historianmultivalue,zeek.opcua_binary_status_code_detail.historianpartial,zeek.opcua_binary_status_code_detail.info_type,zeek.opcua_binary_status_code_detail.info_type_str,zeek.opcua_binary_status_code_detail.limit_bits,zeek.opcua_binary_status_code_detail.limit_bits_str,zeek.opcua_binary_status_code_detail.overflow,zeek.opcua_binary_status_code_detail.semantics_changed,zeek.opcua_binary_status_code_detail.severity,zeek.opcua_binary_status_code_detail.severity_str,zeek.opcua_binary_status_code_detail.source,zeek.opcua_binary_status_code_detail.source_level,zeek.opcua_binary_status_code_detail.source_str,zeek.opcua_binary_status_code_detail.status_code,zeek.opcua_binary_status_code_detail.status_code_link_id,zeek.opcua_binary_status_code_detail.structure_changed,zeek.opcua_binary_status_code_detail.sub_code,zeek.opcua_binary_status_code_detail.sub_code_str,zeek.opcua_binary_variant_array_dims.array_dim_link_id,zeek.opcua_binary_variant_array_dims.dimension,zeek.opcua_binary_variant_data.variant_data_encoding_name,zeek.opcua_binary_variant_data.variant_data_encoding_name_idx,zeek.opcua_binary_variant_data.variant_data_link_id,zeek.opcua_binary_variant_data.variant_data_locale,zeek.opcua_binary_variant_data.variant_data_mask,zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask,zeek.opcua_binary_variant_data.variant_data_node_id_guid,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri,zeek.opcua_binary_variant_data.variant_data_node_id_numeric,zeek.opcua_binary_variant_data.variant_data_node_id_opaque,zeek.opcua_binary_variant_data.variant_data_node_id_server_idx,zeek.opcua_binary_variant_data.variant_data_node_id_string,zeek.opcua_binary_variant_data.variant_data_text,zeek.opcua_binary_variant_data.variant_data_value_decimal,zeek.opcua_binary_variant_data.variant_data_value_signed_numeric,zeek.opcua_binary_variant_data.variant_data_value_string,zeek.opcua_binary_variant_data.variant_data_value_time,zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric,zeek.opcua_binary_variant_data_value.data_value_encoding_mask,zeek.opcua_binary_variant_data_value.server_pico_sec,zeek.opcua_binary_variant_data_value.server_timestamp,zeek.opcua_binary_variant_data_value.source_pico_sec,zeek.opcua_binary_variant_data_value.source_timestamp,zeek.opcua_binary_variant_data_value.variant_data_value_source_link,zeek.opcua_binary_variant_extension_object.ext_obj_encoding,zeek.opcua_binary_variant_extension_object.ext_obj_link_id,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string,zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str,zeek.opcua_binary_variant_metadata.built_in_data_type,zeek.opcua_binary_variant_metadata.built_in_data_type_str,zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask,zeek.opcua_binary_variant_metadata.data_variant_data_type,zeek.opcua_binary_variant_metadata.data_variant_data_type_str,zeek.opcua_binary_variant_metadata.variant_data_array_dim,zeek.opcua_binary_variant_metadata.variant_data_source,zeek.opcua_binary_variant_metadata.variant_data_source_str,zeek_opcua_binary_write=require:zeek.opcua_binary_write;title:Zeek opcua_binary_write.log;fields:zeek.opcua_binary_write.source_h,zeek.opcua_binary_write.source_p,zeek.opcua_binary_write.destination_h,zeek.opcua_binary_write.destination_p,zeek.opcua_binary_write.node_id_encoding_mask,zeek.opcua_binary_write.node_id_namespace_idx,zeek.opcua_binary_write.node_id_numeric,zeek.opcua_binary_write.node_id_string,zeek.opcua_binary_write.node_id_guid,zeek.opcua_binary_write.node_id_opaque,zeek.opcua_binary_write.attribute_id,zeek.opcua_binary_write.attribute_id_str,zeek.opcua_binary_write.index_range,zeek.opcua_binary_write.data_value_encoding_mask,zeek.opcua_binary_write.source_timestamp,zeek.opcua_binary_write.source_pico_sec,zeek.opcua_binary_write.server_timestamp,zeek.opcua_binary_write.server_pico_sec
 o_zeek_ospf=require:zeek.ospf;title:Zeek ospf.log;fields:zeek.ospf.ospf_type,zeek.ospf.version,zeek.ospf.router_id,zeek.ospf.area_id,zeek.ospf.interface_id,zeek.ospf.netmask,zeek.ospf.desig_router,zeek.ospf.backup_router,zeek.ospf.neighbors,zeek.ospf.lsa_type,zeek.ospf.link_state_id,zeek.ospf.advert_router,zeek.ospf.routers,zeek.ospf.link_id,zeek.ospf.link_data,zeek.ospf.link_type,zeek.ospf.neighbor_router_id,zeek.ospf.metrics,zeek.ospf.fwd_addrs,zeek.ospf.route_tags,zeek.ospf.neighbor_interface_id,zeek.ospf.prefix,zeek.ospf.metric,zeek.ospf.dest_router_id,zeek.ospf.link_prefixes,zeek.ospf.intra_prefixes
 o_zeek_pe=require:zeek.pe;title:Zeek pe.log;fields:zeek.pe.machine,zeek.pe.compile_ts,zeek.pe.os,zeek.pe.subsystem,zeek.pe.is_exe,zeek.pe.is_64bit,zeek.pe.uses_aslr,zeek.pe.uses_dep,zeek.pe.uses_code_integrity,zeek.pe.uses_seh,zeek.pe.has_import_table,zeek.pe.has_export_table,zeek.pe.has_cert_table,zeek.pe.has_debug_data,zeek.pe.section_names
diff --git a/dashboards/templates/composable/component/zeek_ot.json b/dashboards/templates/composable/component/zeek_ot.json
index 51a6bfea7..4b8335e0a 100644
--- a/dashboards/templates/composable/component/zeek_ot.json
+++ b/dashboards/templates/composable/component/zeek_ot.json
@@ -856,6 +856,235 @@
         "zeek.modbus_read_write_multiple_registers.read_start_address": { "type": "integer" },
         "zeek.modbus_read_write_multiple_registers.write_registers": { "type": "keyword" },
         "zeek.modbus_read_write_multiple_registers.write_start_address": { "type": "integer" },
+        "zeek.omron_fins_data_link_status_read.command_code": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.response_code": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.node_number": { "type": "long" },
+        "zeek.omron_fins_data_link_status_read.data_links": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.node_setting": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.master_node_number": { "type": "long" },
+        "zeek.omron_fins_data_link_status_read.error_status": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.mode_status": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.warning_status": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.command_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.response_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.error_reset_fal_no": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.beginning_record_no": { "type": "long" },
+        "zeek.omron_fins_detail_error.max_no_stored_records": { "type": "long" },
+        "zeek.omron_fins_detail_error.no_of_stored_records": { "type": "long" },
+        "zeek.omron_fins_detail_error.no_of_records": { "type": "long" },
+        "zeek.omron_fins_detail_error.error_code_1": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.error_code_2": { "type": "keyword" },
+        "zeek.omron_fins_detail_error.minute": { "type": "long" },
+        "zeek.omron_fins_detail_error.second": { "type": "long" },
+        "zeek.omron_fins_detail_error.day": { "type": "long" },
+        "zeek.omron_fins_detail_error.hour": { "type": "long" },
+        "zeek.omron_fins_detail_error.year": { "type": "long" },
+        "zeek.omron_fins_detail_error.month": { "type": "long" },
+        "zeek.omron_fins_detail_file.command_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.response_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.disk_no": { "type": "long" },
+        "zeek.omron_fins_detail_file.beginning_file_position": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.no_of_files": { "type": "long" },
+        "zeek.omron_fins_detail_file.volume_label": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.year": { "type": "long" },
+        "zeek.omron_fins_detail_file.month": { "type": "long" },
+        "zeek.omron_fins_detail_file.day": { "type": "long" },
+        "zeek.omron_fins_detail_file.hour": { "type": "long" },
+        "zeek.omron_fins_detail_file.minute": { "type": "long" },
+        "zeek.omron_fins_detail_file.second": { "type": "long" },
+        "zeek.omron_fins_detail_file.total_capacity": { "type": "long" },
+        "zeek.omron_fins_detail_file.unused_capacity": { "type": "long" },
+        "zeek.omron_fins_detail_file.total_no_files": { "type": "long" },
+        "zeek.omron_fins_detail_file.no_files_read": { "type": "long" },
+        "zeek.omron_fins_detail_file.last_file": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.file_name": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.file_capacity": { "type": "long" },
+        "zeek.omron_fins_detail_file.file_position": { "type": "long" },
+        "zeek.omron_fins_detail_file.data_length": { "type": "long" },
+        "zeek.omron_fins_detail_file.parameter_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.src_disk_no": { "type": "long" },
+        "zeek.omron_fins_detail_file.src_file_name": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.dst_disk_no": { "type": "long" },
+        "zeek.omron_fins_detail_file.dst_file_name": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.old_file_name": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.new_file_name": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.parameter_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.beginning_address": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.no_of_words": { "type": "long" },
+        "zeek.omron_fins_detail_file.memory_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.no_of_items": { "type": "long" },
+        "zeek.omron_fins_detail_file.program_no": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.no_of_bytes": { "type": "long" },
+        "zeek.omron_fins_detail_file.beginning_word": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.beginning_block_no": { "type": "long" },
+        "zeek.omron_fins_detail_file.no_of_blocks": { "type": "long" },
+        "zeek.omron_fins_detail_file.remaining_blocks": { "type": "long" },
+        "zeek.omron_fins_detail_file.total_no_of_blocks": { "type": "long" },
+        "zeek.omron_fins_detail_file.memory_type": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.data_type": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.last_block": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.protected": { "type": "keyword" },
+        "zeek.omron_fins_detail_file.control_data": { "type": "long" },
+        "zeek.omron_fins_detail_file.block_no": { "type": "long" },
+        "zeek.omron_fins_detail_file.memory_data": { "type": "keyword" },
+        "zeek.omron_fins_detail.command_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_detail.memory_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.beginning_address": { "type": "keyword" },
+        "zeek.omron_fins_detail.number_of_items": { "type": "long" },
+        "zeek.omron_fins_detail.parameter_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.beginning_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.number_of_words": { "type": "long" },
+        "zeek.omron_fins_detail.last_word_bit": { "type": "long" },
+        "zeek.omron_fins_detail.response_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.data": { "type": "keyword" },
+        "zeek.omron_fins_detail.year": { "type": "long" },
+        "zeek.omron_fins_detail.month": { "type": "long" },
+        "zeek.omron_fins_detail.date": { "type": "long" },
+        "zeek.omron_fins_detail.hour": { "type": "long" },
+        "zeek.omron_fins_detail.minute": { "type": "long" },
+        "zeek.omron_fins_detail.second": { "type": "long" },
+        "zeek.omron_fins_detail.day": { "type": "keyword" },
+        "zeek.omron_fins_detail.clock_time": { "type": "date" },
+        "zeek.omron_fins_detail.intelligent_id_no": { "type": "keyword" },
+        "zeek.omron_fins_detail.first_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.read_length": { "type": "keyword" },
+        "zeek.omron_fins_detail.data_length": { "type": "keyword" },
+        "zeek.omron_fins_detail.num_of_link_nodes": { "type": "long" },
+        "zeek.omron_fins_detail.block_record_data_link_status": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_num_of_link_nodes": { "type": "long" },
+        "zeek.omron_fins_detail.block_record_node_num": { "type": "long" },
+        "zeek.omron_fins_detail.block_record_cio_area_first_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_kind_of_dm": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_dm_area_first_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_num_of_total_words": { "type": "long" },
+        "zeek.omron_fins_detail.program_no": { "type": "long" },
+        "zeek.omron_fins_detail.protect_code": { "type": "long" },
+        "zeek.omron_fins_detail.last_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.clear_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.number_of_bytes": { "type": "long" },
+        "zeek.omron_fins_detail.run_mode": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_data_to_read": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_model": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_version": { "type": "keyword" },
+        "zeek.omron_fins_detail.for_system_use": { "type": "keyword" },
+        "zeek.omron_fins_detail.program_area_size": { "type": "long" },
+        "zeek.omron_fins_detail.iom_size": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_dm_words": { "type": "long" },
+        "zeek.omron_fins_detail.timer_size": { "type": "long" },
+        "zeek.omron_fins_detail.expansion_dm_size": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_steps_transitions": { "type": "long" },
+        "zeek.omron_fins_detail.kind_of_memory_card": { "type": "keyword" },
+        "zeek.omron_fins_detail.memory_card_size": { "type": "long" },
+        "zeek.omron_fins_detail.cpu_bus_unit_config": { "type": "keyword" },
+        "zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted": { "type": "long" },
+        "zeek.omron_fins_detail.peripheral_device_connected": { "type": "long" },
+        "zeek.omron_fins_detail.built_in_host_interface": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_racks_connected": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_units": { "type": "long" },
+        "zeek.omron_fins_detail.unit_address": { "type": "keyword" },
+        "zeek.omron_fins_detail.model_number": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_status_data_read_status": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_status_data_read_mode": { "type": "keyword" },
+        "zeek.omron_fins_detail.fatal_error": { "type": "keyword" },
+        "zeek.omron_fins_detail.non_fatal_error": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_yes_no": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no": { "type": "long" },
+        "zeek.omron_fins_detail.error_message": { "type": "keyword" },
+        "zeek.omron_fins_detail.cycle_time_read_parameter": { "type": "keyword" },
+        "zeek.omron_fins_detail.average_cycle_time": { "type": "float" },
+        "zeek.omron_fins_detail.max_cycle_time": { "type": "float" },
+        "zeek.omron_fins_detail.min_cycle_time": { "type": "float" },
+        "zeek.omron_fins_detail.test_data": { "type": "keyword" },
+        "zeek.omron_fins_detail.number_of_receptions": { "type": "long" },
+        "zeek.omron_fins_detail.command": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_8": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_9": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_10": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_11": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_12": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_13": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_8": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_9": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_10": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_11": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_12": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_13": { "type": "keyword" },
+        "zeek.omron_fins_detail.acquire_network_address": { "type": "long" },
+        "zeek.omron_fins_detail.acquire_node_number": { "type": "long" },
+        "zeek.omron_fins_detail.acquire_unit_address": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_bits": { "type": "long" },
+        "zeek.omron_fins_detail.set_reset_specification": { "type": "keyword" },
+        "zeek.omron_fins_detail.bit_flag": { "type": "long" },
+        "zeek.omron_fins_general.omron_fins_link_id": { "type": "keyword" },
+        "zeek.omron_fins_general.tcp_header": { "type": "keyword" },
+        "zeek.omron_fins_general.tcp_length": { "type": "long" },
+        "zeek.omron_fins_general.tcp_command": { "type": "keyword" },
+        "zeek.omron_fins_general.tcp_error_code": { "type": "keyword" },
+        "zeek.omron_fins_general.client_node_address": { "type": "long" },
+        "zeek.omron_fins_general.server_node_address": { "type": "long" },
+        "zeek.omron_fins_general.icf_gateway": { "type": "keyword" },
+        "zeek.omron_fins_general.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_general.icf_response_setting": { "type": "keyword" },
+        "zeek.omron_fins_general.gateway_count": { "type": "long" },
+        "zeek.omron_fins_general.destination_network_address": { "type": "keyword" },
+        "zeek.omron_fins_general.destination_node_number": { "type": "keyword" },
+        "zeek.omron_fins_general.destination_unit_address": { "type": "keyword" },
+        "zeek.omron_fins_general.source_network_address": { "type": "keyword" },
+        "zeek.omron_fins_general.source_node_number": { "type": "keyword" },
+        "zeek.omron_fins_general.source_unit_address": { "type": "keyword" },
+        "zeek.omron_fins_general.service_id": { "type": "keyword" },
+        "zeek.omron_fins_general.command_code": { "type": "keyword" },
+        "zeek.omron_fins_general.response_code": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.command_code": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.response_code": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.node_number": { "type": "long" },
+        "zeek.omron_fins_network_status_read.in_network": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.exit_status": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.polling": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.communication_cycle_time": { "type": "float" },
+        "zeek.omron_fins_network_status_read.current_polling_node_number": { "type": "long" },
+        "zeek.omron_fins_network_status_read.cyclic_operation": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.cyclic_transmission_status": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.non_fatal_error": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.cyclic_error_count": { "type": "long" },
         "zeek.opcua_binary.encoding_mask": { "type": "long" },
         "zeek.opcua_binary.endpoint_url": { "type": "keyword" },
         "zeek.opcua_binary.error": { "type": "long" },
diff --git a/docs/protocols.md b/docs/protocols.md
index 105c6cd0f..febc11cef 100644
--- a/docs/protocols.md
+++ b/docs/protocols.md
@@ -30,10 +30,11 @@ Malcolm uses [Zeek](https://docs.zeek.org/en/stable/script-reference/proto-analy
 |NT Lan Manager (NTLM)|[🔗](https://en.wikipedia.org/wiki/NT_LAN_Manager)|[🔗](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4?redirectedfrom=MSDN)||[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/ntlm/main.zeek.html#type-NTLM::Info)|
 |Network Time Protocol (NTP)|[🔗](https://en.wikipedia.org/wiki/Network_Time_Protocol)|[🔗](http://www.ntp.org)||[✓](https://docs.zeek.org/en/latest/scripts/base/protocols/ntp/main.zeek.html#type-NTP::Info)|
 |Oracle|[🔗](https://en.wikipedia.org/wiki/Oracle_Net_Services)|[🔗](https://docs.oracle.com/cd/E11882_01/network.112/e41945/layers.htm#NETAG004)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/oracle.c)||
+|Omron Factory Interface Network Service (FINS)|[🔗](https://en.wikipedia.org/wiki/Factory_Interface_Network_Service)|[🔗](https://www.myomron.com/downloads/1.Manuals/Networks/W227E12_FINS_Commands_Reference_Manual.pdf)[🔗](https://edata.omron.com.au/eData/Networks/ETN/W421-E1-04.pdf)||[✓](https://github.com/cisagov/icsnpp-omron-fins)|
 |Open Platform Communications Unified Architecture (OPC UA) Binary|[🔗](https://en.wikipedia.org/wiki/OPC_Unified_Architecture)|[🔗](https://opcfoundation.org/developer-tools/specifications-unified-architecture)||[✓](https://github.com/cisagov/icsnpp-opcua-binary)|
 |Open Shortest Path First (OSPF)|[🔗](https://en.wikipedia.org/wiki/Open_Shortest_Path_First)|[🔗](https://datatracker.ietf.org/wg/ospf/charter/)[🔗](https://datatracker.ietf.org/doc/html/rfc2328)[🔗](https://datatracker.ietf.org/doc/html/rfc5340)||[✓](https://github.com/corelight/zeek-spicy-ospf)|
 |OpenVPN|[🔗](https://en.wikipedia.org/wiki/OpenVPN)|[🔗](https://openvpn.net/community-resources/openvpn-protocol/)[🔗](https://zeek.org/2021/03/16/a-zeek-openvpn-protocol-analyzer/)||[✓](https://github.com/corelight/zeek-spicy-openvpn)|
-|PostgreSQL|[🔗](https://en.wikipedia.org/wiki/PostgreSQL)|[🔗](https://www.postgresql.org/)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/postgresql.c)|[🔗](https://docs.zeek.org/en/master/scripts/base/protocols/postgresql/main.zeek.html)|
+|PostgreSQL|[🔗](https://en.wikipedia.org/wiki/PostgreSQL)|[🔗](https://www.postgresql.org/)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/postgresql.c)|[✓](https://docs.zeek.org/en/master/scripts/base/protocols/postgresql/main.zeek.html)|
 |Process Field Net (PROFINET)|[🔗](https://en.wikipedia.org/wiki/PROFINET)|[🔗](https://us.profinet.com/technology/profinet/)||[✓](https://github.com/amzn/zeek-plugin-profinet/blob/master/scripts/main.zeek)|
 |PROFINET IO CM (Input/Output Context Manager)|[🔗](https://wiki.wireshark.org/PROFINET/IO)|[🔗](https://us.profinet.com/technology/profinet/)[🔗](https://webstore.iec.ch/publication/83418)||[✓](https://github.com/cisagov/icsnpp-profinet-io-cm/blob/main/analyzer/types.zeek)|
 |Remote Authentication Dial-In User Service (RADIUS)|[🔗](https://en.wikipedia.org/wiki/RADIUS)|[🔗](https://tools.ietf.org/html/rfc2865)|[✓](https://github.com/arkime/arkime/blob/master/capture/parsers/radius.c)|[✓](https://docs.zeek.org/en/stable/scripts/base/protocols/radius/main.zeek.html#type-RADIUS::Info)|
diff --git a/logstash/maps/service_ports.yaml b/logstash/maps/service_ports.yaml
index 7b7a4f522..63faf3ebb 100644
--- a/logstash/maps/service_ports.yaml
+++ b/logstash/maps/service_ports.yaml
@@ -114,6 +114,8 @@ ntlm:
   - 445
 ntp:
   - 123
+omron_fins:
+  - 9600
 openvpn:
   - 443
   - 1193
diff --git a/logstash/maps/zeek_log_ecs_categories.yaml b/logstash/maps/zeek_log_ecs_categories.yaml
index c105406b0..302ab1404 100644
--- a/logstash/maps/zeek_log_ecs_categories.yaml
+++ b/logstash/maps/zeek_log_ecs_categories.yaml
@@ -65,6 +65,8 @@
 "ntlm": ["authentication", "iam", "network"]
 "ntp": ["network"]
 "ocsp": ["file", "network"]
+"omron_fins": ["ot", "network"]
+"opcua-binary": ["ot", "network"]
 "openvpn": ["network"]
 "pe": ["file"]
 "postgresql": ["database", "network"]
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
index fc67d51fa..35d1ee5d9 100644
--- a/logstash/pipelines/enrichment/11_lookups.conf
+++ b/logstash/pipelines/enrichment/11_lookups.conf
@@ -421,6 +421,7 @@ filter {
       ("ge_srtp" in [network][protocol]) or
       ("genisys" in [network][protocol]) or
       ("hart_ip" in [network][protocol]) or
+      ("omron_fins" in [network][protocol]) or
       ("opcua-binary" in [network][protocol]) or
       ("modbus" in [network][protocol]) or
       ("profinet" in [network][protocol]) or
diff --git a/logstash/pipelines/zeek/1171_zeek_omron_fins.conf b/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
new file mode 100644
index 000000000..f819a1627
--- /dev/null
+++ b/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
@@ -0,0 +1,209 @@
+filter {
+
+  if ([log_source] == "omron_fins_data_link_status_read") {
+    #############################################################################################################################
+    # omron_fins_data_link_status_read.log
+    # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_omron_fins_data_link_status_read"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][response_code]}	%{[zeek_cols][node_number]}	%{[zeek_cols][data_links]}	%{[zeek_cols][node_setting]}	%{[zeek_cols][master_node_number]}	%{[zeek_cols][error_status]}	%{[zeek_cols][mode_status]}	%{[zeek_cols][warning_status]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_omron_fins_data_link_status_read"
+          split => { "[message]" => "	" }
+        }
+        ruby {
+          id => "ruby_zip_zeek_omron_fins_data_link_status_read"
+          init => "@zeek_data_link_status_read_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'response_code', 'node_number', 'data_links', 'node_setting', 'master_node_number', 'error_status', 'mode_status', 'warning_status' ]"
+          code => "event.set('[zeek_cols]', @zeek_data_link_status_read_log_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_omron_fins_data_link_status_read"
+      add_field => {
+        "[zeek_cols][service]" => "omron_fins"
+      }
+      add_tag => [ "ics" ]
+    }
+
+  } else if ([log_source] == "omron_fins_detail_error") {
+    #############################################################################################################################
+    # omron_fins_detail_error.log
+    # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_omron_fins_detail_error"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][response_code]}	%{[zeek_cols][error_reset_fal_no]}	%{[zeek_cols][beginning_record_no]}	%{[zeek_cols][max_no_stored_records]}	%{[zeek_cols][no_of_stored_records]}	%{[zeek_cols][no_of_records]}	%{[zeek_cols][error_code_1]}	%{[zeek_cols][error_code_2]}	%{[zeek_cols][minute]}	%{[zeek_cols][second]}	%{[zeek_cols][day]}	%{[zeek_cols][hour]}	%{[zeek_cols][year]}	%{[zeek_cols][month]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_omron_fins_detail_error"
+          split => { "[message]" => "	" }
+        }
+        ruby {
+          id => "ruby_zip_zeek_omron_fins_detail_error"
+          init => "@zeek_detail_error_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'response_code', 'error_reset_fal_no', 'beginning_record_no', 'max_no_stored_records', 'no_of_stored_records', 'no_of_records', 'error_code_1', 'error_code_2', 'minute', 'second', 'day', 'hour', 'year', 'month' ]"
+          code => "event.set('[zeek_cols]', @zeek_detail_error_log_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_omron_fins_detail_error"
+      add_field => {
+        "[zeek_cols][service]" => "omron_fins"
+      }
+      add_tag => [ "ics" ]
+    }
+
+  } else if ([log_source] == "omron_fins_detail_file") {
+    #############################################################################################################################
+    # omron_fins_detail_file.log
+    # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_omron_fins_detail_file"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][response_code]}	%{[zeek_cols][disk_no]}	%{[zeek_cols][beginning_file_position]}	%{[zeek_cols][no_of_files]}	%{[zeek_cols][volume_label]}	%{[zeek_cols][year]}	%{[zeek_cols][month]}	%{[zeek_cols][day]}	%{[zeek_cols][hour]}	%{[zeek_cols][minute]}	%{[zeek_cols][second]}	%{[zeek_cols][total_capacity]}	%{[zeek_cols][unused_capacity]}	%{[zeek_cols][total_no_files]}	%{[zeek_cols][no_files_read]}	%{[zeek_cols][last_file]}	%{[zeek_cols][file_name]}	%{[zeek_cols][file_capacity]}	%{[zeek_cols][file_position]}	%{[zeek_cols][data_length]}	%{[zeek_cols][fuid]}	%{[zeek_cols][parameter_code]}	%{[zeek_cols][src_disk_no]}	%{[zeek_cols][src_file_name]}	%{[zeek_cols][dst_disk_no]}	%{[zeek_cols][dst_file_name]}	%{[zeek_cols][old_file_name]}	%{[zeek_cols][new_file_name]}	%{[zeek_cols][parameter_area_code]}	%{[zeek_cols][beginning_address]}	%{[zeek_cols][no_of_words]}	%{[zeek_cols][memory_area_code]}	%{[zeek_cols][no_of_items]}	%{[zeek_cols][program_no]}	%{[zeek_cols][no_of_bytes]}	%{[zeek_cols][beginning_word]}	%{[zeek_cols][beginning_block_no]}	%{[zeek_cols][no_of_blocks]}	%{[zeek_cols][remaining_blocks]}	%{[zeek_cols][total_no_of_blocks]}	%{[zeek_cols][memory_type]}	%{[zeek_cols][data_type]}	%{[zeek_cols][last_block]}	%{[zeek_cols][protected]}	%{[zeek_cols][control_data]}	%{[zeek_cols][block_no]}	%{[zeek_cols][memory_data]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_omron_fins_detail_file"
+          split => { "[message]" => "	" }
+        }
+        ruby {
+          id => "ruby_zip_zeek_omron_fins_detail_file"
+          init => "@zeek_detail_file_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'response_code', 'disk_no', 'beginning_file_position', 'no_of_files', 'volume_label', 'year', 'month', 'day', 'hour', 'minute', 'second', 'total_capacity', 'unused_capacity', 'total_no_files', 'no_files_read', 'last_file', 'file_name', 'file_capacity', 'file_position', 'data_length', 'fuid', 'parameter_code', 'src_disk_no', 'src_file_name', 'dst_disk_no', 'dst_file_name', 'old_file_name', 'new_file_name', 'parameter_area_code', 'beginning_address', 'no_of_words', 'memory_area_code', 'no_of_items', 'program_no', 'no_of_bytes', 'beginning_word', 'beginning_block_no', 'no_of_blocks', 'remaining_blocks', 'total_no_of_blocks', 'memory_type', 'data_type', 'last_block', 'protected', 'control_data', 'block_no', 'memory_data' ]"
+          code => "event.set('[zeek_cols]', @zeek_detail_file_log_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_omron_fins_detail_file"
+      add_field => {
+        "[zeek_cols][service]" => "omron_fins"
+      }
+      add_tag => [ "ics" ]
+    }
+
+  } else if ([log_source] == "omron_fins_detail") {
+    #############################################################################################################################
+    # omron_fins_detail.log
+    # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_omron_fins_detail"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][memory_area_code]}	%{[zeek_cols][beginning_address]}	%{[zeek_cols][number_of_items]}	%{[zeek_cols][parameter_area_code]}	%{[zeek_cols][beginning_word]}	%{[zeek_cols][number_of_words]}	%{[zeek_cols][last_word_bit]}	%{[zeek_cols][response_code]}	%{[zeek_cols][data]}	%{[zeek_cols][year]}	%{[zeek_cols][month]}	%{[zeek_cols][date]}	%{[zeek_cols][hour]}	%{[zeek_cols][minute]}	%{[zeek_cols][second]}	%{[zeek_cols][day]}	%{[zeek_cols][clock_time]}	%{[zeek_cols][intelligent_id_no]}	%{[zeek_cols][first_word]}	%{[zeek_cols][read_length]}	%{[zeek_cols][data_length]}	%{[zeek_cols][num_of_link_nodes]}	%{[zeek_cols][block_record_data_link_status]}	%{[zeek_cols][block_record_num_of_link_nodes]}	%{[zeek_cols][block_record_node_num]}	%{[zeek_cols][block_record_cio_area_first_word]}	%{[zeek_cols][block_record_kind_of_dm]}	%{[zeek_cols][block_record_dm_area_first_word]}	%{[zeek_cols][block_record_num_of_total_words]}	%{[zeek_cols][program_no]}	%{[zeek_cols][protect_code]}	%{[zeek_cols][password]}	%{[zeek_cols][last_word]}	%{[zeek_cols][clear_code]}	%{[zeek_cols][number_of_bytes]}	%{[zeek_cols][run_mode]}	%{[zeek_cols][controller_data_to_read]}	%{[zeek_cols][controller_model]}	%{[zeek_cols][controller_version]}	%{[zeek_cols][for_system_use]}	%{[zeek_cols][program_area_size]}	%{[zeek_cols][iom_size]}	%{[zeek_cols][no_of_dm_words]}	%{[zeek_cols][timer_size]}	%{[zeek_cols][expansion_dm_size]}	%{[zeek_cols][no_of_steps_transitions]}	%{[zeek_cols][kind_of_memory_card]}	%{[zeek_cols][memory_card_size]}	%{[zeek_cols][cpu_bus_unit_config]}	%{[zeek_cols][no_of_sysmac_bus_master_mounted]}	%{[zeek_cols][no_of_sysmac_bus2_master_mounted]}	%{[zeek_cols][peripheral_device_connected]}	%{[zeek_cols][built_in_host_interface]}	%{[zeek_cols][no_of_racks_connected]}	%{[zeek_cols][no_of_units]}	%{[zeek_cols][unit_address]}	%{[zeek_cols][model_number]}	%{[zeek_cols][controller_status_data_read_status]}	%{[zeek_cols][controller_status_data_read_mode]}	%{[zeek_cols][fatal_error]}	%{[zeek_cols][non_fatal_error]}	%{[zeek_cols][message_yes_no]}	%{[zeek_cols][fal_fals_no]}	%{[zeek_cols][error_message]}	%{[zeek_cols][cycle_time_read_parameter]}	%{[zeek_cols][average_cycle_time]}	%{[zeek_cols][max_cycle_time]}	%{[zeek_cols][min_cycle_time]}	%{[zeek_cols][test_data]}	%{[zeek_cols][number_of_receptions]}	%{[zeek_cols][command]}	%{[zeek_cols][message_no_0]}	%{[zeek_cols][message_no_1]}	%{[zeek_cols][message_no_2]}	%{[zeek_cols][message_no_3]}	%{[zeek_cols][message_no_4]}	%{[zeek_cols][message_no_5]}	%{[zeek_cols][message_no_6]}	%{[zeek_cols][message_no_7]}	%{[zeek_cols][message_0]}	%{[zeek_cols][message_1]}	%{[zeek_cols][message_2]}	%{[zeek_cols][message_3]}	%{[zeek_cols][message_4]}	%{[zeek_cols][message_5]}	%{[zeek_cols][message_6]}	%{[zeek_cols][message_7]}	%{[zeek_cols][fal_fals_no_0]}	%{[zeek_cols][fal_fals_no_1]}	%{[zeek_cols][fal_fals_no_2]}	%{[zeek_cols][fal_fals_no_3]}	%{[zeek_cols][fal_fals_no_4]}	%{[zeek_cols][fal_fals_no_5]}	%{[zeek_cols][fal_fals_no_6]}	%{[zeek_cols][fal_fals_no_7]}	%{[zeek_cols][fal_fals_no_8]}	%{[zeek_cols][fal_fals_no_9]}	%{[zeek_cols][fal_fals_no_10]}	%{[zeek_cols][fal_fals_no_11]}	%{[zeek_cols][fal_fals_no_12]}	%{[zeek_cols][fal_fals_no_13]}	%{[zeek_cols][fal_fals_0]}	%{[zeek_cols][fal_fals_1]}	%{[zeek_cols][fal_fals_2]}	%{[zeek_cols][fal_fals_3]}	%{[zeek_cols][fal_fals_4]}	%{[zeek_cols][fal_fals_5]}	%{[zeek_cols][fal_fals_6]}	%{[zeek_cols][fal_fals_7]}	%{[zeek_cols][fal_fals_8]}	%{[zeek_cols][fal_fals_9]}	%{[zeek_cols][fal_fals_10]}	%{[zeek_cols][fal_fals_11]}	%{[zeek_cols][fal_fals_12]}	%{[zeek_cols][fal_fals_13]}	%{[zeek_cols][acquire_network_address]}	%{[zeek_cols][acquire_node_number]}	%{[zeek_cols][acquire_unit_address]}	%{[zeek_cols][no_of_bits]}	%{[zeek_cols][set_reset_specification]}	%{[zeek_cols][bit_flag]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_omron_fins_detail"
+          split => { "[message]" => "	" }
+        }
+        ruby {
+          id => "ruby_zip_zeek_omron_fins_detail"
+          init => "@zeek_detail_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'memory_area_code', 'beginning_address', 'number_of_items', 'parameter_area_code', 'beginning_word', 'number_of_words', 'last_word_bit', 'response_code', 'data', 'year', 'month', 'date', 'hour', 'minute', 'second', 'day', 'clock_time', 'intelligent_id_no', 'first_word', 'read_length', 'data_length', 'num_of_link_nodes', 'block_record_data_link_status', 'block_record_num_of_link_nodes', 'block_record_node_num', 'block_record_cio_area_first_word', 'block_record_kind_of_dm', 'block_record_dm_area_first_word', 'block_record_num_of_total_words', 'program_no', 'protect_code', 'password', 'last_word', 'clear_code', 'number_of_bytes', 'run_mode', 'controller_data_to_read', 'controller_model', 'controller_version', 'for_system_use', 'program_area_size', 'iom_size', 'no_of_dm_words', 'timer_size', 'expansion_dm_size', 'no_of_steps_transitions', 'kind_of_memory_card', 'memory_card_size', 'cpu_bus_unit_config', 'no_of_sysmac_bus_master_mounted', 'no_of_sysmac_bus2_master_mounted', 'peripheral_device_connected', 'built_in_host_interface', 'no_of_racks_connected', 'no_of_units', 'unit_address', 'model_number', 'controller_status_data_read_status', 'controller_status_data_read_mode', 'fatal_error', 'non_fatal_error', 'message_yes_no', 'fal_fals_no', 'error_message', 'cycle_time_read_parameter', 'average_cycle_time', 'max_cycle_time', 'min_cycle_time', 'test_data', 'number_of_receptions', 'command', 'message_no_0', 'message_no_1', 'message_no_2', 'message_no_3', 'message_no_4', 'message_no_5', 'message_no_6', 'message_no_7', 'message_0', 'message_1', 'message_2', 'message_3', 'message_4', 'message_5', 'message_6', 'message_7', 'fal_fals_no_0', 'fal_fals_no_1', 'fal_fals_no_2', 'fal_fals_no_3', 'fal_fals_no_4', 'fal_fals_no_5', 'fal_fals_no_6', 'fal_fals_no_7', 'fal_fals_no_8', 'fal_fals_no_9', 'fal_fals_no_10', 'fal_fals_no_11', 'fal_fals_no_12', 'fal_fals_no_13', 'fal_fals_0', 'fal_fals_1', 'fal_fals_2', 'fal_fals_3', 'fal_fals_4', 'fal_fals_5', 'fal_fals_6', 'fal_fals_7', 'fal_fals_8', 'fal_fals_9', 'fal_fals_10', 'fal_fals_11', 'fal_fals_12', 'fal_fals_13', 'acquire_network_address', 'acquire_node_number', 'acquire_unit_address', 'no_of_bits', 'set_reset_specification', 'bit_flag' ]"
+          code => "event.set('[zeek_cols]', @zeek_detail_log_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_omron_fins_detail"
+      add_field => {
+        "[zeek_cols][service]" => "omron_fins"
+      }
+      add_tag => [ "ics" ]
+    }
+
+  } else if ([log_source] == "omron_fins_general") {
+    #############################################################################################################################
+    # omron_fins_general.log
+    # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_omron_fins_general"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][proto]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][tcp_header]}	%{[zeek_cols][tcp_length]}	%{[zeek_cols][tcp_command]}	%{[zeek_cols][tcp_error_code]}	%{[zeek_cols][client_node_address]}	%{[zeek_cols][server_node_address]}	%{[zeek_cols][icf_gateway]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][icf_response_setting]}	%{[zeek_cols][gateway_count]}	%{[zeek_cols][destination_network_address]}	%{[zeek_cols][destination_node_number]}	%{[zeek_cols][destination_unit_address]}	%{[zeek_cols][source_network_address]}	%{[zeek_cols][source_node_number]}	%{[zeek_cols][source_unit_address]}	%{[zeek_cols][service_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][response_code]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_omron_fins_general"
+          split => { "[message]" => "	" }
+        }
+        ruby {
+          id => "ruby_zip_zeek_omron_fins_general"
+          init => "@zeek_general_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'proto', 'omron_fins_link_id', 'tcp_header', 'tcp_length', 'tcp_command', 'tcp_error_code', 'client_node_address', 'server_node_address', 'icf_gateway', 'icf_data_type', 'icf_response_setting', 'gateway_count', 'destination_network_address', 'destination_node_number', 'destination_unit_address', 'source_network_address', 'source_node_number', 'source_unit_address', 'service_id', 'command_code', 'response_code' ]"
+          code => "event.set('[zeek_cols]', @zeek_general_log_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_omron_fins_general"
+      add_field => {
+        "[zeek_cols][service]" => "omron_fins"
+      }
+      add_tag => [ "ics" ]
+    }
+
+  } else if ([log_source] == "omron_fins_network_status_read") {
+    #############################################################################################################################
+    # omron_fins_network_status_read.log
+    # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
+
+    if ("_jsonparsesuccess" not in [tags]) {
+      dissect {
+        id => "dissect_zeek_omron_fins_network_status_read"
+        mapping => {
+          "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][response_code]}	%{[zeek_cols][node_number]}	%{[zeek_cols][in_network]}	%{[zeek_cols][exit_status]}	%{[zeek_cols][polling]}	%{[zeek_cols][communication_cycle_time]}	%{[zeek_cols][current_polling_node_number]}	%{[zeek_cols][cyclic_operation]}	%{[zeek_cols][cyclic_transmission_status]}	%{[zeek_cols][non_fatal_error]}	%{[zeek_cols][cyclic_error_count]}"
+        }
+      }
+
+      if ("_dissectfailure" in [tags]) {
+        mutate {
+          id => "mutate_split_zeek_omron_fins_network_status_read"
+          split => { "[message]" => "	" }
+        }
+        ruby {
+          id => "ruby_zip_zeek_omron_fins_network_status_read"
+          init => "@zeek_network_status_read_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'response_code', 'node_number', 'in_network', 'exit_status', 'polling', 'communication_cycle_time', 'current_polling_node_number', 'cyclic_operation', 'cyclic_transmission_status', 'non_fatal_error', 'cyclic_error_count' ]"
+          code => "event.set('[zeek_cols]', @zeek_network_status_read_log_field_names.zip(event.get('[message]')).to_h)"
+        }
+      }
+    }
+
+    mutate {
+      id => "mutate_add_fields_zeek_omron_fins_network_status_read"
+      add_field => {
+        "[zeek_cols][service]" => "omron_fins"
+      }
+      add_tag => [ "ics" ]
+    }
+  }
+
+}
+
diff --git a/logstash/pipelines/zeek/1200_zeek_mutate.conf b/logstash/pipelines/zeek/1200_zeek_mutate.conf
index e02272a36..4e0fe8aa8 100644
--- a/logstash/pipelines/zeek/1200_zeek_mutate.conf
+++ b/logstash/pipelines/zeek/1200_zeek_mutate.conf
@@ -1530,6 +1530,19 @@ filter {
       "
     }
 
+  } else if ([log_source] =~ /^omron_fins/) {
+  #############################################################################################################################
+  # omron_fins_*.log specific logic
+
+    mutate {
+      id => "mutate_rename_omron_fins_linkage_fields"
+      rename => { "[zeek][omron_fins_data_link_status_read][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_detail_error][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_detail_file][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_detail][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_network_status_read][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
+    }
+
   } else if ([log_source] =~ /^opcua_binary/) {
     #############################################################################################################################
     # opcua-binary-*.log specific logic
diff --git a/scripts/zeek_script_to_malcolm_boilerplate.py b/scripts/zeek_script_to_malcolm_boilerplate.py
index 4c4668813..f9da87ba8 100755
--- a/scripts/zeek_script_to_malcolm_boilerplate.py
+++ b/scripts/zeek_script_to_malcolm_boilerplate.py
@@ -472,6 +472,7 @@ def main():
 
     # output boilerplate Logstash filter for use in Malcolm
     with open(args.logstashOutFile, "w") as f:
+        print(f'filter {{', file=f)
         for record in [r for r in records if len(r["fields"]) > 0]:
             # default to the record's log path, fall back to the slugified record name
             rName = record['path'] if ('path' in record) and record['path'] else record['name']
@@ -481,45 +482,48 @@ def main():
             print(
                 '\n'.join(
                     (
-                        f'}} else if ([log_source] == "{rName}") {{',
-                        f'  #############################################################################################################################',
-                        f'  # {rName}.log',
-                        f'  # {os.path.basename(val)} ({args.url})',
                         '',
-                        f'  if ("_jsonparsesuccess" not in [tags]) {{',
-                        f'    dissect {{',
-                        f'      id => "dissect_zeek_{rName}"',
-                        f'      mapping => {{',
-                        f'        "[message]" => "{rFieldsDissect}"',
-                        f'      }}',
-                        f'    }}',
+                        f'  if ([log_source] == "{rName}") {{',
+                        f'    #############################################################################################################################',
+                        f'    # {rName}.log',
+                        f'    # {os.path.basename(val)} ({args.url})',
                         '',
-                        f'    if ("_dissectfailure" in [tags]) {{',
-                        f'      mutate {{',
-                        f'        id => "mutate_split_zeek_{rName}"',
-                        f'        split => {{ "[message]" => "{ZEEK_DELIMITER_CHAR}" }}',
+                        f'    if ("_jsonparsesuccess" not in [tags]) {{',
+                        f'      dissect {{',
+                        f'        id => "dissect_zeek_{rName}"',
+                        f'        mapping => {{',
+                        f'          "[message]" => "{rFieldsDissect}"',
+                        f'        }}',
                         f'      }}',
-                        f'      ruby {{',
-                        f'        id => "ruby_zip_zeek_{rName}"',
-                        f'        init => "$zeek_{rName}_field_names = [ {rFieldsZip} ]"',
-                        f"        code => \"event.set('[zeek_cols]', $zeek_{rName}_field_names.zip(event.get('[message]')).to_h)\"",
+                        '',
+                        f'      if ("_dissectfailure" in [tags]) {{',
+                        f'        mutate {{',
+                        f'          id => "mutate_split_zeek_{rName}"',
+                        f'          split => {{ "[message]" => "{ZEEK_DELIMITER_CHAR}" }}',
+                        f'        }}',
+                        f'        ruby {{',
+                        f'          id => "ruby_zip_zeek_{rName}"',
+                        f'          init => "@zeek_{rName}_field_names = [ {rFieldsZip} ]"',
+                        f"          code => \"event.set('[zeek_cols]', @zeek_{rName}_field_names.zip(event.get('[message]')).to_h)\"",
+                        f'        }}',
                         f'      }}',
                         f'    }}',
-                        f'  }}',
                         '',
-                        f'  mutate {{',
-                        f'    id => "mutate_add_fields_zeek_{rName}"',
-                        f'    add_field => {{',
-                        f'      "[zeek_cols][proto]" => "{args.protocol}"',
-                        f'      "[zeek_cols][service]" => "{args.service}"',
+                        f'    mutate {{',
+                        f'      id => "mutate_add_fields_zeek_{rName}"',
+                        f'      add_field => {{',
+                        f'        "[zeek_cols][proto]" => "{args.protocol}"',
+                        f'        "[zeek_cols][service]" => "{args.service}"',
+                        f'      }}',
+                        f'      add_tag => [ {tags} ]' if tags else '',
                         f'    }}',
-                        f'    add_tag => [ {tags} ]' if tags else '',
                         f'  }}',
                         '',
                     )
                 ),
                 file=f,
             )
+        print('\n'.join((f'}}', '')), file=f)
 
     # output boilerplate Arkime definitions for use in Malcolm
     with open(args.arkimeOutFile, "w") as f:
@@ -531,7 +535,7 @@ def main():
             # https://github.com/cisagov/ICSNPP
             for field in [f for f in record['fields'] if f['name'] not in ZEEK_COMMON_FIELDS]:
                 print(
-                    f"zeek.{rName}.{field['name']}=db:zeek.{rName}.{field['name']};group:zeek_{rName};kind:{ZEEK_TO_ARKIME_TYPES[field['type']]};friendly:{field['name']};help:{field['name']}",
+                    f"zeek.{rName}.{field['name']}=db:zeek.{rName}.{field['name']};group:zeek_{rName};kind:{ZEEK_TO_ARKIME_TYPES[field['type']]};viewerOnly:true;friendly:{field['name']};help:{field['name']}",
                     file=f,
                 )
             print("", file=f)
diff --git a/shared/bin/zeek_install_plugins.sh b/shared/bin/zeek_install_plugins.sh
index 094a95dc8..3ac507a0a 100755
--- a/shared/bin/zeek_install_plugins.sh
+++ b/shared/bin/zeek_install_plugins.sh
@@ -99,6 +99,7 @@ ZKG_GITHUB_URLS=(
   "https://github.com/cisagov/icsnpp-genisys"
   "https://github.com/cisagov/icsnpp-hart-ip"
   "https://github.com/cisagov/icsnpp-modbus"
+  "https://github.com/cisagov/icsnpp-omron-fins"
   "https://github.com/cisagov/icsnpp-opcua-binary"
   "https://github.com/cisagov/icsnpp-profinet-io-cm"
   "https://github.com/cisagov/icsnpp-s7comm"

From 260a7f0aa067f1a45f606cc307a3efd15906b636 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 09:48:44 -0700
Subject: [PATCH 40/53] wip omron fins integration, , cisagov/Malcolm#554

---
 arkime/etc/config.ini                         | 186 +++++++++---------
 .../composable/component/zeek_ot.json         | 168 ++++++++--------
 .../pipelines/zeek/1171_zeek_omron_fins.conf  |  40 ++--
 logstash/pipelines/zeek/1200_zeek_mutate.conf |  10 +-
 4 files changed, 202 insertions(+), 202 deletions(-)

diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini
index 839e6996c..3c213a458 100644
--- a/arkime/etc/config.ini
+++ b/arkime/etc/config.ini
@@ -1479,75 +1479,75 @@ zeek.omron_fins_data_link_status_read.error_status=db:zeek.omron_fins_data_link_
 zeek.omron_fins_data_link_status_read.mode_status=db:zeek.omron_fins_data_link_status_read.mode_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:mode_status;help:mode_status
 zeek.omron_fins_data_link_status_read.warning_status=db:zeek.omron_fins_data_link_status_read.warning_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:warning_status;help:warning_status
 
-# omron_fins_detail_error.log
+# omron_fins_error.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_detail_error.command_code=db:zeek.omron_fins_detail_error.command_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_detail_error.icf_data_type=db:zeek.omron_fins_detail_error.icf_data_type;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_detail_error.response_code=db:zeek.omron_fins_detail_error.response_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_detail_error.error_reset_fal_no=db:zeek.omron_fins_detail_error.error_reset_fal_no;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_reset_fal_no;help:error_reset_fal_no
-zeek.omron_fins_detail_error.beginning_record_no=db:zeek.omron_fins_detail_error.beginning_record_no;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:beginning_record_no;help:beginning_record_no
-zeek.omron_fins_detail_error.max_no_stored_records=db:zeek.omron_fins_detail_error.max_no_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:max_no_stored_records;help:max_no_stored_records
-zeek.omron_fins_detail_error.no_of_stored_records=db:zeek.omron_fins_detail_error.no_of_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_stored_records;help:no_of_stored_records
-zeek.omron_fins_detail_error.no_of_records=db:zeek.omron_fins_detail_error.no_of_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_records;help:no_of_records
-zeek.omron_fins_detail_error.error_code_1=db:zeek.omron_fins_detail_error.error_code_1;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_1;help:error_code_1
-zeek.omron_fins_detail_error.error_code_2=db:zeek.omron_fins_detail_error.error_code_2;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_2;help:error_code_2
-zeek.omron_fins_detail_error.minute=db:zeek.omron_fins_detail_error.minute;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
-zeek.omron_fins_detail_error.second=db:zeek.omron_fins_detail_error.second;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:second;help:second
-zeek.omron_fins_detail_error.day=db:zeek.omron_fins_detail_error.day;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:day;help:day
-zeek.omron_fins_detail_error.hour=db:zeek.omron_fins_detail_error.hour;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
-zeek.omron_fins_detail_error.year=db:zeek.omron_fins_detail_error.year;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:year;help:year
-zeek.omron_fins_detail_error.month=db:zeek.omron_fins_detail_error.month;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:month;help:month
-
-# omron_fins_detail_file.log
+zeek.omron_fins_error.command_code=db:zeek.omron_fins_error.command_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_error.icf_data_type=db:zeek.omron_fins_error.icf_data_type;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_error.response_code=db:zeek.omron_fins_error.response_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_error.error_reset_fal_no=db:zeek.omron_fins_error.error_reset_fal_no;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_reset_fal_no;help:error_reset_fal_no
+zeek.omron_fins_error.beginning_record_no=db:zeek.omron_fins_error.beginning_record_no;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:beginning_record_no;help:beginning_record_no
+zeek.omron_fins_error.max_no_stored_records=db:zeek.omron_fins_error.max_no_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:max_no_stored_records;help:max_no_stored_records
+zeek.omron_fins_error.no_of_stored_records=db:zeek.omron_fins_error.no_of_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_stored_records;help:no_of_stored_records
+zeek.omron_fins_error.no_of_records=db:zeek.omron_fins_error.no_of_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_records;help:no_of_records
+zeek.omron_fins_error.error_code_1=db:zeek.omron_fins_error.error_code_1;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_1;help:error_code_1
+zeek.omron_fins_error.error_code_2=db:zeek.omron_fins_error.error_code_2;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_2;help:error_code_2
+zeek.omron_fins_error.minute=db:zeek.omron_fins_error.minute;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins_error.second=db:zeek.omron_fins_error.second;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins_error.day=db:zeek.omron_fins_error.day;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins_error.hour=db:zeek.omron_fins_error.hour;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins_error.year=db:zeek.omron_fins_error.year;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins_error.month=db:zeek.omron_fins_error.month;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:month;help:month
+
+# omron_fins_file.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_detail_file.command_code=db:zeek.omron_fins_detail_file.command_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_detail_file.icf_data_type=db:zeek.omron_fins_detail_file.icf_data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_detail_file.response_code=db:zeek.omron_fins_detail_file.response_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_detail_file.disk_no=db:zeek.omron_fins_detail_file.disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:disk_no;help:disk_no
-zeek.omron_fins_detail_file.beginning_file_position=db:zeek.omron_fins_detail_file.beginning_file_position;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_file_position;help:beginning_file_position
-zeek.omron_fins_detail_file.no_of_files=db:zeek.omron_fins_detail_file.no_of_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_files;help:no_of_files
-zeek.omron_fins_detail_file.volume_label=db:zeek.omron_fins_detail_file.volume_label;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:volume_label;help:volume_label
-zeek.omron_fins_detail_file.year=db:zeek.omron_fins_detail_file.year;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:year;help:year
-zeek.omron_fins_detail_file.month=db:zeek.omron_fins_detail_file.month;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:month;help:month
-zeek.omron_fins_detail_file.day=db:zeek.omron_fins_detail_file.day;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:day;help:day
-zeek.omron_fins_detail_file.hour=db:zeek.omron_fins_detail_file.hour;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
-zeek.omron_fins_detail_file.minute=db:zeek.omron_fins_detail_file.minute;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
-zeek.omron_fins_detail_file.second=db:zeek.omron_fins_detail_file.second;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:second;help:second
-zeek.omron_fins_detail_file.total_capacity=db:zeek.omron_fins_detail_file.total_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_capacity;help:total_capacity
-zeek.omron_fins_detail_file.unused_capacity=db:zeek.omron_fins_detail_file.unused_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:unused_capacity;help:unused_capacity
-zeek.omron_fins_detail_file.total_no_files=db:zeek.omron_fins_detail_file.total_no_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_files;help:total_no_files
-zeek.omron_fins_detail_file.no_files_read=db:zeek.omron_fins_detail_file.no_files_read;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_files_read;help:no_files_read
-zeek.omron_fins_detail_file.last_file=db:zeek.omron_fins_detail_file.last_file;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_file;help:last_file
-zeek.omron_fins_detail_file.file_name=db:zeek.omron_fins_detail_file.file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:file_name;help:file_name
-zeek.omron_fins_detail_file.file_capacity=db:zeek.omron_fins_detail_file.file_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_capacity;help:file_capacity
-zeek.omron_fins_detail_file.file_position=db:zeek.omron_fins_detail_file.file_position;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_position;help:file_position
-zeek.omron_fins_detail_file.data_length=db:zeek.omron_fins_detail_file.data_length;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:data_length;help:data_length
-zeek.omron_fins_detail_file.parameter_code=db:zeek.omron_fins_detail_file.parameter_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_code;help:parameter_code
-zeek.omron_fins_detail_file.src_disk_no=db:zeek.omron_fins_detail_file.src_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:src_disk_no;help:src_disk_no
-zeek.omron_fins_detail_file.src_file_name=db:zeek.omron_fins_detail_file.src_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:src_file_name;help:src_file_name
-zeek.omron_fins_detail_file.dst_disk_no=db:zeek.omron_fins_detail_file.dst_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:dst_disk_no;help:dst_disk_no
-zeek.omron_fins_detail_file.dst_file_name=db:zeek.omron_fins_detail_file.dst_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:dst_file_name;help:dst_file_name
-zeek.omron_fins_detail_file.old_file_name=db:zeek.omron_fins_detail_file.old_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:old_file_name;help:old_file_name
-zeek.omron_fins_detail_file.new_file_name=db:zeek.omron_fins_detail_file.new_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:new_file_name;help:new_file_name
-zeek.omron_fins_detail_file.parameter_area_code=db:zeek.omron_fins_detail_file.parameter_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
-zeek.omron_fins_detail_file.beginning_address=db:zeek.omron_fins_detail_file.beginning_address;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
-zeek.omron_fins_detail_file.no_of_words=db:zeek.omron_fins_detail_file.no_of_words;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_words;help:no_of_words
-zeek.omron_fins_detail_file.memory_area_code=db:zeek.omron_fins_detail_file.memory_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
-zeek.omron_fins_detail_file.no_of_items=db:zeek.omron_fins_detail_file.no_of_items;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_items;help:no_of_items
-zeek.omron_fins_detail_file.program_no=db:zeek.omron_fins_detail_file.program_no;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:program_no;help:program_no
-zeek.omron_fins_detail_file.no_of_bytes=db:zeek.omron_fins_detail_file.no_of_bytes;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_bytes;help:no_of_bytes
-zeek.omron_fins_detail_file.beginning_word=db:zeek.omron_fins_detail_file.beginning_word;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
-zeek.omron_fins_detail_file.beginning_block_no=db:zeek.omron_fins_detail_file.beginning_block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:beginning_block_no;help:beginning_block_no
-zeek.omron_fins_detail_file.no_of_blocks=db:zeek.omron_fins_detail_file.no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_blocks;help:no_of_blocks
-zeek.omron_fins_detail_file.remaining_blocks=db:zeek.omron_fins_detail_file.remaining_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:remaining_blocks;help:remaining_blocks
-zeek.omron_fins_detail_file.total_no_of_blocks=db:zeek.omron_fins_detail_file.total_no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_of_blocks;help:total_no_of_blocks
-zeek.omron_fins_detail_file.memory_type=db:zeek.omron_fins_detail_file.memory_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_type;help:memory_type
-zeek.omron_fins_detail_file.data_type=db:zeek.omron_fins_detail_file.data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:data_type;help:data_type
-zeek.omron_fins_detail_file.last_block=db:zeek.omron_fins_detail_file.last_block;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_block;help:last_block
-zeek.omron_fins_detail_file.protected=db:zeek.omron_fins_detail_file.protected;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:protected;help:protected
-zeek.omron_fins_detail_file.control_data=db:zeek.omron_fins_detail_file.control_data;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:control_data;help:control_data
-zeek.omron_fins_detail_file.block_no=db:zeek.omron_fins_detail_file.block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:block_no;help:block_no
-zeek.omron_fins_detail_file.memory_data=db:zeek.omron_fins_detail_file.memory_data;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_data;help:memory_data
+zeek.omron_fins_file.command_code=db:zeek.omron_fins_file.command_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins_file.icf_data_type=db:zeek.omron_fins_file.icf_data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins_file.response_code=db:zeek.omron_fins_file.response_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins_file.disk_no=db:zeek.omron_fins_file.disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:disk_no;help:disk_no
+zeek.omron_fins_file.beginning_file_position=db:zeek.omron_fins_file.beginning_file_position;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_file_position;help:beginning_file_position
+zeek.omron_fins_file.no_of_files=db:zeek.omron_fins_file.no_of_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_files;help:no_of_files
+zeek.omron_fins_file.volume_label=db:zeek.omron_fins_file.volume_label;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:volume_label;help:volume_label
+zeek.omron_fins_file.year=db:zeek.omron_fins_file.year;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins_file.month=db:zeek.omron_fins_file.month;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:month;help:month
+zeek.omron_fins_file.day=db:zeek.omron_fins_file.day;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins_file.hour=db:zeek.omron_fins_file.hour;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins_file.minute=db:zeek.omron_fins_file.minute;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins_file.second=db:zeek.omron_fins_file.second;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins_file.total_capacity=db:zeek.omron_fins_file.total_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_capacity;help:total_capacity
+zeek.omron_fins_file.unused_capacity=db:zeek.omron_fins_file.unused_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:unused_capacity;help:unused_capacity
+zeek.omron_fins_file.total_no_files=db:zeek.omron_fins_file.total_no_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_files;help:total_no_files
+zeek.omron_fins_file.no_files_read=db:zeek.omron_fins_file.no_files_read;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_files_read;help:no_files_read
+zeek.omron_fins_file.last_file=db:zeek.omron_fins_file.last_file;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_file;help:last_file
+zeek.omron_fins_file.file_name=db:zeek.omron_fins_file.file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:file_name;help:file_name
+zeek.omron_fins_file.file_capacity=db:zeek.omron_fins_file.file_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_capacity;help:file_capacity
+zeek.omron_fins_file.file_position=db:zeek.omron_fins_file.file_position;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_position;help:file_position
+zeek.omron_fins_file.data_length=db:zeek.omron_fins_file.data_length;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:data_length;help:data_length
+zeek.omron_fins_file.parameter_code=db:zeek.omron_fins_file.parameter_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_code;help:parameter_code
+zeek.omron_fins_file.src_disk_no=db:zeek.omron_fins_file.src_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:src_disk_no;help:src_disk_no
+zeek.omron_fins_file.src_file_name=db:zeek.omron_fins_file.src_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:src_file_name;help:src_file_name
+zeek.omron_fins_file.dst_disk_no=db:zeek.omron_fins_file.dst_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:dst_disk_no;help:dst_disk_no
+zeek.omron_fins_file.dst_file_name=db:zeek.omron_fins_file.dst_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:dst_file_name;help:dst_file_name
+zeek.omron_fins_file.old_file_name=db:zeek.omron_fins_file.old_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:old_file_name;help:old_file_name
+zeek.omron_fins_file.new_file_name=db:zeek.omron_fins_file.new_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:new_file_name;help:new_file_name
+zeek.omron_fins_file.parameter_area_code=db:zeek.omron_fins_file.parameter_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
+zeek.omron_fins_file.beginning_address=db:zeek.omron_fins_file.beginning_address;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
+zeek.omron_fins_file.no_of_words=db:zeek.omron_fins_file.no_of_words;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_words;help:no_of_words
+zeek.omron_fins_file.memory_area_code=db:zeek.omron_fins_file.memory_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
+zeek.omron_fins_file.no_of_items=db:zeek.omron_fins_file.no_of_items;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_items;help:no_of_items
+zeek.omron_fins_file.program_no=db:zeek.omron_fins_file.program_no;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:program_no;help:program_no
+zeek.omron_fins_file.no_of_bytes=db:zeek.omron_fins_file.no_of_bytes;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_bytes;help:no_of_bytes
+zeek.omron_fins_file.beginning_word=db:zeek.omron_fins_file.beginning_word;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
+zeek.omron_fins_file.beginning_block_no=db:zeek.omron_fins_file.beginning_block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:beginning_block_no;help:beginning_block_no
+zeek.omron_fins_file.no_of_blocks=db:zeek.omron_fins_file.no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_blocks;help:no_of_blocks
+zeek.omron_fins_file.remaining_blocks=db:zeek.omron_fins_file.remaining_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:remaining_blocks;help:remaining_blocks
+zeek.omron_fins_file.total_no_of_blocks=db:zeek.omron_fins_file.total_no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_of_blocks;help:total_no_of_blocks
+zeek.omron_fins_file.memory_type=db:zeek.omron_fins_file.memory_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_type;help:memory_type
+zeek.omron_fins_file.data_type=db:zeek.omron_fins_file.data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:data_type;help:data_type
+zeek.omron_fins_file.last_block=db:zeek.omron_fins_file.last_block;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_block;help:last_block
+zeek.omron_fins_file.protected=db:zeek.omron_fins_file.protected;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:protected;help:protected
+zeek.omron_fins_file.control_data=db:zeek.omron_fins_file.control_data;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:control_data;help:control_data
+zeek.omron_fins_file.block_no=db:zeek.omron_fins_file.block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:block_no;help:block_no
+zeek.omron_fins_file.memory_data=db:zeek.omron_fins_file.memory_data;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_data;help:memory_data
 
 # omron_fins_detail.log
 # https://github.com/cisagov/icsnpp-omron-fins
@@ -1674,28 +1674,28 @@ zeek.omron_fins_detail.no_of_bits=db:zeek.omron_fins_detail.no_of_bits;group:zee
 zeek.omron_fins_detail.set_reset_specification=db:zeek.omron_fins_detail.set_reset_specification;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:set_reset_specification;help:set_reset_specification
 zeek.omron_fins_detail.bit_flag=db:zeek.omron_fins_detail.bit_flag;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:bit_flag;help:bit_flag
 
-# omron_fins_general.log
+# omron_fins.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_general.omron_fins_link_id=db:zeek.omron_fins_general.omron_fins_link_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:omron_fins_link_id;help:omron_fins_link_id
-zeek.omron_fins_general.tcp_header=db:zeek.omron_fins_general.tcp_header;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_header;help:tcp_header
-zeek.omron_fins_general.tcp_length=db:zeek.omron_fins_general.tcp_length;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:tcp_length;help:tcp_length
-zeek.omron_fins_general.tcp_command=db:zeek.omron_fins_general.tcp_command;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_command;help:tcp_command
-zeek.omron_fins_general.tcp_error_code=db:zeek.omron_fins_general.tcp_error_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_error_code;help:tcp_error_code
-zeek.omron_fins_general.client_node_address=db:zeek.omron_fins_general.client_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:client_node_address;help:client_node_address
-zeek.omron_fins_general.server_node_address=db:zeek.omron_fins_general.server_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:server_node_address;help:server_node_address
-zeek.omron_fins_general.icf_gateway=db:zeek.omron_fins_general.icf_gateway;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_gateway;help:icf_gateway
-zeek.omron_fins_general.icf_data_type=db:zeek.omron_fins_general.icf_data_type;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_general.icf_response_setting=db:zeek.omron_fins_general.icf_response_setting;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_response_setting;help:icf_response_setting
-zeek.omron_fins_general.gateway_count=db:zeek.omron_fins_general.gateway_count;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:gateway_count;help:gateway_count
-zeek.omron_fins_general.destination_network_address=db:zeek.omron_fins_general.destination_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_network_address;help:destination_network_address
-zeek.omron_fins_general.destination_node_number=db:zeek.omron_fins_general.destination_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_node_number;help:destination_node_number
-zeek.omron_fins_general.destination_unit_address=db:zeek.omron_fins_general.destination_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_unit_address;help:destination_unit_address
-zeek.omron_fins_general.source_network_address=db:zeek.omron_fins_general.source_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_network_address;help:source_network_address
-zeek.omron_fins_general.source_node_number=db:zeek.omron_fins_general.source_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_node_number;help:source_node_number
-zeek.omron_fins_general.source_unit_address=db:zeek.omron_fins_general.source_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_unit_address;help:source_unit_address
-zeek.omron_fins_general.service_id=db:zeek.omron_fins_general.service_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:service_id;help:service_id
-zeek.omron_fins_general.command_code=db:zeek.omron_fins_general.command_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_general.response_code=db:zeek.omron_fins_general.response_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins.omron_fins_link_id=db:zeek.omron_fins.omron_fins_link_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:omron_fins_link_id;help:omron_fins_link_id
+zeek.omron_fins.tcp_header=db:zeek.omron_fins.tcp_header;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_header;help:tcp_header
+zeek.omron_fins.tcp_length=db:zeek.omron_fins.tcp_length;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:tcp_length;help:tcp_length
+zeek.omron_fins.tcp_command=db:zeek.omron_fins.tcp_command;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_command;help:tcp_command
+zeek.omron_fins.tcp_error_code=db:zeek.omron_fins.tcp_error_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_error_code;help:tcp_error_code
+zeek.omron_fins.client_node_address=db:zeek.omron_fins.client_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:client_node_address;help:client_node_address
+zeek.omron_fins.server_node_address=db:zeek.omron_fins.server_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:server_node_address;help:server_node_address
+zeek.omron_fins.icf_gateway=db:zeek.omron_fins.icf_gateway;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_gateway;help:icf_gateway
+zeek.omron_fins.icf_data_type=db:zeek.omron_fins.icf_data_type;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins.icf_response_setting=db:zeek.omron_fins.icf_response_setting;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_response_setting;help:icf_response_setting
+zeek.omron_fins.gateway_count=db:zeek.omron_fins.gateway_count;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:gateway_count;help:gateway_count
+zeek.omron_fins.destination_network_address=db:zeek.omron_fins.destination_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_network_address;help:destination_network_address
+zeek.omron_fins.destination_node_number=db:zeek.omron_fins.destination_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_node_number;help:destination_node_number
+zeek.omron_fins.destination_unit_address=db:zeek.omron_fins.destination_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_unit_address;help:destination_unit_address
+zeek.omron_fins.source_network_address=db:zeek.omron_fins.source_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_network_address;help:source_network_address
+zeek.omron_fins.source_node_number=db:zeek.omron_fins.source_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_node_number;help:source_node_number
+zeek.omron_fins.source_unit_address=db:zeek.omron_fins.source_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_unit_address;help:source_unit_address
+zeek.omron_fins.service_id=db:zeek.omron_fins.service_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:service_id;help:service_id
+zeek.omron_fins.command_code=db:zeek.omron_fins.command_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins.response_code=db:zeek.omron_fins.response_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
 
 # omron_fins_network_status_read.log
 # https://github.com/cisagov/icsnpp-omron-fins
@@ -3632,11 +3632,11 @@ o_zeek_notice=require:zeek.notice;title:Zeek notice.log;fields:rule.category,rul
 o_zeek_ntlm=require:zeek.ntlm;title:Zeek ntlm.log;fields:zeek.ntlm.host,zeek.ntlm.domain,zeek.ntlm.success,zeek.ntlm.status,zeek.ntlm.server_nb_computer,zeek.ntlm.server_dns_computer,zeek.ntlm.server_tree
 o_zeek_ntp=require:zeek.ntp;title:Zeek ntp.log;fields:zeek.ntp.version,zeek.ntp.mode,zeek.ntp.mode_str,zeek.ntp.stratum,zeek.ntp.poll,zeek.ntp.precision,zeek.ntp.root_delay,zeek.ntp.root_disp,zeek.ntp.ref_id,zeek.ntp.ref_time,zeek.ntp.org_time,zeek.ntp.rec_time,zeek.ntp.xmt_time,zeek.ntp.num_exts
 o_zeek_ocsp=require:zeek.ocsp;title:Zeek ocsp.log;fields:zeek.ocsp.hashAlgorithm,zeek.ocsp.issuerNameHash,zeek.ocsp.issuerKeyHash,zeek.ocsp.serialNumber,zeek.ocsp.certStatus,zeek.ocsp.revoketime,zeek.ocsp.revokereason,zeek.ocsp.thisUpdate,zeek.ocsp.nextUpdate
-o_zeek_omron_fins_detail_error_log=require:zeek.omron_fins_detail_error;title:Zeek omron_fins_detail_error.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_detail_error.command_code,zeek.omron_fins_detail_error.icf_data_type,zeek.omron_fins_detail_error.response_code,zeek.omron_fins_detail_error.error_reset_fal_no,zeek.omron_fins_detail_error.beginning_record_no,zeek.omron_fins_detail_error.max_no_stored_records,zeek.omron_fins_detail_error.no_of_stored_records,zeek.omron_fins_detail_error.no_of_records,zeek.omron_fins_detail_error.error_code_1,zeek.omron_fins_detail_error.error_code_2,zeek.omron_fins_detail_error.minute,zeek.omron_fins_detail_error.second,zeek.omron_fins_detail_error.day,zeek.omron_fins_detail_error.hour,zeek.omron_fins_detail_error.year,zeek.omron_fins_detail_error.month
-o_zeek_omron_fins_detail_file_log=require:zeek.omron_fins_detail_file;title:Zeek omron_fins_detail_file.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_detail_file.command_code,zeek.omron_fins_detail_file.icf_data_type,zeek.omron_fins_detail_file.response_code,zeek.omron_fins_detail_file.disk_no,zeek.omron_fins_detail_file.beginning_file_position,zeek.omron_fins_detail_file.no_of_files,zeek.omron_fins_detail_file.volume_label,zeek.omron_fins_detail_file.year,zeek.omron_fins_detail_file.month,zeek.omron_fins_detail_file.day,zeek.omron_fins_detail_file.hour,zeek.omron_fins_detail_file.minute,zeek.omron_fins_detail_file.second,zeek.omron_fins_detail_file.total_capacity,zeek.omron_fins_detail_file.unused_capacity,zeek.omron_fins_detail_file.total_no_files,zeek.omron_fins_detail_file.no_files_read,zeek.omron_fins_detail_file.last_file,zeek.omron_fins_detail_file.file_name,zeek.omron_fins_detail_file.file_capacity,zeek.omron_fins_detail_file.file_position,zeek.omron_fins_detail_file.data_length,zeek.omron_fins_detail_file.parameter_code,zeek.omron_fins_detail_file.src_disk_no,zeek.omron_fins_detail_file.src_file_name,zeek.omron_fins_detail_file.dst_disk_no,zeek.omron_fins_detail_file.dst_file_name,zeek.omron_fins_detail_file.old_file_name,zeek.omron_fins_detail_file.new_file_name,zeek.omron_fins_detail_file.parameter_area_code,zeek.omron_fins_detail_file.beginning_address,zeek.omron_fins_detail_file.no_of_words,zeek.omron_fins_detail_file.memory_area_code,zeek.omron_fins_detail_file.no_of_items,zeek.omron_fins_detail_file.program_no,zeek.omron_fins_detail_file.no_of_bytes,zeek.omron_fins_detail_file.beginning_word,zeek.omron_fins_detail_file.beginning_block_no,zeek.omron_fins_detail_file.no_of_blocks,zeek.omron_fins_detail_file.remaining_blocks,zeek.omron_fins_detail_file.total_no_of_blocks,zeek.omron_fins_detail_file.memory_type,zeek.omron_fins_detail_file.data_type,zeek.omron_fins_detail_file.last_block,zeek.omron_fins_detail_file.protected,zeek.omron_fins_detail_file.control_data,zeek.omron_fins_detail_file.block_no,zeek.omron_fins_detail_file.memory_data
-o_zeek_omron_fins_detail_log=require:zeek.omron_fins_detail;title:Zeek omron_fins_detail.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_detail.command_code,zeek.omron_fins_detail.icf_data_type,zeek.omron_fins_detail.memory_area_code,zeek.omron_fins_detail.beginning_address,zeek.omron_fins_detail.number_of_items,zeek.omron_fins_detail.parameter_area_code,zeek.omron_fins_detail.beginning_word,zeek.omron_fins_detail.number_of_words,zeek.omron_fins_detail.last_word_bit,zeek.omron_fins_detail.response_code,zeek.omron_fins_detail.data,zeek.omron_fins_detail.year,zeek.omron_fins_detail.month,zeek.omron_fins_detail.date,zeek.omron_fins_detail.hour,zeek.omron_fins_detail.minute,zeek.omron_fins_detail.second,zeek.omron_fins_detail.day,zeek.omron_fins_detail.clock_time,zeek.omron_fins_detail.intelligent_id_no,zeek.omron_fins_detail.first_word,zeek.omron_fins_detail.read_length,zeek.omron_fins_detail.data_length,zeek.omron_fins_detail.num_of_link_nodes,zeek.omron_fins_detail.block_record_data_link_status,zeek.omron_fins_detail.block_record_num_of_link_nodes,zeek.omron_fins_detail.block_record_node_num,zeek.omron_fins_detail.block_record_cio_area_first_word,zeek.omron_fins_detail.block_record_kind_of_dm,zeek.omron_fins_detail.block_record_dm_area_first_word,zeek.omron_fins_detail.block_record_num_of_total_words,zeek.omron_fins_detail.program_no,zeek.omron_fins_detail.protect_code,zeek.omron_fins_detail.last_word,zeek.omron_fins_detail.clear_code,zeek.omron_fins_detail.number_of_bytes,zeek.omron_fins_detail.run_mode,zeek.omron_fins_detail.controller_data_to_read,zeek.omron_fins_detail.controller_model,zeek.omron_fins_detail.controller_version,zeek.omron_fins_detail.for_system_use,zeek.omron_fins_detail.program_area_size,zeek.omron_fins_detail.iom_size,zeek.omron_fins_detail.no_of_dm_words,zeek.omron_fins_detail.timer_size,zeek.omron_fins_detail.expansion_dm_size,zeek.omron_fins_detail.no_of_steps_transitions,zeek.omron_fins_detail.kind_of_memory_card,zeek.omron_fins_detail.memory_card_size,zeek.omron_fins_detail.cpu_bus_unit_config,zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted,zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted,zeek.omron_fins_detail.peripheral_device_connected,zeek.omron_fins_detail.built_in_host_interface,zeek.omron_fins_detail.no_of_racks_connected,zeek.omron_fins_detail.no_of_units,zeek.omron_fins_detail.unit_address,zeek.omron_fins_detail.model_number,zeek.omron_fins_detail.controller_status_data_read_status,zeek.omron_fins_detail.controller_status_data_read_mode,zeek.omron_fins_detail.fatal_error,zeek.omron_fins_detail.non_fatal_error,zeek.omron_fins_detail.message_yes_no,zeek.omron_fins_detail.fal_fals_no,zeek.omron_fins_detail.error_message,zeek.omron_fins_detail.cycle_time_read_parameter,zeek.omron_fins_detail.average_cycle_time,zeek.omron_fins_detail.max_cycle_time,zeek.omron_fins_detail.min_cycle_time,zeek.omron_fins_detail.test_data,zeek.omron_fins_detail.number_of_receptions,zeek.omron_fins_detail.command,zeek.omron_fins_detail.message_no_0,zeek.omron_fins_detail.message_no_1,zeek.omron_fins_detail.message_no_2,zeek.omron_fins_detail.message_no_3,zeek.omron_fins_detail.message_no_4,zeek.omron_fins_detail.message_no_5,zeek.omron_fins_detail.message_no_6,zeek.omron_fins_detail.message_no_7,zeek.omron_fins_detail.message_0,zeek.omron_fins_detail.message_1,zeek.omron_fins_detail.message_2,zeek.omron_fins_detail.message_3,zeek.omron_fins_detail.message_4,zeek.omron_fins_detail.message_5,zeek.omron_fins_detail.message_6,zeek.omron_fins_detail.message_7,zeek.omron_fins_detail.fal_fals_no_0,zeek.omron_fins_detail.fal_fals_no_1,zeek.omron_fins_detail.fal_fals_no_2,zeek.omron_fins_detail.fal_fals_no_3,zeek.omron_fins_detail.fal_fals_no_4,zeek.omron_fins_detail.fal_fals_no_5,zeek.omron_fins_detail.fal_fals_no_6,zeek.omron_fins_detail.fal_fals_no_7,zeek.omron_fins_detail.fal_fals_no_8,zeek.omron_fins_detail.fal_fals_no_9,zeek.omron_fins_detail.fal_fals_no_10,zeek.omron_fins_detail.fal_fals_no_11,zeek.omron_fins_detail.fal_fals_no_12,zeek.omron_fins_detail.fal_fals_no_13,zeek.omron_fins_detail.fal_fals_0,zeek.omron_fins_detail.fal_fals_1,zeek.omron_fins_detail.fal_fals_2,zeek.omron_fins_detail.fal_fals_3,zeek.omron_fins_detail.fal_fals_4,zeek.omron_fins_detail.fal_fals_5,zeek.omron_fins_detail.fal_fals_6,zeek.omron_fins_detail.fal_fals_7,zeek.omron_fins_detail.fal_fals_8,zeek.omron_fins_detail.fal_fals_9,zeek.omron_fins_detail.fal_fals_10,zeek.omron_fins_detail.fal_fals_11,zeek.omron_fins_detail.fal_fals_12,zeek.omron_fins_detail.fal_fals_13,zeek.omron_fins_detail.acquire_network_address,zeek.omron_fins_detail.acquire_node_number,zeek.omron_fins_detail.acquire_unit_address,zeek.omron_fins_detail.no_of_bits,zeek.omron_fins_detail.set_reset_specification,zeek.omron_fins_detail.bit_flag
-o_zeek_omron_fins_general_log=require:zeek.omron_fins_general;title:Zeek omron_fins_general.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_general.tcp_header,zeek.omron_fins_general.tcp_length,zeek.omron_fins_general.tcp_command,zeek.omron_fins_general.tcp_error_code,zeek.omron_fins_general.client_node_address,zeek.omron_fins_general.server_node_address,zeek.omron_fins_general.icf_gateway,zeek.omron_fins_general.icf_data_type,zeek.omron_fins_general.icf_response_setting,zeek.omron_fins_general.gateway_count,zeek.omron_fins_general.destination_network_address,zeek.omron_fins_general.destination_node_number,zeek.omron_fins_general.destination_unit_address,zeek.omron_fins_general.source_network_address,zeek.omron_fins_general.source_node_number,zeek.omron_fins_general.source_unit_address,zeek.omron_fins_general.service_id,zeek.omron_fins_general.command_code,zeek.omron_fins_general.response_code
-o_zeek_omron_fins_network_status_read_log=require:zeek.omron_fins_network_status_read;title:Zeek omron_fins_network_status_read.log;fields:zeek.omron_fins_general.omron_fins_link_id,zeek.omron_fins_network_status_read.command_code,zeek.omron_fins_network_status_read.icf_data_type,zeek.omron_fins_network_status_read.response_code,zeek.omron_fins_network_status_read.node_number,zeek.omron_fins_network_status_read.in_network,zeek.omron_fins_network_status_read.exit_status,zeek.omron_fins_network_status_read.polling,zeek.omron_fins_network_status_read.communication_cycle_time,zeek.omron_fins_network_status_read.current_polling_node_number,zeek.omron_fins_network_status_read.cyclic_operation,zeek.omron_fins_network_status_read.cyclic_transmission_status,zeek.omron_fins_network_status_read.non_fatal_error,zeek.omron_fins_network_status_read.cyclic_error_count
+o_zeek_omron_fins_error_log=require:zeek.omron_fins_error;title:Zeek omron_fins_error.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_error.command_code,zeek.omron_fins_error.icf_data_type,zeek.omron_fins_error.response_code,zeek.omron_fins_error.error_reset_fal_no,zeek.omron_fins_error.beginning_record_no,zeek.omron_fins_error.max_no_stored_records,zeek.omron_fins_error.no_of_stored_records,zeek.omron_fins_error.no_of_records,zeek.omron_fins_error.error_code_1,zeek.omron_fins_error.error_code_2,zeek.omron_fins_error.minute,zeek.omron_fins_error.second,zeek.omron_fins_error.day,zeek.omron_fins_error.hour,zeek.omron_fins_error.year,zeek.omron_fins_error.month
+o_zeek_omron_fins_file_log=require:zeek.omron_fins_file;title:Zeek omron_fins_file.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_file.command_code,zeek.omron_fins_file.icf_data_type,zeek.omron_fins_file.response_code,zeek.omron_fins_file.disk_no,zeek.omron_fins_file.beginning_file_position,zeek.omron_fins_file.no_of_files,zeek.omron_fins_file.volume_label,zeek.omron_fins_file.year,zeek.omron_fins_file.month,zeek.omron_fins_file.day,zeek.omron_fins_file.hour,zeek.omron_fins_file.minute,zeek.omron_fins_file.second,zeek.omron_fins_file.total_capacity,zeek.omron_fins_file.unused_capacity,zeek.omron_fins_file.total_no_files,zeek.omron_fins_file.no_files_read,zeek.omron_fins_file.last_file,zeek.omron_fins_file.file_name,zeek.omron_fins_file.file_capacity,zeek.omron_fins_file.file_position,zeek.omron_fins_file.data_length,zeek.omron_fins_file.parameter_code,zeek.omron_fins_file.src_disk_no,zeek.omron_fins_file.src_file_name,zeek.omron_fins_file.dst_disk_no,zeek.omron_fins_file.dst_file_name,zeek.omron_fins_file.old_file_name,zeek.omron_fins_file.new_file_name,zeek.omron_fins_file.parameter_area_code,zeek.omron_fins_file.beginning_address,zeek.omron_fins_file.no_of_words,zeek.omron_fins_file.memory_area_code,zeek.omron_fins_file.no_of_items,zeek.omron_fins_file.program_no,zeek.omron_fins_file.no_of_bytes,zeek.omron_fins_file.beginning_word,zeek.omron_fins_file.beginning_block_no,zeek.omron_fins_file.no_of_blocks,zeek.omron_fins_file.remaining_blocks,zeek.omron_fins_file.total_no_of_blocks,zeek.omron_fins_file.memory_type,zeek.omron_fins_file.data_type,zeek.omron_fins_file.last_block,zeek.omron_fins_file.protected,zeek.omron_fins_file.control_data,zeek.omron_fins_file.block_no,zeek.omron_fins_file.memory_data
+o_zeek_omron_fins_detail_log=require:zeek.omron_fins_detail;title:Zeek omron_fins_detail.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_detail.command_code,zeek.omron_fins_detail.icf_data_type,zeek.omron_fins_detail.memory_area_code,zeek.omron_fins_detail.beginning_address,zeek.omron_fins_detail.number_of_items,zeek.omron_fins_detail.parameter_area_code,zeek.omron_fins_detail.beginning_word,zeek.omron_fins_detail.number_of_words,zeek.omron_fins_detail.last_word_bit,zeek.omron_fins_detail.response_code,zeek.omron_fins_detail.data,zeek.omron_fins_detail.year,zeek.omron_fins_detail.month,zeek.omron_fins_detail.date,zeek.omron_fins_detail.hour,zeek.omron_fins_detail.minute,zeek.omron_fins_detail.second,zeek.omron_fins_detail.day,zeek.omron_fins_detail.clock_time,zeek.omron_fins_detail.intelligent_id_no,zeek.omron_fins_detail.first_word,zeek.omron_fins_detail.read_length,zeek.omron_fins_detail.data_length,zeek.omron_fins_detail.num_of_link_nodes,zeek.omron_fins_detail.block_record_data_link_status,zeek.omron_fins_detail.block_record_num_of_link_nodes,zeek.omron_fins_detail.block_record_node_num,zeek.omron_fins_detail.block_record_cio_area_first_word,zeek.omron_fins_detail.block_record_kind_of_dm,zeek.omron_fins_detail.block_record_dm_area_first_word,zeek.omron_fins_detail.block_record_num_of_total_words,zeek.omron_fins_detail.program_no,zeek.omron_fins_detail.protect_code,zeek.omron_fins_detail.last_word,zeek.omron_fins_detail.clear_code,zeek.omron_fins_detail.number_of_bytes,zeek.omron_fins_detail.run_mode,zeek.omron_fins_detail.controller_data_to_read,zeek.omron_fins_detail.controller_model,zeek.omron_fins_detail.controller_version,zeek.omron_fins_detail.for_system_use,zeek.omron_fins_detail.program_area_size,zeek.omron_fins_detail.iom_size,zeek.omron_fins_detail.no_of_dm_words,zeek.omron_fins_detail.timer_size,zeek.omron_fins_detail.expansion_dm_size,zeek.omron_fins_detail.no_of_steps_transitions,zeek.omron_fins_detail.kind_of_memory_card,zeek.omron_fins_detail.memory_card_size,zeek.omron_fins_detail.cpu_bus_unit_config,zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted,zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted,zeek.omron_fins_detail.peripheral_device_connected,zeek.omron_fins_detail.built_in_host_interface,zeek.omron_fins_detail.no_of_racks_connected,zeek.omron_fins_detail.no_of_units,zeek.omron_fins_detail.unit_address,zeek.omron_fins_detail.model_number,zeek.omron_fins_detail.controller_status_data_read_status,zeek.omron_fins_detail.controller_status_data_read_mode,zeek.omron_fins_detail.fatal_error,zeek.omron_fins_detail.non_fatal_error,zeek.omron_fins_detail.message_yes_no,zeek.omron_fins_detail.fal_fals_no,zeek.omron_fins_detail.error_message,zeek.omron_fins_detail.cycle_time_read_parameter,zeek.omron_fins_detail.average_cycle_time,zeek.omron_fins_detail.max_cycle_time,zeek.omron_fins_detail.min_cycle_time,zeek.omron_fins_detail.test_data,zeek.omron_fins_detail.number_of_receptions,zeek.omron_fins_detail.command,zeek.omron_fins_detail.message_no_0,zeek.omron_fins_detail.message_no_1,zeek.omron_fins_detail.message_no_2,zeek.omron_fins_detail.message_no_3,zeek.omron_fins_detail.message_no_4,zeek.omron_fins_detail.message_no_5,zeek.omron_fins_detail.message_no_6,zeek.omron_fins_detail.message_no_7,zeek.omron_fins_detail.message_0,zeek.omron_fins_detail.message_1,zeek.omron_fins_detail.message_2,zeek.omron_fins_detail.message_3,zeek.omron_fins_detail.message_4,zeek.omron_fins_detail.message_5,zeek.omron_fins_detail.message_6,zeek.omron_fins_detail.message_7,zeek.omron_fins_detail.fal_fals_no_0,zeek.omron_fins_detail.fal_fals_no_1,zeek.omron_fins_detail.fal_fals_no_2,zeek.omron_fins_detail.fal_fals_no_3,zeek.omron_fins_detail.fal_fals_no_4,zeek.omron_fins_detail.fal_fals_no_5,zeek.omron_fins_detail.fal_fals_no_6,zeek.omron_fins_detail.fal_fals_no_7,zeek.omron_fins_detail.fal_fals_no_8,zeek.omron_fins_detail.fal_fals_no_9,zeek.omron_fins_detail.fal_fals_no_10,zeek.omron_fins_detail.fal_fals_no_11,zeek.omron_fins_detail.fal_fals_no_12,zeek.omron_fins_detail.fal_fals_no_13,zeek.omron_fins_detail.fal_fals_0,zeek.omron_fins_detail.fal_fals_1,zeek.omron_fins_detail.fal_fals_2,zeek.omron_fins_detail.fal_fals_3,zeek.omron_fins_detail.fal_fals_4,zeek.omron_fins_detail.fal_fals_5,zeek.omron_fins_detail.fal_fals_6,zeek.omron_fins_detail.fal_fals_7,zeek.omron_fins_detail.fal_fals_8,zeek.omron_fins_detail.fal_fals_9,zeek.omron_fins_detail.fal_fals_10,zeek.omron_fins_detail.fal_fals_11,zeek.omron_fins_detail.fal_fals_12,zeek.omron_fins_detail.fal_fals_13,zeek.omron_fins_detail.acquire_network_address,zeek.omron_fins_detail.acquire_node_number,zeek.omron_fins_detail.acquire_unit_address,zeek.omron_fins_detail.no_of_bits,zeek.omron_fins_detail.set_reset_specification,zeek.omron_fins_detail.bit_flag
+o_zeek_omron_fins_log=require:zeek.omron_fins;title:Zeek omron_fins.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins.tcp_header,zeek.omron_fins.tcp_length,zeek.omron_fins.tcp_command,zeek.omron_fins.tcp_error_code,zeek.omron_fins.client_node_address,zeek.omron_fins.server_node_address,zeek.omron_fins.icf_gateway,zeek.omron_fins.icf_data_type,zeek.omron_fins.icf_response_setting,zeek.omron_fins.gateway_count,zeek.omron_fins.destination_network_address,zeek.omron_fins.destination_node_number,zeek.omron_fins.destination_unit_address,zeek.omron_fins.source_network_address,zeek.omron_fins.source_node_number,zeek.omron_fins.source_unit_address,zeek.omron_fins.service_id,zeek.omron_fins.command_code,zeek.omron_fins.response_code
+o_zeek_omron_fins_network_status_read_log=require:zeek.omron_fins_network_status_read;title:Zeek omron_fins_network_status_read.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_network_status_read.command_code,zeek.omron_fins_network_status_read.icf_data_type,zeek.omron_fins_network_status_read.response_code,zeek.omron_fins_network_status_read.node_number,zeek.omron_fins_network_status_read.in_network,zeek.omron_fins_network_status_read.exit_status,zeek.omron_fins_network_status_read.polling,zeek.omron_fins_network_status_read.communication_cycle_time,zeek.omron_fins_network_status_read.current_polling_node_number,zeek.omron_fins_network_status_read.cyclic_operation,zeek.omron_fins_network_status_read.cyclic_transmission_status,zeek.omron_fins_network_status_read.non_fatal_error,zeek.omron_fins_network_status_read.cyclic_error_count
 o_zeek_opcua=require:zeek.opcua_binary;title:Zeek OPC UA Binary logs;fields:zeek.opcua_binary.filter_source_link_id,zeek.opcua_binary.operand_source_link_id,zeek.opcua_binary.variant_source_link_id,zeek.opcua_binary.encoding_mask,zeek.opcua_binary.endpoint_url,zeek.opcua_binary.error,zeek.opcua_binary.identifier,zeek.opcua_binary.identifier_str,zeek.opcua_binary.is_final,zeek.opcua_binary.max_chunk_cnt,zeek.opcua_binary.max_msg_size,zeek.opcua_binary.msg_size,zeek.opcua_binary.msg_type,zeek.opcua_binary.namespace_idx,zeek.opcua_binary.opcua_link_id,zeek.opcua_binary.rcv_buf_size,zeek.opcua_binary.rcv_cert,zeek.opcua_binary.rcv_cert_len,zeek.opcua_binary.reason,zeek.opcua_binary.req_hdr_add_hdr_enc_mask,zeek.opcua_binary.req_hdr_add_hdr_type_id,zeek.opcua_binary.req_hdr_audit_entry_id,zeek.opcua_binary.req_hdr_node_id_guid,zeek.opcua_binary.req_hdr_node_id_namespace_idx,zeek.opcua_binary.req_hdr_node_id_numeric,zeek.opcua_binary.req_hdr_node_id_opaque,zeek.opcua_binary.req_hdr_node_id_string,zeek.opcua_binary.req_hdr_node_id_type,zeek.opcua_binary.req_hdr_request_handle,zeek.opcua_binary.req_hdr_return_diag,zeek.opcua_binary.req_hdr_timeout_hint,zeek.opcua_binary.req_hdr_timestamp,zeek.opcua_binary.request_id,zeek.opcua_binary.res_hdr_add_hdr_enc_mask,zeek.opcua_binary.res_hdr_add_hdr_type_id,zeek.opcua_binary.res_hdr_request_handle,zeek.opcua_binary.res_hdr_service_diag_encoding,zeek.opcua_binary.res_hdr_timestamp,zeek.opcua_binary.sec_channel_id,zeek.opcua_binary.sec_policy_uri,zeek.opcua_binary.sec_policy_uri_len,zeek.opcua_binary.seq_number,zeek.opcua_binary.snd_buf_size,zeek.opcua_binary.snd_cert,zeek.opcua_binary.snd_cert_len,zeek.opcua_binary.version,zeek.opcua_binary_activate_session.client_algorithm,zeek.opcua_binary_activate_session.client_signature,zeek.opcua_binary_activate_session.ext_obj_certificate_data,zeek.opcua_binary_activate_session.ext_obj_encoding,zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom,zeek.opcua_binary_activate_session.ext_obj_password,zeek.opcua_binary_activate_session.ext_obj_policy_id,zeek.opcua_binary_activate_session.ext_obj_token_data,zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask,zeek.opcua_binary_activate_session.ext_obj_type_id_guid,zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx,zeek.opcua_binary_activate_session.ext_obj_type_id_numeric,zeek.opcua_binary_activate_session.ext_obj_type_id_opaque,zeek.opcua_binary_activate_session.ext_obj_type_id_str,zeek.opcua_binary_activate_session.ext_obj_type_id_string,zeek.opcua_binary_activate_session.ext_obj_user_name,zeek.opcua_binary_activate_session.server_nonce,zeek.opcua_binary_activate_session.user_token_algorithm,zeek.opcua_binary_activate_session.user_token_signature,zeek.opcua_binary_activate_session_client_software_cert.cert_data,zeek.opcua_binary_activate_session_client_software_cert.cert_signature,zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id,zeek.opcua_binary_activate_session_locale_id.local_id,zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id,zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask,zeek.opcua_binary_aggregate_filter.aggregate_type_guid,zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx,zeek.opcua_binary_aggregate_filter.aggregate_type_numeric,zeek.opcua_binary_aggregate_filter.aggregate_type_opaque,zeek.opcua_binary_aggregate_filter.aggregate_type_string,zeek.opcua_binary_aggregate_filter.percent_data_bad,zeek.opcua_binary_aggregate_filter.percent_data_good,zeek.opcua_binary_aggregate_filter.processing_interval,zeek.opcua_binary_aggregate_filter.revised_percent_data_bad,zeek.opcua_binary_aggregate_filter.revised_percent_data_good,zeek.opcua_binary_aggregate_filter.revised_processing_interval,zeek.opcua_binary_aggregate_filter.revised_start_time,zeek.opcua_binary_aggregate_filter.revised_start_time_str,zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation,zeek.opcua_binary_aggregate_filter.start_time,zeek.opcua_binary_aggregate_filter.start_time_str,zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation,zeek.opcua_binary_browse.browse_next_release_continuation_point,zeek.opcua_binary_browse.browse_service_type,zeek.opcua_binary_browse.browse_view_description_timestamp,zeek.opcua_binary_browse.browse_view_description_view_version,zeek.opcua_binary_browse.browse_view_id_encoding_mask,zeek.opcua_binary_browse.browse_view_id_guid,zeek.opcua_binary_browse.browse_view_id_namespace_idx,zeek.opcua_binary_browse.browse_view_id_numeric,zeek.opcua_binary_browse.browse_view_id_opaque,zeek.opcua_binary_browse.browse_view_id_string,zeek.opcua_binary_browse.req_max_ref_nodes,zeek.opcua_binary_browse_description.browse_description_encoding_mask,zeek.opcua_binary_browse_description.browse_description_guid,zeek.opcua_binary_browse_description.browse_description_include_subtypes,zeek.opcua_binary_browse_description.browse_description_link_id,zeek.opcua_binary_browse_description.browse_description_namespace_idx,zeek.opcua_binary_browse_description.browse_description_numeric,zeek.opcua_binary_browse_description.browse_description_opaque,zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask,zeek.opcua_binary_browse_description.browse_description_ref_guid,zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx,zeek.opcua_binary_browse_description.browse_description_ref_numeric,zeek.opcua_binary_browse_description.browse_description_ref_opaque,zeek.opcua_binary_browse_description.browse_description_ref_string,zeek.opcua_binary_browse_description.browse_description_string,zeek.opcua_binary_browse_description.browse_direction,zeek.opcua_binary_browse_description.browse_node_class_mask,zeek.opcua_binary_browse_description.browse_result_mask,zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id,zeek.opcua_binary_browse_request_continuation_point.continuation_point,zeek.opcua_binary_browse_response_references.browse_reference_link_id,zeek.opcua_binary_browse_response_references.browse_response_display_name_locale,zeek.opcua_binary_browse_response_references.browse_response_display_name_mask,zeek.opcua_binary_browse_response_references.browse_response_display_name_text,zeek.opcua_binary_browse_response_references.browse_response_is_forward,zeek.opcua_binary_browse_response_references.browse_response_node_class,zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_name,zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_string,zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_string,zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_type_def_guid,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric,zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque,zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_string,zeek.opcua_binary_browse_result.browse_response_link_id,zeek.opcua_binary_browse_result.browse_result_continuation_point,zeek.opcua_binary_close_session.del_subscriptions,zeek.opcua_binary_create_monitored_items.subscription_id,zeek.opcua_binary_create_monitored_items.timestamps_to_return,zeek.opcua_binary_create_monitored_items.timestamps_to_return_str,zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id,zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval,zeek.opcua_binary_create_session.algorithm,zeek.opcua_binary_create_session.application_type,zeek.opcua_binary_create_session.application_uri,zeek.opcua_binary_create_session.auth_token_encoding_mask,zeek.opcua_binary_create_session.auth_token_guid,zeek.opcua_binary_create_session.auth_token_namespace_idx,zeek.opcua_binary_create_session.auth_token_numeric,zeek.opcua_binary_create_session.auth_token_opaque,zeek.opcua_binary_create_session.auth_token_string,zeek.opcua_binary_create_session.client_cert,zeek.opcua_binary_create_session.client_cert_size,zeek.opcua_binary_create_session.client_nonce,zeek.opcua_binary_create_session.discovery_profile_uri,zeek.opcua_binary_create_session.encoding_mask,zeek.opcua_binary_create_session.endpoint_url,zeek.opcua_binary_create_session.gateway_server_uri,zeek.opcua_binary_create_session.locale,zeek.opcua_binary_create_session.max_req_msg_size,zeek.opcua_binary_create_session.max_res_msg_size,zeek.opcua_binary_create_session.product_uri,zeek.opcua_binary_create_session.req_session_timeout,zeek.opcua_binary_create_session.revised_session_timeout,zeek.opcua_binary_create_session.server_cert,zeek.opcua_binary_create_session.server_cert_size,zeek.opcua_binary_create_session.server_nonce,zeek.opcua_binary_create_session.server_uri,zeek.opcua_binary_create_session.session_id_encoding_mask,zeek.opcua_binary_create_session.session_id_guid,zeek.opcua_binary_create_session.session_id_namespace_idx,zeek.opcua_binary_create_session.session_id_numeric,zeek.opcua_binary_create_session.session_id_opaque,zeek.opcua_binary_create_session.session_id_string,zeek.opcua_binary_create_session.session_name,zeek.opcua_binary_create_session.signature,zeek.opcua_binary_create_session.text,zeek.opcua_binary_create_session_discovery.discovery_profile_link_id,zeek.opcua_binary_create_session_discovery.discovery_profile_uri,zeek.opcua_binary_create_session_discovery.discovery_profile_url,zeek.opcua_binary_create_session_endpoints.application_type,zeek.opcua_binary_create_session_endpoints.application_uri,zeek.opcua_binary_create_session_endpoints.cert_size,zeek.opcua_binary_create_session_endpoints.discovery_profile_uri,zeek.opcua_binary_create_session_endpoints.encoding_mask,zeek.opcua_binary_create_session_endpoints.endpoint_link_id,zeek.opcua_binary_create_session_endpoints.endpoint_url,zeek.opcua_binary_create_session_endpoints.gateway_server_uri,zeek.opcua_binary_create_session_endpoints.locale,zeek.opcua_binary_create_session_endpoints.message_security_mode,zeek.opcua_binary_create_session_endpoints.product_uri,zeek.opcua_binary_create_session_endpoints.security_level,zeek.opcua_binary_create_session_endpoints.security_policy_uri,zeek.opcua_binary_create_session_endpoints.server_cert,zeek.opcua_binary_create_session_endpoints.text,zeek.opcua_binary_create_session_endpoints.transport_profile_uri,zeek.opcua_binary_create_session_user_token.user_token_endpoint_url,zeek.opcua_binary_create_session_user_token.user_token_issued_type,zeek.opcua_binary_create_session_user_token.user_token_link_id,zeek.opcua_binary_create_session_user_token.user_token_policy_id,zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri,zeek.opcua_binary_create_session_user_token.user_token_type,zeek.opcua_binary_create_subscription.max_notifications_per_publish,zeek.opcua_binary_create_subscription.priority,zeek.opcua_binary_create_subscription.publishing_enabled,zeek.opcua_binary_create_subscription.requested_lifetime_count,zeek.opcua_binary_create_subscription.requested_max_keep_alive_count,zeek.opcua_binary_create_subscription.requested_publishing_interval,zeek.opcua_binary_create_subscription.revised_lifetime_count,zeek.opcua_binary_create_subscription.revised_max_keep_alive_count,zeek.opcua_binary_create_subscription.revised_publishing_interval,zeek.opcua_binary_create_subscription.subscription_id,zeek.opcua_binary_data_change_filter.deadband_type,zeek.opcua_binary_data_change_filter.deadband_value,zeek.opcua_binary_data_change_filter.trigger,zeek.opcua_binary_diag_info_detail.addl_info,zeek.opcua_binary_diag_info_detail.diag_info_link_id,zeek.opcua_binary_diag_info_detail.has_addl_info,zeek.opcua_binary_diag_info_detail.has_inner_diag_info,zeek.opcua_binary_diag_info_detail.has_inner_stat_code,zeek.opcua_binary_diag_info_detail.has_locale,zeek.opcua_binary_diag_info_detail.has_locale_txt,zeek.opcua_binary_diag_info_detail.has_namespace_uri,zeek.opcua_binary_diag_info_detail.has_symbolic_id,zeek.opcua_binary_diag_info_detail.inner_diag_level,zeek.opcua_binary_diag_info_detail.inner_stat_code,zeek.opcua_binary_diag_info_detail.locale,zeek.opcua_binary_diag_info_detail.locale_str,zeek.opcua_binary_diag_info_detail.locale_txt,zeek.opcua_binary_diag_info_detail.locale_txt_str,zeek.opcua_binary_diag_info_detail.namespace_uri,zeek.opcua_binary_diag_info_detail.namespace_uri_str,zeek.opcua_binary_diag_info_detail.root_object_id,zeek.opcua_binary_diag_info_detail.source,zeek.opcua_binary_diag_info_detail.source_str,zeek.opcua_binary_diag_info_detail.symbolic_id,zeek.opcua_binary_diag_info_detail.symbolic_id_str,zeek.opcua_binary_event_filter_attribute_operand.alias,zeek.opcua_binary_event_filter_attribute_operand.attribute,zeek.opcua_binary_event_filter_attribute_operand.index_range,zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand.node_id_guid,zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric,zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque,zeek.opcua_binary_event_filter_attribute_operand.node_id_string,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string,zeek.opcua_binary_event_filter_element_operand.element_index,zeek.opcua_binary_event_filter_select_clause.attribute_id,zeek.opcua_binary_event_filter_select_clause.index_range,zeek.opcua_binary_event_filter_select_clause.select_clause_link_id,zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask,zeek.opcua_binary_event_filter_select_clause.type_id_guid,zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx,zeek.opcua_binary_event_filter_select_clause.type_id_numeric,zeek.opcua_binary_event_filter_select_clause.type_id_opaque,zeek.opcua_binary_event_filter_select_clause.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id,zeek.opcua_binary_event_filter_simple_attribute_operand.index_range,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id,zeek.opcua_binary_event_filter_where_clause.where_clause_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string,zeek.opcua_binary_event_filter_where_clause_elements.filter_operator,zeek.opcua_binary_get_endpoints.endpoint_url,zeek.opcua_binary_get_endpoints_description.application_type,zeek.opcua_binary_get_endpoints_description.application_uri,zeek.opcua_binary_get_endpoints_description.cert_size,zeek.opcua_binary_get_endpoints_description.discovery_profile_uri,zeek.opcua_binary_get_endpoints_description.encoding_mask,zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id,zeek.opcua_binary_get_endpoints_description.endpoint_uri,zeek.opcua_binary_get_endpoints_description.gateway_server_uri,zeek.opcua_binary_get_endpoints_description.locale,zeek.opcua_binary_get_endpoints_description.message_security_mode,zeek.opcua_binary_get_endpoints_description.product_uri,zeek.opcua_binary_get_endpoints_description.security_level,zeek.opcua_binary_get_endpoints_description.security_policy_uri,zeek.opcua_binary_get_endpoints_description.server_cert,zeek.opcua_binary_get_endpoints_description.text,zeek.opcua_binary_get_endpoints_description.transport_profile_uri,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url,zeek.opcua_binary_get_endpoints_locale_id.locale_id,zeek.opcua_binary_get_endpoints_locale_id.locale_link_id,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url,zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type,zeek.opcua_binary_get_endpoints_user_token.user_token_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id,zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri,zeek.opcua_binary_get_endpoints_user_token.user_token_type,zeek.opcua_binary_opensecure_channel.client_nonce,zeek.opcua_binary_opensecure_channel.client_proto_ver,zeek.opcua_binary_opensecure_channel.message_security_mode,zeek.opcua_binary_opensecure_channel.req_lifetime,zeek.opcua_binary_opensecure_channel.sec_token_created_at,zeek.opcua_binary_opensecure_channel.sec_token_id,zeek.opcua_binary_opensecure_channel.sec_token_request_type,zeek.opcua_binary_opensecure_channel.sec_token_revised_time,zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id,zeek.opcua_binary_opensecure_channel.server_nonce,zeek.opcua_binary_opensecure_channel.server_proto_ver,zeek.opcua_binary_read.max_age,zeek.opcua_binary_read.timestamps_to_return,zeek.opcua_binary_read.timestamps_to_return_str,zeek.opcua_binary_read_nodes_to_read.attribute_id,zeek.opcua_binary_read_nodes_to_read.attribute_id_str,zeek.opcua_binary_read_nodes_to_read.data_encoding_name,zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx,zeek.opcua_binary_read_nodes_to_read.index_range,zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask,zeek.opcua_binary_read_nodes_to_read.node_id_guid,zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx,zeek.opcua_binary_read_nodes_to_read.node_id_numeric,zeek.opcua_binary_read_nodes_to_read.node_id_opaque,zeek.opcua_binary_read_nodes_to_read.node_id_string,zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id,zeek.opcua_binary_read_results.data_value_encoding_mask,zeek.opcua_binary_read_results.level,zeek.opcua_binary_read_results.results_link_id,zeek.opcua_binary_read_results.server_pico_sec,zeek.opcua_binary_read_results.server_timestamp,zeek.opcua_binary_read_results.source_pico_sec,zeek.opcua_binary_read_results.source_timestamp,zeek.opcua_binary_status_code_detail.historian_bits,zeek.opcua_binary_status_code_detail.historian_bits_str,zeek.opcua_binary_status_code_detail.historianextradata,zeek.opcua_binary_status_code_detail.historianmultivalue,zeek.opcua_binary_status_code_detail.historianpartial,zeek.opcua_binary_status_code_detail.info_type,zeek.opcua_binary_status_code_detail.info_type_str,zeek.opcua_binary_status_code_detail.limit_bits,zeek.opcua_binary_status_code_detail.limit_bits_str,zeek.opcua_binary_status_code_detail.overflow,zeek.opcua_binary_status_code_detail.semantics_changed,zeek.opcua_binary_status_code_detail.severity,zeek.opcua_binary_status_code_detail.severity_str,zeek.opcua_binary_status_code_detail.source,zeek.opcua_binary_status_code_detail.source_level,zeek.opcua_binary_status_code_detail.source_str,zeek.opcua_binary_status_code_detail.status_code,zeek.opcua_binary_status_code_detail.status_code_link_id,zeek.opcua_binary_status_code_detail.structure_changed,zeek.opcua_binary_status_code_detail.sub_code,zeek.opcua_binary_status_code_detail.sub_code_str,zeek.opcua_binary_variant_array_dims.array_dim_link_id,zeek.opcua_binary_variant_array_dims.dimension,zeek.opcua_binary_variant_data.variant_data_encoding_name,zeek.opcua_binary_variant_data.variant_data_encoding_name_idx,zeek.opcua_binary_variant_data.variant_data_link_id,zeek.opcua_binary_variant_data.variant_data_locale,zeek.opcua_binary_variant_data.variant_data_mask,zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask,zeek.opcua_binary_variant_data.variant_data_node_id_guid,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri,zeek.opcua_binary_variant_data.variant_data_node_id_numeric,zeek.opcua_binary_variant_data.variant_data_node_id_opaque,zeek.opcua_binary_variant_data.variant_data_node_id_server_idx,zeek.opcua_binary_variant_data.variant_data_node_id_string,zeek.opcua_binary_variant_data.variant_data_text,zeek.opcua_binary_variant_data.variant_data_value_decimal,zeek.opcua_binary_variant_data.variant_data_value_signed_numeric,zeek.opcua_binary_variant_data.variant_data_value_string,zeek.opcua_binary_variant_data.variant_data_value_time,zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric,zeek.opcua_binary_variant_data_value.data_value_encoding_mask,zeek.opcua_binary_variant_data_value.server_pico_sec,zeek.opcua_binary_variant_data_value.server_timestamp,zeek.opcua_binary_variant_data_value.source_pico_sec,zeek.opcua_binary_variant_data_value.source_timestamp,zeek.opcua_binary_variant_data_value.variant_data_value_source_link,zeek.opcua_binary_variant_extension_object.ext_obj_encoding,zeek.opcua_binary_variant_extension_object.ext_obj_link_id,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string,zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str,zeek.opcua_binary_variant_metadata.built_in_data_type,zeek.opcua_binary_variant_metadata.built_in_data_type_str,zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask,zeek.opcua_binary_variant_metadata.data_variant_data_type,zeek.opcua_binary_variant_metadata.data_variant_data_type_str,zeek.opcua_binary_variant_metadata.variant_data_array_dim,zeek.opcua_binary_variant_metadata.variant_data_source,zeek.opcua_binary_variant_metadata.variant_data_source_str,zeek_opcua_binary_write=require:zeek.opcua_binary_write;title:Zeek opcua_binary_write.log;fields:zeek.opcua_binary_write.source_h,zeek.opcua_binary_write.source_p,zeek.opcua_binary_write.destination_h,zeek.opcua_binary_write.destination_p,zeek.opcua_binary_write.node_id_encoding_mask,zeek.opcua_binary_write.node_id_namespace_idx,zeek.opcua_binary_write.node_id_numeric,zeek.opcua_binary_write.node_id_string,zeek.opcua_binary_write.node_id_guid,zeek.opcua_binary_write.node_id_opaque,zeek.opcua_binary_write.attribute_id,zeek.opcua_binary_write.attribute_id_str,zeek.opcua_binary_write.index_range,zeek.opcua_binary_write.data_value_encoding_mask,zeek.opcua_binary_write.source_timestamp,zeek.opcua_binary_write.source_pico_sec,zeek.opcua_binary_write.server_timestamp,zeek.opcua_binary_write.server_pico_sec
 o_zeek_ospf=require:zeek.ospf;title:Zeek ospf.log;fields:zeek.ospf.ospf_type,zeek.ospf.version,zeek.ospf.router_id,zeek.ospf.area_id,zeek.ospf.interface_id,zeek.ospf.netmask,zeek.ospf.desig_router,zeek.ospf.backup_router,zeek.ospf.neighbors,zeek.ospf.lsa_type,zeek.ospf.link_state_id,zeek.ospf.advert_router,zeek.ospf.routers,zeek.ospf.link_id,zeek.ospf.link_data,zeek.ospf.link_type,zeek.ospf.neighbor_router_id,zeek.ospf.metrics,zeek.ospf.fwd_addrs,zeek.ospf.route_tags,zeek.ospf.neighbor_interface_id,zeek.ospf.prefix,zeek.ospf.metric,zeek.ospf.dest_router_id,zeek.ospf.link_prefixes,zeek.ospf.intra_prefixes
 o_zeek_pe=require:zeek.pe;title:Zeek pe.log;fields:zeek.pe.machine,zeek.pe.compile_ts,zeek.pe.os,zeek.pe.subsystem,zeek.pe.is_exe,zeek.pe.is_64bit,zeek.pe.uses_aslr,zeek.pe.uses_dep,zeek.pe.uses_code_integrity,zeek.pe.uses_seh,zeek.pe.has_import_table,zeek.pe.has_export_table,zeek.pe.has_cert_table,zeek.pe.has_debug_data,zeek.pe.section_names
diff --git a/dashboards/templates/composable/component/zeek_ot.json b/dashboards/templates/composable/component/zeek_ot.json
index 4b8335e0a..8b7603cae 100644
--- a/dashboards/templates/composable/component/zeek_ot.json
+++ b/dashboards/templates/composable/component/zeek_ot.json
@@ -866,70 +866,70 @@
         "zeek.omron_fins_data_link_status_read.error_status": { "type": "keyword" },
         "zeek.omron_fins_data_link_status_read.mode_status": { "type": "keyword" },
         "zeek.omron_fins_data_link_status_read.warning_status": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.command_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.response_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.error_reset_fal_no": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.beginning_record_no": { "type": "long" },
-        "zeek.omron_fins_detail_error.max_no_stored_records": { "type": "long" },
-        "zeek.omron_fins_detail_error.no_of_stored_records": { "type": "long" },
-        "zeek.omron_fins_detail_error.no_of_records": { "type": "long" },
-        "zeek.omron_fins_detail_error.error_code_1": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.error_code_2": { "type": "keyword" },
-        "zeek.omron_fins_detail_error.minute": { "type": "long" },
-        "zeek.omron_fins_detail_error.second": { "type": "long" },
-        "zeek.omron_fins_detail_error.day": { "type": "long" },
-        "zeek.omron_fins_detail_error.hour": { "type": "long" },
-        "zeek.omron_fins_detail_error.year": { "type": "long" },
-        "zeek.omron_fins_detail_error.month": { "type": "long" },
-        "zeek.omron_fins_detail_file.command_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.response_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.disk_no": { "type": "long" },
-        "zeek.omron_fins_detail_file.beginning_file_position": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.no_of_files": { "type": "long" },
-        "zeek.omron_fins_detail_file.volume_label": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.year": { "type": "long" },
-        "zeek.omron_fins_detail_file.month": { "type": "long" },
-        "zeek.omron_fins_detail_file.day": { "type": "long" },
-        "zeek.omron_fins_detail_file.hour": { "type": "long" },
-        "zeek.omron_fins_detail_file.minute": { "type": "long" },
-        "zeek.omron_fins_detail_file.second": { "type": "long" },
-        "zeek.omron_fins_detail_file.total_capacity": { "type": "long" },
-        "zeek.omron_fins_detail_file.unused_capacity": { "type": "long" },
-        "zeek.omron_fins_detail_file.total_no_files": { "type": "long" },
-        "zeek.omron_fins_detail_file.no_files_read": { "type": "long" },
-        "zeek.omron_fins_detail_file.last_file": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.file_name": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.file_capacity": { "type": "long" },
-        "zeek.omron_fins_detail_file.file_position": { "type": "long" },
-        "zeek.omron_fins_detail_file.data_length": { "type": "long" },
-        "zeek.omron_fins_detail_file.parameter_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.src_disk_no": { "type": "long" },
-        "zeek.omron_fins_detail_file.src_file_name": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.dst_disk_no": { "type": "long" },
-        "zeek.omron_fins_detail_file.dst_file_name": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.old_file_name": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.new_file_name": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.parameter_area_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.beginning_address": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.no_of_words": { "type": "long" },
-        "zeek.omron_fins_detail_file.memory_area_code": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.no_of_items": { "type": "long" },
-        "zeek.omron_fins_detail_file.program_no": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.no_of_bytes": { "type": "long" },
-        "zeek.omron_fins_detail_file.beginning_word": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.beginning_block_no": { "type": "long" },
-        "zeek.omron_fins_detail_file.no_of_blocks": { "type": "long" },
-        "zeek.omron_fins_detail_file.remaining_blocks": { "type": "long" },
-        "zeek.omron_fins_detail_file.total_no_of_blocks": { "type": "long" },
-        "zeek.omron_fins_detail_file.memory_type": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.data_type": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.last_block": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.protected": { "type": "keyword" },
-        "zeek.omron_fins_detail_file.control_data": { "type": "long" },
-        "zeek.omron_fins_detail_file.block_no": { "type": "long" },
-        "zeek.omron_fins_detail_file.memory_data": { "type": "keyword" },
+        "zeek.omron_fins_error.command_code": { "type": "keyword" },
+        "zeek.omron_fins_error.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_error.response_code": { "type": "keyword" },
+        "zeek.omron_fins_error.error_reset_fal_no": { "type": "keyword" },
+        "zeek.omron_fins_error.beginning_record_no": { "type": "long" },
+        "zeek.omron_fins_error.max_no_stored_records": { "type": "long" },
+        "zeek.omron_fins_error.no_of_stored_records": { "type": "long" },
+        "zeek.omron_fins_error.no_of_records": { "type": "long" },
+        "zeek.omron_fins_error.error_code_1": { "type": "keyword" },
+        "zeek.omron_fins_error.error_code_2": { "type": "keyword" },
+        "zeek.omron_fins_error.minute": { "type": "long" },
+        "zeek.omron_fins_error.second": { "type": "long" },
+        "zeek.omron_fins_error.day": { "type": "long" },
+        "zeek.omron_fins_error.hour": { "type": "long" },
+        "zeek.omron_fins_error.year": { "type": "long" },
+        "zeek.omron_fins_error.month": { "type": "long" },
+        "zeek.omron_fins_file.command_code": { "type": "keyword" },
+        "zeek.omron_fins_file.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins_file.response_code": { "type": "keyword" },
+        "zeek.omron_fins_file.disk_no": { "type": "long" },
+        "zeek.omron_fins_file.beginning_file_position": { "type": "keyword" },
+        "zeek.omron_fins_file.no_of_files": { "type": "long" },
+        "zeek.omron_fins_file.volume_label": { "type": "keyword" },
+        "zeek.omron_fins_file.year": { "type": "long" },
+        "zeek.omron_fins_file.month": { "type": "long" },
+        "zeek.omron_fins_file.day": { "type": "long" },
+        "zeek.omron_fins_file.hour": { "type": "long" },
+        "zeek.omron_fins_file.minute": { "type": "long" },
+        "zeek.omron_fins_file.second": { "type": "long" },
+        "zeek.omron_fins_file.total_capacity": { "type": "long" },
+        "zeek.omron_fins_file.unused_capacity": { "type": "long" },
+        "zeek.omron_fins_file.total_no_files": { "type": "long" },
+        "zeek.omron_fins_file.no_files_read": { "type": "long" },
+        "zeek.omron_fins_file.last_file": { "type": "keyword" },
+        "zeek.omron_fins_file.file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.file_capacity": { "type": "long" },
+        "zeek.omron_fins_file.file_position": { "type": "long" },
+        "zeek.omron_fins_file.data_length": { "type": "long" },
+        "zeek.omron_fins_file.parameter_code": { "type": "keyword" },
+        "zeek.omron_fins_file.src_disk_no": { "type": "long" },
+        "zeek.omron_fins_file.src_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.dst_disk_no": { "type": "long" },
+        "zeek.omron_fins_file.dst_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.old_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.new_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.parameter_area_code": { "type": "keyword" },
+        "zeek.omron_fins_file.beginning_address": { "type": "keyword" },
+        "zeek.omron_fins_file.no_of_words": { "type": "long" },
+        "zeek.omron_fins_file.memory_area_code": { "type": "keyword" },
+        "zeek.omron_fins_file.no_of_items": { "type": "long" },
+        "zeek.omron_fins_file.program_no": { "type": "keyword" },
+        "zeek.omron_fins_file.no_of_bytes": { "type": "long" },
+        "zeek.omron_fins_file.beginning_word": { "type": "keyword" },
+        "zeek.omron_fins_file.beginning_block_no": { "type": "long" },
+        "zeek.omron_fins_file.no_of_blocks": { "type": "long" },
+        "zeek.omron_fins_file.remaining_blocks": { "type": "long" },
+        "zeek.omron_fins_file.total_no_of_blocks": { "type": "long" },
+        "zeek.omron_fins_file.memory_type": { "type": "keyword" },
+        "zeek.omron_fins_file.data_type": { "type": "keyword" },
+        "zeek.omron_fins_file.last_block": { "type": "keyword" },
+        "zeek.omron_fins_file.protected": { "type": "keyword" },
+        "zeek.omron_fins_file.control_data": { "type": "long" },
+        "zeek.omron_fins_file.block_no": { "type": "long" },
+        "zeek.omron_fins_file.memory_data": { "type": "keyword" },
         "zeek.omron_fins_detail.command_code": { "type": "keyword" },
         "zeek.omron_fins_detail.icf_data_type": { "type": "keyword" },
         "zeek.omron_fins_detail.memory_area_code": { "type": "keyword" },
@@ -1052,26 +1052,26 @@
         "zeek.omron_fins_detail.no_of_bits": { "type": "long" },
         "zeek.omron_fins_detail.set_reset_specification": { "type": "keyword" },
         "zeek.omron_fins_detail.bit_flag": { "type": "long" },
-        "zeek.omron_fins_general.omron_fins_link_id": { "type": "keyword" },
-        "zeek.omron_fins_general.tcp_header": { "type": "keyword" },
-        "zeek.omron_fins_general.tcp_length": { "type": "long" },
-        "zeek.omron_fins_general.tcp_command": { "type": "keyword" },
-        "zeek.omron_fins_general.tcp_error_code": { "type": "keyword" },
-        "zeek.omron_fins_general.client_node_address": { "type": "long" },
-        "zeek.omron_fins_general.server_node_address": { "type": "long" },
-        "zeek.omron_fins_general.icf_gateway": { "type": "keyword" },
-        "zeek.omron_fins_general.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_general.icf_response_setting": { "type": "keyword" },
-        "zeek.omron_fins_general.gateway_count": { "type": "long" },
-        "zeek.omron_fins_general.destination_network_address": { "type": "keyword" },
-        "zeek.omron_fins_general.destination_node_number": { "type": "keyword" },
-        "zeek.omron_fins_general.destination_unit_address": { "type": "keyword" },
-        "zeek.omron_fins_general.source_network_address": { "type": "keyword" },
-        "zeek.omron_fins_general.source_node_number": { "type": "keyword" },
-        "zeek.omron_fins_general.source_unit_address": { "type": "keyword" },
-        "zeek.omron_fins_general.service_id": { "type": "keyword" },
-        "zeek.omron_fins_general.command_code": { "type": "keyword" },
-        "zeek.omron_fins_general.response_code": { "type": "keyword" },
+        "zeek.omron_fins.omron_fins_link_id": { "type": "keyword" },
+        "zeek.omron_fins.tcp_header": { "type": "keyword" },
+        "zeek.omron_fins.tcp_length": { "type": "long" },
+        "zeek.omron_fins.tcp_command": { "type": "keyword" },
+        "zeek.omron_fins.tcp_error_code": { "type": "keyword" },
+        "zeek.omron_fins.client_node_address": { "type": "long" },
+        "zeek.omron_fins.server_node_address": { "type": "long" },
+        "zeek.omron_fins.icf_gateway": { "type": "keyword" },
+        "zeek.omron_fins.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins.icf_response_setting": { "type": "keyword" },
+        "zeek.omron_fins.gateway_count": { "type": "long" },
+        "zeek.omron_fins.destination_network_address": { "type": "keyword" },
+        "zeek.omron_fins.destination_node_number": { "type": "keyword" },
+        "zeek.omron_fins.destination_unit_address": { "type": "keyword" },
+        "zeek.omron_fins.source_network_address": { "type": "keyword" },
+        "zeek.omron_fins.source_node_number": { "type": "keyword" },
+        "zeek.omron_fins.source_unit_address": { "type": "keyword" },
+        "zeek.omron_fins.service_id": { "type": "keyword" },
+        "zeek.omron_fins.command_code": { "type": "keyword" },
+        "zeek.omron_fins.response_code": { "type": "keyword" },
         "zeek.omron_fins_network_status_read.command_code": { "type": "keyword" },
         "zeek.omron_fins_network_status_read.icf_data_type": { "type": "keyword" },
         "zeek.omron_fins_network_status_read.response_code": { "type": "keyword" },
diff --git a/logstash/pipelines/zeek/1171_zeek_omron_fins.conf b/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
index f819a1627..91780d586 100644
--- a/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
+++ b/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
@@ -34,14 +34,14 @@ filter {
       add_tag => [ "ics" ]
     }
 
-  } else if ([log_source] == "omron_fins_detail_error") {
+  } else if ([log_source] == "omron_fins_error") {
     #############################################################################################################################
-    # omron_fins_detail_error.log
+    # omron_fins_error.log
     # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
 
     if ("_jsonparsesuccess" not in [tags]) {
       dissect {
-        id => "dissect_zeek_omron_fins_detail_error"
+        id => "dissect_zeek_omron_fins_error"
         mapping => {
           "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][response_code]}	%{[zeek_cols][error_reset_fal_no]}	%{[zeek_cols][beginning_record_no]}	%{[zeek_cols][max_no_stored_records]}	%{[zeek_cols][no_of_stored_records]}	%{[zeek_cols][no_of_records]}	%{[zeek_cols][error_code_1]}	%{[zeek_cols][error_code_2]}	%{[zeek_cols][minute]}	%{[zeek_cols][second]}	%{[zeek_cols][day]}	%{[zeek_cols][hour]}	%{[zeek_cols][year]}	%{[zeek_cols][month]}"
         }
@@ -49,11 +49,11 @@ filter {
 
       if ("_dissectfailure" in [tags]) {
         mutate {
-          id => "mutate_split_zeek_omron_fins_detail_error"
+          id => "mutate_split_zeek_omron_fins_error"
           split => { "[message]" => "	" }
         }
         ruby {
-          id => "ruby_zip_zeek_omron_fins_detail_error"
+          id => "ruby_zip_zeek_omron_fins_error"
           init => "@zeek_detail_error_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'response_code', 'error_reset_fal_no', 'beginning_record_no', 'max_no_stored_records', 'no_of_stored_records', 'no_of_records', 'error_code_1', 'error_code_2', 'minute', 'second', 'day', 'hour', 'year', 'month' ]"
           code => "event.set('[zeek_cols]', @zeek_detail_error_log_field_names.zip(event.get('[message]')).to_h)"
         }
@@ -61,21 +61,21 @@ filter {
     }
 
     mutate {
-      id => "mutate_add_fields_zeek_omron_fins_detail_error"
+      id => "mutate_add_fields_zeek_omron_fins_error"
       add_field => {
         "[zeek_cols][service]" => "omron_fins"
       }
       add_tag => [ "ics" ]
     }
 
-  } else if ([log_source] == "omron_fins_detail_file") {
+  } else if ([log_source] == "omron_fins_file") {
     #############################################################################################################################
-    # omron_fins_detail_file.log
+    # omron_fins_file.log
     # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
 
     if ("_jsonparsesuccess" not in [tags]) {
       dissect {
-        id => "dissect_zeek_omron_fins_detail_file"
+        id => "dissect_zeek_omron_fins_file"
         mapping => {
           "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][response_code]}	%{[zeek_cols][disk_no]}	%{[zeek_cols][beginning_file_position]}	%{[zeek_cols][no_of_files]}	%{[zeek_cols][volume_label]}	%{[zeek_cols][year]}	%{[zeek_cols][month]}	%{[zeek_cols][day]}	%{[zeek_cols][hour]}	%{[zeek_cols][minute]}	%{[zeek_cols][second]}	%{[zeek_cols][total_capacity]}	%{[zeek_cols][unused_capacity]}	%{[zeek_cols][total_no_files]}	%{[zeek_cols][no_files_read]}	%{[zeek_cols][last_file]}	%{[zeek_cols][file_name]}	%{[zeek_cols][file_capacity]}	%{[zeek_cols][file_position]}	%{[zeek_cols][data_length]}	%{[zeek_cols][fuid]}	%{[zeek_cols][parameter_code]}	%{[zeek_cols][src_disk_no]}	%{[zeek_cols][src_file_name]}	%{[zeek_cols][dst_disk_no]}	%{[zeek_cols][dst_file_name]}	%{[zeek_cols][old_file_name]}	%{[zeek_cols][new_file_name]}	%{[zeek_cols][parameter_area_code]}	%{[zeek_cols][beginning_address]}	%{[zeek_cols][no_of_words]}	%{[zeek_cols][memory_area_code]}	%{[zeek_cols][no_of_items]}	%{[zeek_cols][program_no]}	%{[zeek_cols][no_of_bytes]}	%{[zeek_cols][beginning_word]}	%{[zeek_cols][beginning_block_no]}	%{[zeek_cols][no_of_blocks]}	%{[zeek_cols][remaining_blocks]}	%{[zeek_cols][total_no_of_blocks]}	%{[zeek_cols][memory_type]}	%{[zeek_cols][data_type]}	%{[zeek_cols][last_block]}	%{[zeek_cols][protected]}	%{[zeek_cols][control_data]}	%{[zeek_cols][block_no]}	%{[zeek_cols][memory_data]}"
         }
@@ -83,11 +83,11 @@ filter {
 
       if ("_dissectfailure" in [tags]) {
         mutate {
-          id => "mutate_split_zeek_omron_fins_detail_file"
+          id => "mutate_split_zeek_omron_fins_file"
           split => { "[message]" => "	" }
         }
         ruby {
-          id => "ruby_zip_zeek_omron_fins_detail_file"
+          id => "ruby_zip_zeek_omron_fins_file"
           init => "@zeek_detail_file_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'omron_fins_link_id', 'command_code', 'icf_data_type', 'response_code', 'disk_no', 'beginning_file_position', 'no_of_files', 'volume_label', 'year', 'month', 'day', 'hour', 'minute', 'second', 'total_capacity', 'unused_capacity', 'total_no_files', 'no_files_read', 'last_file', 'file_name', 'file_capacity', 'file_position', 'data_length', 'fuid', 'parameter_code', 'src_disk_no', 'src_file_name', 'dst_disk_no', 'dst_file_name', 'old_file_name', 'new_file_name', 'parameter_area_code', 'beginning_address', 'no_of_words', 'memory_area_code', 'no_of_items', 'program_no', 'no_of_bytes', 'beginning_word', 'beginning_block_no', 'no_of_blocks', 'remaining_blocks', 'total_no_of_blocks', 'memory_type', 'data_type', 'last_block', 'protected', 'control_data', 'block_no', 'memory_data' ]"
           code => "event.set('[zeek_cols]', @zeek_detail_file_log_field_names.zip(event.get('[message]')).to_h)"
         }
@@ -95,7 +95,7 @@ filter {
     }
 
     mutate {
-      id => "mutate_add_fields_zeek_omron_fins_detail_file"
+      id => "mutate_add_fields_zeek_omron_fins_file"
       add_field => {
         "[zeek_cols][service]" => "omron_fins"
       }
@@ -136,14 +136,14 @@ filter {
       add_tag => [ "ics" ]
     }
 
-  } else if ([log_source] == "omron_fins_general") {
+  } else if ([log_source] == "omron_fins") {
     #############################################################################################################################
     # omron_fins_general.log
     # omron_fins_types.zeek (https://github.com/cisagov/icsnpp-omron-fins)
 
     if ("_jsonparsesuccess" not in [tags]) {
       dissect {
-        id => "dissect_zeek_omron_fins_general"
+        id => "dissect_zeek_omron_fins"
         mapping => {
           "[message]" => "%{[zeek_cols][ts]}	%{[zeek_cols][uid]}	%{[zeek_cols][orig_h]}	%{[zeek_cols][orig_p]}	%{[zeek_cols][resp_h]}	%{[zeek_cols][resp_p]}	%{[zeek_cols][proto]}	%{[zeek_cols][omron_fins_link_id]}	%{[zeek_cols][tcp_header]}	%{[zeek_cols][tcp_length]}	%{[zeek_cols][tcp_command]}	%{[zeek_cols][tcp_error_code]}	%{[zeek_cols][client_node_address]}	%{[zeek_cols][server_node_address]}	%{[zeek_cols][icf_gateway]}	%{[zeek_cols][icf_data_type]}	%{[zeek_cols][icf_response_setting]}	%{[zeek_cols][gateway_count]}	%{[zeek_cols][destination_network_address]}	%{[zeek_cols][destination_node_number]}	%{[zeek_cols][destination_unit_address]}	%{[zeek_cols][source_network_address]}	%{[zeek_cols][source_node_number]}	%{[zeek_cols][source_unit_address]}	%{[zeek_cols][service_id]}	%{[zeek_cols][command_code]}	%{[zeek_cols][response_code]}"
         }
@@ -151,11 +151,11 @@ filter {
 
       if ("_dissectfailure" in [tags]) {
         mutate {
-          id => "mutate_split_zeek_omron_fins_general"
+          id => "mutate_split_zeek_omron_fins"
           split => { "[message]" => "	" }
         }
         ruby {
-          id => "ruby_zip_zeek_omron_fins_general"
+          id => "ruby_zip_zeek_omron_fins"
           init => "@zeek_general_log_field_names = [ 'ts', 'uid', 'orig_h', 'orig_p', 'resp_h', 'resp_p', 'proto', 'omron_fins_link_id', 'tcp_header', 'tcp_length', 'tcp_command', 'tcp_error_code', 'client_node_address', 'server_node_address', 'icf_gateway', 'icf_data_type', 'icf_response_setting', 'gateway_count', 'destination_network_address', 'destination_node_number', 'destination_unit_address', 'source_network_address', 'source_node_number', 'source_unit_address', 'service_id', 'command_code', 'response_code' ]"
           code => "event.set('[zeek_cols]', @zeek_general_log_field_names.zip(event.get('[message]')).to_h)"
         }
@@ -163,10 +163,10 @@ filter {
     }
 
     mutate {
-      id => "mutate_add_fields_zeek_omron_fins_general"
-      add_field => {
-        "[zeek_cols][service]" => "omron_fins"
-      }
+      id => "mutate_add_fields_zeek_omron_fins"
+      add_field => { "[zeek_cols][service]" => "omron_fins" }
+      # TODO: when omron_fins_general.log fixes its useless proto field, remove this
+      remove_field => [ "[zeek_cols][proto]" ]
       add_tag => [ "ics" ]
     }
 
diff --git a/logstash/pipelines/zeek/1200_zeek_mutate.conf b/logstash/pipelines/zeek/1200_zeek_mutate.conf
index 4e0fe8aa8..b7e8427b5 100644
--- a/logstash/pipelines/zeek/1200_zeek_mutate.conf
+++ b/logstash/pipelines/zeek/1200_zeek_mutate.conf
@@ -1536,11 +1536,11 @@ filter {
 
     mutate {
       id => "mutate_rename_omron_fins_linkage_fields"
-      rename => { "[zeek][omron_fins_data_link_status_read][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_detail_error][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_detail_file][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_detail][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_network_status_read][omron_fins_link_id]" => "[zeek][omron_fins_general][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_data_link_status_read][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_error][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_file][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_detail][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins_network_status_read][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
     }
 
   } else if ([log_source] =~ /^opcua_binary/) {

From 49492219486f4a4de5db8231b85211bb7f3d46a9 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 09:54:46 -0700
Subject: [PATCH 41/53] arkime to v5.6.0

---
 Dockerfiles/arkime.Dockerfile                                  | 2 +-
 hedgehog-iso/build.sh                                          | 2 +-
 hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot | 2 +-
 hedgehog-raspi/sensor_install.sh                               | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfiles/arkime.Dockerfile b/Dockerfiles/arkime.Dockerfile
index f895b1c95..d9e560480 100644
--- a/Dockerfiles/arkime.Dockerfile
+++ b/Dockerfiles/arkime.Dockerfile
@@ -33,7 +33,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 ENV ARKIME_DIR "/opt/arkime"
-ENV ARKIME_VERSION "5.5.1"
+ENV ARKIME_VERSION "5.6.0"
 ENV ARKIME_DEB_URL "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/arkime_${ARKIME_VERSION}-1.debian12_XXX.deb"
 ENV ARKIME_JA4_SO_URL "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/ja4plus.XXX.so"
 ENV ARKIME_LOCALELASTICSEARCH no
diff --git a/hedgehog-iso/build.sh b/hedgehog-iso/build.sh
index deb35e7f2..cc8ae22f5 100755
--- a/hedgehog-iso/build.sh
+++ b/hedgehog-iso/build.sh
@@ -8,7 +8,7 @@ IMAGE_DISTRIBUTION=bookworm
 BEATS_VER="8.16.0"
 BEATS_OSS="-oss"
 
-ARKIME_VER="5.5.1"
+ARKIME_VER="5.6.0"
 
 BUILD_ERROR_CODE=1
 
diff --git a/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot b/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot
index 74c284cce..3ff228b87 100755
--- a/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot
+++ b/hedgehog-iso/config/hooks/normal/0910-sensor-build.hook.chroot
@@ -64,7 +64,7 @@ rm -Rf zeek* spicy*
 ###
 
 # get Arkime JA4+ plugin
-ARKIME_VERSION="5.5.1"
+ARKIME_VERSION="5.6.0"
 curl "${GITHUB_API_CURL_ARGS[@]}" \
      -o "/opt/arkime/plugins/ja4plus.${ARCH}.so" \
      "https://github.com/arkime/arkime/releases/download/v${ARKIME_VERSION}/ja4plus.${ARCH}.so"
diff --git a/hedgehog-raspi/sensor_install.sh b/hedgehog-raspi/sensor_install.sh
index db18ea0c6..aa4e2758b 100644
--- a/hedgehog-raspi/sensor_install.sh
+++ b/hedgehog-raspi/sensor_install.sh
@@ -32,7 +32,7 @@ SHARED_DIR='/opt/buildshared'
 WORK_DIR="$(mktemp -d -t hedgehog-XXXXXX)"
 SENSOR_DIR='/opt/sensor'
 
-ARKIME_VERSION="5.5.1"
+ARKIME_VERSION="5.6.0"
 
 BEATS_VER="8.16.0"
 BEATS_OSS="-oss"

From e4408f6333ac2bd9568085fa3571a9b9e8d541d1 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 10:00:30 -0700
Subject: [PATCH 42/53] bump logstash and filebeat to v8.17.0

---
 Dockerfiles/filebeat.Dockerfile  | 2 +-
 Dockerfiles/logstash.Dockerfile  | 2 +-
 hedgehog-iso/build.sh            | 2 +-
 hedgehog-raspi/sensor_install.sh | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfiles/filebeat.Dockerfile b/Dockerfiles/filebeat.Dockerfile
index a8dfa5d86..ec9661c54 100644
--- a/Dockerfiles/filebeat.Dockerfile
+++ b/Dockerfiles/filebeat.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/beats/filebeat-oss:8.16.0
+FROM docker.elastic.co/beats/filebeat-oss:8.17.0
 
 # Copyright (c) 2025 Battelle Energy Alliance, LLC.  All rights reserved.
 LABEL maintainer="malcolm@inl.gov"
diff --git a/Dockerfiles/logstash.Dockerfile b/Dockerfiles/logstash.Dockerfile
index c2ef0f626..f731cecb8 100644
--- a/Dockerfiles/logstash.Dockerfile
+++ b/Dockerfiles/logstash.Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/logstash/logstash-oss:8.16.0
+FROM docker.elastic.co/logstash/logstash-oss:8.17.0
 
 LABEL maintainer="malcolm@inl.gov"
 LABEL org.opencontainers.image.authors='malcolm@inl.gov'
diff --git a/hedgehog-iso/build.sh b/hedgehog-iso/build.sh
index cc8ae22f5..6fc6cc087 100755
--- a/hedgehog-iso/build.sh
+++ b/hedgehog-iso/build.sh
@@ -5,7 +5,7 @@ IMAGE_PUBLISHER=idaholab
 IMAGE_VERSION=1.0.0
 IMAGE_DISTRIBUTION=bookworm
 
-BEATS_VER="8.16.0"
+BEATS_VER="8.17.0"
 BEATS_OSS="-oss"
 
 ARKIME_VER="5.6.0"
diff --git a/hedgehog-raspi/sensor_install.sh b/hedgehog-raspi/sensor_install.sh
index aa4e2758b..c557a7bf3 100644
--- a/hedgehog-raspi/sensor_install.sh
+++ b/hedgehog-raspi/sensor_install.sh
@@ -34,7 +34,7 @@ SENSOR_DIR='/opt/sensor'
 
 ARKIME_VERSION="5.6.0"
 
-BEATS_VER="8.16.0"
+BEATS_VER="8.17.0"
 BEATS_OSS="-oss"
 
 # Option to build from sources if desired

From 2c1571bea1e26cc211d098d0cbb04e9b6eed43f2 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 10:18:04 -0700
Subject: [PATCH 43/53] Fix nginx filebeat

---
 filebeat/supervisord.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/filebeat/supervisord.conf b/filebeat/supervisord.conf
index b25acb911..bb2060047 100644
--- a/filebeat/supervisord.conf
+++ b/filebeat/supervisord.conf
@@ -40,8 +40,7 @@ command=bash -c "/usr/local/bin/opensearch_status.sh -t malcolm_beats_template &
   -h /usr/share/filebeat-nginx \
   -c /usr/share/filebeat-nginx \
   -d /usr/share/filebeat-nginx/data \
-  -f /usr/share/filebeat-nginx/filebeat-nginx.yml \
-  -m nginx"
+  -f /usr/share/filebeat-nginx/filebeat-nginx.yml"
 user=%(ENV_PUSER)s
 autostart=%(ENV_NGINX_LOG_ACCESS_AND_ERRORS)s
 autorestart=%(ENV_NGINX_LOG_ACCESS_AND_ERRORS)s

From d0fe1e051a7c4ec9346f9c238790643dafbdabcc Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 12:54:09 -0700
Subject: [PATCH 44/53] WIP omron fins integration, cisagov/Malcolm#554

---
 arkime/etc/config.ini                         | 442 ++++++++--------
 arkime/wise/source.zeeklogs.js                | 490 +++++++++++++-----
 .../024062a6-48d6-498f-a91a-3bf2da3a3cd3.json |   2 +-
 .../03207c00-d07e-11ec-b4a7-d1b4003706b7.json |   2 +-
 .../05e3e000-f118-11e9-acda-83a8e29e1a24.json |   2 +-
 .../078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json |   2 +-
 .../0a490422-0ce9-44bf-9a2d-19329ddde8c3.json |   2 +-
 .../0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json |   2 +-
 .../0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json |   2 +-
 .../0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json |   2 +-
 .../11be6381-beef-40a7-bdce-88c5398392fc.json |   2 +-
 .../11ddd980-e388-11e9-b568-cf17de8e860c.json |   2 +-
 .../12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json |   2 +-
 .../152f29dc-51a2-4f53-93e9-6e92765567b8.json |   2 +-
 .../1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json |   2 +-
 .../1ce42250-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../1fff49f6-0199-4a0f-820b-721aff9ff1f1.json |   2 +-
 .../29a1b290-eb98-11e9-a384-0fcf32210194.json |   2 +-
 .../2bec1490-eb94-11e9-a384-0fcf32210194.json |   2 +-
 .../2cc56240-e460-11ed-a9d5-9f591c284cb4.json |   2 +-
 .../2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json |   2 +-
 .../2d98bb8e-214c-4374-837b-20e1bcd63a5e.json |   2 +-
 .../32587740-ef88-11e9-b38a-2db3ee640e88.json |   2 +-
 .../36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json |   2 +-
 .../37041ee1-79c0-4684-a436-3173b0e89876.json |   2 +-
 .../39abfe30-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../3a9e3440-75e2-11ef-8138-03748f839a49.json |   2 +-
 .../42e831b9-41a9-4f35-8b7d-e1566d368773.json |   2 +-
 .../432af556-c5c0-4cc3-8166-b274b4e3a406.json |   2 +-
 .../4a073440-b286-11eb-a4d4-09fa12a6ebd4.json |   2 +-
 .../4a4bde20-4760-11ea-949c-bbb5a9feecbf.json |   2 +-
 .../4e5f106e-c60a-4226-8f64-d534abb912ab.json |   2 +-
 .../50ced171-1b10-4c3f-8b67-2db9635661a6.json |   2 +-
 .../543118a9-02d7-43fe-b669-b8652177fc37.json |   2 +-
 .../55e332d0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json |   2 +-
 .../60d78fbd-471c-4f59-a9e3-189b33a13644.json |   2 +-
 .../665d1610-523d-11e9-a30e-e3576242f3ed.json |   2 +-
 .../677ee170-809e-11ed-8d5b-07069f823b6f.json |   2 +-
 .../76f2f912-80da-44cd-ab66-6a73c8344cc3.json |   2 +-
 .../77fc9960-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../7f41913f-cba8-43f5-82a8-241b7ead03e0.json |   2 +-
 .../7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json |   2 +-
 .../82da3101-2a9c-4ae2-bb61-d447a3fbe673.json |   2 +-
 .../870a5862-6c26-4a08-99fd-0c06cda85ba3.json |   2 +-
 .../87a32f90-ef58-11e9-974e-9d600036d105.json |   2 +-
 .../87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json |   2 +-
 .../89d1cc50-974c-11ed-bb6b-3fb06c879b11.json |   2 +-
 .../92985909-dc29-4533-9e80-d3182a0ecf1d.json |   2 +-
 .../95479950-41f2-11ea-88fa-7151df485405.json |   2 +-
 .../9ee51f94-3316-4fc5-bd89-93a52af69714.json |   2 +-
 .../a16110b0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../a33e0a50-afcd-11ea-993f-b7d8522a8bed.json |   2 +-
 .../a7514350-eba6-11e9-a384-0fcf32210194.json |   2 +-
 .../abdd7550-2c7c-40dc-947e-f6d186a158c4.json |   2 +-
 .../ae79b7d1-4281-4095-b2f6-fa7eafda9970.json |   2 +-
 .../af5df620-eeb6-11e9-bdef-65a192b7f586.json |   2 +-
 .../b50c8d17-6ed3-4de6-aed4-5181032810b2.json |   2 +-
 .../b8cf5890-87ed-11ef-ae18-dbcd34795edb.json |   2 +-
 .../b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../bb827f8e-639e-468c-93c8-9f5bc132eb8f.json |   2 +-
 .../046212a0-a2a1-11e7-928f-5dbe6f6f5519.json |   2 +-
 .../0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json |   2 +-
 .../3768ef70-d819-11ee-820d-dd9fd73a3921.json |   2 +-
 .../4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json |   2 +-
 .../55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json |   2 +-
 .../79202ee0-d811-11ee-820d-dd9fd73a3921.json |   2 +-
 .../7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json |   2 +-
 .../88bcec50-cc74-11ef-bae9-0d6b8da935ba.json |   2 +-
 .../903f42c0-f634-11ec-828d-2fb7a4a26e1f.json |   2 +-
 .../beats/Metricbeat-host-overview.json       |   2 +-
 .../beats/Metricbeat-system-overview.json     |   2 +-
 .../f6600310-9943-11ee-a029-e973f4774355.json |   2 +-
 .../bed185a0-ef82-11e9-b38a-2db3ee640e88.json |   2 +-
 .../bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json |   2 +-
 .../c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json |   2 +-
 .../c899f8b0-d36b-11ef-b619-17836b3bbf47.json | 243 +++++++++
 .../ca5799a0-56b5-11eb-b749-576de068f8ad.json |   2 +-
 .../caef3ade-d289-4d05-a511-149f3e97f238.json |   2 +-
 .../d2dd0180-06b1-11ec-8c6b-353266ade330.json |   2 +-
 .../d41fe630-3f98-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json |   2 +-
 .../dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json |   2 +-
 .../e09a4b86-29b5-4256-bb3b-802ac9f90404.json |   2 +-
 .../e233a570-45d9-11ef-96a6-432365601033.json |   2 +-
 .../e76d05c0-eb9f-11e9-a384-0fcf32210194.json |   2 +-
 .../ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json |   2 +-
 .../f1f09567-fc7f-450b-a341-19d2f2bb468b.json |   2 +-
 .../f2c0da10-d2c5-11ef-8864-d58a560dc292.json |   2 +-
 .../f394057d-1b16-4174-b994-7045f423a416.json |   2 +-
 .../f77bf097-18a8-465c-b634-eb2acc7a4f26.json |   2 +-
 .../fa141950-ef89-11e9-b38a-2db3ee640e88.json |   2 +-
 .../fa477130-2b8a-11ec-a9f2-3911c8571bfd.json |   2 +-
 .../composable/component/zeek_ot.json         | 367 ++++++-------
 logstash/pipelines/zeek/1200_zeek_mutate.conf |  44 +-
 .../pipelines/zeek/1300_zeek_normalize.conf   |  20 +
 .../pipelines/zeek/1400_zeek_convert.conf     |  26 +
 97 files changed, 1157 insertions(+), 655 deletions(-)
 create mode 100644 dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json

diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini
index 3c213a458..f23f56cf6 100644
--- a/arkime/etc/config.ini
+++ b/arkime/etc/config.ini
@@ -1468,250 +1468,224 @@ zeek.ntp.num_exts=db:zeek.ntp.num_exts;group:zeek_ntp;kind:integer;viewerOnly:tr
 
 # omron_fins_data_link_status_read.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_data_link_status_read.command_code=db:zeek.omron_fins_data_link_status_read.command_code;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_data_link_status_read.icf_data_type=db:zeek.omron_fins_data_link_status_read.icf_data_type;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_data_link_status_read.response_code=db:zeek.omron_fins_data_link_status_read.response_code;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_data_link_status_read.node_number=db:zeek.omron_fins_data_link_status_read.node_number;group:zeek_data_link_status_read_log;kind:integer;viewerOnly:true;friendly:node_number;help:node_number
-zeek.omron_fins_data_link_status_read.data_links=db:zeek.omron_fins_data_link_status_read.data_links;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:data_links;help:data_links
-zeek.omron_fins_data_link_status_read.node_setting=db:zeek.omron_fins_data_link_status_read.node_setting;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:node_setting;help:node_setting
-zeek.omron_fins_data_link_status_read.master_node_number=db:zeek.omron_fins_data_link_status_read.master_node_number;group:zeek_data_link_status_read_log;kind:integer;viewerOnly:true;friendly:master_node_number;help:master_node_number
-zeek.omron_fins_data_link_status_read.error_status=db:zeek.omron_fins_data_link_status_read.error_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:error_status;help:error_status
-zeek.omron_fins_data_link_status_read.mode_status=db:zeek.omron_fins_data_link_status_read.mode_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:mode_status;help:mode_status
-zeek.omron_fins_data_link_status_read.warning_status=db:zeek.omron_fins_data_link_status_read.warning_status;group:zeek_data_link_status_read_log;kind:termfield;viewerOnly:true;friendly:warning_status;help:warning_status
+zeek.omron_fins_data_link_status_read.node_number=db:zeek.omron_fins_data_link_status_read.node_number;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:node_number;help:node_number
+zeek.omron_fins_data_link_status_read.data_links=db:zeek.omron_fins_data_link_status_read.data_links;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:data_links;help:data_links
+zeek.omron_fins_data_link_status_read.node_setting=db:zeek.omron_fins_data_link_status_read.node_setting;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:node_setting;help:node_setting
+zeek.omron_fins_data_link_status_read.master_node_number=db:zeek.omron_fins_data_link_status_read.master_node_number;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:master_node_number;help:master_node_number
+zeek.omron_fins_data_link_status_read.error_status=db:zeek.omron_fins_data_link_status_read.error_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:error_status;help:error_status
+zeek.omron_fins_data_link_status_read.mode_status=db:zeek.omron_fins_data_link_status_read.mode_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:mode_status;help:mode_status
+zeek.omron_fins_data_link_status_read.warning_status=db:zeek.omron_fins_data_link_status_read.warning_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:warning_status;help:warning_status
 
 # omron_fins_error.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_error.command_code=db:zeek.omron_fins_error.command_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_error.icf_data_type=db:zeek.omron_fins_error.icf_data_type;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_error.response_code=db:zeek.omron_fins_error.response_code;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_error.error_reset_fal_no=db:zeek.omron_fins_error.error_reset_fal_no;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_reset_fal_no;help:error_reset_fal_no
-zeek.omron_fins_error.beginning_record_no=db:zeek.omron_fins_error.beginning_record_no;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:beginning_record_no;help:beginning_record_no
-zeek.omron_fins_error.max_no_stored_records=db:zeek.omron_fins_error.max_no_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:max_no_stored_records;help:max_no_stored_records
-zeek.omron_fins_error.no_of_stored_records=db:zeek.omron_fins_error.no_of_stored_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_stored_records;help:no_of_stored_records
-zeek.omron_fins_error.no_of_records=db:zeek.omron_fins_error.no_of_records;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:no_of_records;help:no_of_records
-zeek.omron_fins_error.error_code_1=db:zeek.omron_fins_error.error_code_1;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_1;help:error_code_1
-zeek.omron_fins_error.error_code_2=db:zeek.omron_fins_error.error_code_2;group:zeek_detail_error_log;kind:termfield;viewerOnly:true;friendly:error_code_2;help:error_code_2
-zeek.omron_fins_error.minute=db:zeek.omron_fins_error.minute;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
-zeek.omron_fins_error.second=db:zeek.omron_fins_error.second;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:second;help:second
-zeek.omron_fins_error.day=db:zeek.omron_fins_error.day;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:day;help:day
-zeek.omron_fins_error.hour=db:zeek.omron_fins_error.hour;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
-zeek.omron_fins_error.year=db:zeek.omron_fins_error.year;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:year;help:year
-zeek.omron_fins_error.month=db:zeek.omron_fins_error.month;group:zeek_detail_error_log;kind:integer;viewerOnly:true;friendly:month;help:month
+zeek.omron_fins_error.error_reset_fal_no=db:zeek.omron_fins_error.error_reset_fal_no;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:error_reset_fal_no;help:error_reset_fal_no
+zeek.omron_fins_error.beginning_record_no=db:zeek.omron_fins_error.beginning_record_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:beginning_record_no;help:beginning_record_no
+zeek.omron_fins_error.max_no_stored_records=db:zeek.omron_fins_error.max_no_stored_records;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:max_no_stored_records;help:max_no_stored_records
+zeek.omron_fins_error.no_of_stored_records=db:zeek.omron_fins_error.no_of_stored_records;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_stored_records;help:no_of_stored_records
+zeek.omron_fins_error.no_of_records=db:zeek.omron_fins_error.no_of_records;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_records;help:no_of_records
+zeek.omron_fins_error.error_code_1=db:zeek.omron_fins_error.error_code_1;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:error_code_1;help:error_code_1
+zeek.omron_fins_error.error_code_2=db:zeek.omron_fins_error.error_code_2;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:error_code_2;help:error_code_2
 
 # omron_fins_file.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_file.command_code=db:zeek.omron_fins_file.command_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_file.icf_data_type=db:zeek.omron_fins_file.icf_data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_file.response_code=db:zeek.omron_fins_file.response_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_file.disk_no=db:zeek.omron_fins_file.disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:disk_no;help:disk_no
-zeek.omron_fins_file.beginning_file_position=db:zeek.omron_fins_file.beginning_file_position;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_file_position;help:beginning_file_position
-zeek.omron_fins_file.no_of_files=db:zeek.omron_fins_file.no_of_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_files;help:no_of_files
-zeek.omron_fins_file.volume_label=db:zeek.omron_fins_file.volume_label;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:volume_label;help:volume_label
-zeek.omron_fins_file.year=db:zeek.omron_fins_file.year;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:year;help:year
-zeek.omron_fins_file.month=db:zeek.omron_fins_file.month;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:month;help:month
-zeek.omron_fins_file.day=db:zeek.omron_fins_file.day;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:day;help:day
-zeek.omron_fins_file.hour=db:zeek.omron_fins_file.hour;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
-zeek.omron_fins_file.minute=db:zeek.omron_fins_file.minute;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
-zeek.omron_fins_file.second=db:zeek.omron_fins_file.second;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:second;help:second
-zeek.omron_fins_file.total_capacity=db:zeek.omron_fins_file.total_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_capacity;help:total_capacity
-zeek.omron_fins_file.unused_capacity=db:zeek.omron_fins_file.unused_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:unused_capacity;help:unused_capacity
-zeek.omron_fins_file.total_no_files=db:zeek.omron_fins_file.total_no_files;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_files;help:total_no_files
-zeek.omron_fins_file.no_files_read=db:zeek.omron_fins_file.no_files_read;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_files_read;help:no_files_read
-zeek.omron_fins_file.last_file=db:zeek.omron_fins_file.last_file;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_file;help:last_file
-zeek.omron_fins_file.file_name=db:zeek.omron_fins_file.file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:file_name;help:file_name
-zeek.omron_fins_file.file_capacity=db:zeek.omron_fins_file.file_capacity;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_capacity;help:file_capacity
-zeek.omron_fins_file.file_position=db:zeek.omron_fins_file.file_position;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:file_position;help:file_position
-zeek.omron_fins_file.data_length=db:zeek.omron_fins_file.data_length;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:data_length;help:data_length
-zeek.omron_fins_file.parameter_code=db:zeek.omron_fins_file.parameter_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_code;help:parameter_code
-zeek.omron_fins_file.src_disk_no=db:zeek.omron_fins_file.src_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:src_disk_no;help:src_disk_no
-zeek.omron_fins_file.src_file_name=db:zeek.omron_fins_file.src_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:src_file_name;help:src_file_name
-zeek.omron_fins_file.dst_disk_no=db:zeek.omron_fins_file.dst_disk_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:dst_disk_no;help:dst_disk_no
-zeek.omron_fins_file.dst_file_name=db:zeek.omron_fins_file.dst_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:dst_file_name;help:dst_file_name
-zeek.omron_fins_file.old_file_name=db:zeek.omron_fins_file.old_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:old_file_name;help:old_file_name
-zeek.omron_fins_file.new_file_name=db:zeek.omron_fins_file.new_file_name;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:new_file_name;help:new_file_name
-zeek.omron_fins_file.parameter_area_code=db:zeek.omron_fins_file.parameter_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
-zeek.omron_fins_file.beginning_address=db:zeek.omron_fins_file.beginning_address;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
-zeek.omron_fins_file.no_of_words=db:zeek.omron_fins_file.no_of_words;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_words;help:no_of_words
-zeek.omron_fins_file.memory_area_code=db:zeek.omron_fins_file.memory_area_code;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
-zeek.omron_fins_file.no_of_items=db:zeek.omron_fins_file.no_of_items;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_items;help:no_of_items
-zeek.omron_fins_file.program_no=db:zeek.omron_fins_file.program_no;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:program_no;help:program_no
-zeek.omron_fins_file.no_of_bytes=db:zeek.omron_fins_file.no_of_bytes;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_bytes;help:no_of_bytes
-zeek.omron_fins_file.beginning_word=db:zeek.omron_fins_file.beginning_word;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
-zeek.omron_fins_file.beginning_block_no=db:zeek.omron_fins_file.beginning_block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:beginning_block_no;help:beginning_block_no
-zeek.omron_fins_file.no_of_blocks=db:zeek.omron_fins_file.no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:no_of_blocks;help:no_of_blocks
-zeek.omron_fins_file.remaining_blocks=db:zeek.omron_fins_file.remaining_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:remaining_blocks;help:remaining_blocks
-zeek.omron_fins_file.total_no_of_blocks=db:zeek.omron_fins_file.total_no_of_blocks;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:total_no_of_blocks;help:total_no_of_blocks
-zeek.omron_fins_file.memory_type=db:zeek.omron_fins_file.memory_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_type;help:memory_type
-zeek.omron_fins_file.data_type=db:zeek.omron_fins_file.data_type;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:data_type;help:data_type
-zeek.omron_fins_file.last_block=db:zeek.omron_fins_file.last_block;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:last_block;help:last_block
-zeek.omron_fins_file.protected=db:zeek.omron_fins_file.protected;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:protected;help:protected
-zeek.omron_fins_file.control_data=db:zeek.omron_fins_file.control_data;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:control_data;help:control_data
-zeek.omron_fins_file.block_no=db:zeek.omron_fins_file.block_no;group:zeek_detail_file_log;kind:integer;viewerOnly:true;friendly:block_no;help:block_no
-zeek.omron_fins_file.memory_data=db:zeek.omron_fins_file.memory_data;group:zeek_detail_file_log;kind:termfield;viewerOnly:true;friendly:memory_data;help:memory_data
+zeek.omron_fins_file.disk_no=db:zeek.omron_fins_file.disk_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:disk_no;help:disk_no
+zeek.omron_fins_file.beginning_file_position=db:zeek.omron_fins_file.beginning_file_position;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:beginning_file_position;help:beginning_file_position
+zeek.omron_fins_file.no_of_files=db:zeek.omron_fins_file.no_of_files;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_files;help:no_of_files
+zeek.omron_fins_file.volume_label=db:zeek.omron_fins_file.volume_label;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:volume_label;help:volume_label
+zeek.omron_fins_file.total_capacity=db:zeek.omron_fins_file.total_capacity;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:total_capacity;help:total_capacity
+zeek.omron_fins_file.unused_capacity=db:zeek.omron_fins_file.unused_capacity;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:unused_capacity;help:unused_capacity
+zeek.omron_fins_file.total_no_files=db:zeek.omron_fins_file.total_no_files;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:total_no_files;help:total_no_files
+zeek.omron_fins_file.no_files_read=db:zeek.omron_fins_file.no_files_read;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_files_read;help:no_files_read
+zeek.omron_fins_file.last_file=db:zeek.omron_fins_file.last_file;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:last_file;help:last_file
+zeek.omron_fins_file.file_name=db:zeek.omron_fins_file.file_name;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:file_name;help:file_name
+zeek.omron_fins_file.file_capacity=db:zeek.omron_fins_file.file_capacity;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:file_capacity;help:file_capacity
+zeek.omron_fins_file.file_position=db:zeek.omron_fins_file.file_position;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:file_position;help:file_position
+zeek.omron_fins_file.data_length=db:zeek.omron_fins_file.data_length;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:data_length;help:data_length
+zeek.omron_fins_file.parameter_code=db:zeek.omron_fins_file.parameter_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:parameter_code;help:parameter_code
+zeek.omron_fins_file.src_disk_no=db:zeek.omron_fins_file.src_disk_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:src_disk_no;help:src_disk_no
+zeek.omron_fins_file.src_file_name=db:zeek.omron_fins_file.src_file_name;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:src_file_name;help:src_file_name
+zeek.omron_fins_file.dst_disk_no=db:zeek.omron_fins_file.dst_disk_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:dst_disk_no;help:dst_disk_no
+zeek.omron_fins_file.dst_file_name=db:zeek.omron_fins_file.dst_file_name;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:dst_file_name;help:dst_file_name
+zeek.omron_fins_file.old_file_name=db:zeek.omron_fins_file.old_file_name;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:old_file_name;help:old_file_name
+zeek.omron_fins_file.new_file_name=db:zeek.omron_fins_file.new_file_name;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:new_file_name;help:new_file_name
+zeek.omron_fins_file.parameter_area_code=db:zeek.omron_fins_file.parameter_area_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
+zeek.omron_fins_file.beginning_address=db:zeek.omron_fins_file.beginning_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
+zeek.omron_fins_file.no_of_words=db:zeek.omron_fins_file.no_of_words;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_words;help:no_of_words
+zeek.omron_fins_file.memory_area_code=db:zeek.omron_fins_file.memory_area_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
+zeek.omron_fins_file.no_of_items=db:zeek.omron_fins_file.no_of_items;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_items;help:no_of_items
+zeek.omron_fins_file.program_no=db:zeek.omron_fins_file.program_no;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:program_no;help:program_no
+zeek.omron_fins_file.no_of_bytes=db:zeek.omron_fins_file.no_of_bytes;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_bytes;help:no_of_bytes
+zeek.omron_fins_file.beginning_word=db:zeek.omron_fins_file.beginning_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
+zeek.omron_fins_file.beginning_block_no=db:zeek.omron_fins_file.beginning_block_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:beginning_block_no;help:beginning_block_no
+zeek.omron_fins_file.no_of_blocks=db:zeek.omron_fins_file.no_of_blocks;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_blocks;help:no_of_blocks
+zeek.omron_fins_file.remaining_blocks=db:zeek.omron_fins_file.remaining_blocks;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:remaining_blocks;help:remaining_blocks
+zeek.omron_fins_file.total_no_of_blocks=db:zeek.omron_fins_file.total_no_of_blocks;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:total_no_of_blocks;help:total_no_of_blocks
+zeek.omron_fins_file.memory_type=db:zeek.omron_fins_file.memory_type;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:memory_type;help:memory_type
+zeek.omron_fins_file.data_type=db:zeek.omron_fins_file.data_type;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:data_type;help:data_type
+zeek.omron_fins_file.last_block=db:zeek.omron_fins_file.last_block;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:last_block;help:last_block
+zeek.omron_fins_file.protected=db:zeek.omron_fins_file.protected;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:protected;help:protected
+zeek.omron_fins_file.control_data=db:zeek.omron_fins_file.control_data;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:control_data;help:control_data
+zeek.omron_fins_file.block_no=db:zeek.omron_fins_file.block_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:block_no;help:block_no
+zeek.omron_fins_file.memory_data=db:zeek.omron_fins_file.memory_data;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:memory_data;help:memory_data
 
 # omron_fins_detail.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_detail.command_code=db:zeek.omron_fins_detail.command_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_detail.icf_data_type=db:zeek.omron_fins_detail.icf_data_type;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_detail.memory_area_code=db:zeek.omron_fins_detail.memory_area_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
-zeek.omron_fins_detail.beginning_address=db:zeek.omron_fins_detail.beginning_address;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
-zeek.omron_fins_detail.number_of_items=db:zeek.omron_fins_detail.number_of_items;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_items;help:number_of_items
-zeek.omron_fins_detail.parameter_area_code=db:zeek.omron_fins_detail.parameter_area_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
-zeek.omron_fins_detail.beginning_word=db:zeek.omron_fins_detail.beginning_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
-zeek.omron_fins_detail.number_of_words=db:zeek.omron_fins_detail.number_of_words;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_words;help:number_of_words
-zeek.omron_fins_detail.last_word_bit=db:zeek.omron_fins_detail.last_word_bit;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:last_word_bit;help:last_word_bit
-zeek.omron_fins_detail.response_code=db:zeek.omron_fins_detail.response_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_detail.data=db:zeek.omron_fins_detail.data;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:data;help:data
-zeek.omron_fins_detail.year=db:zeek.omron_fins_detail.year;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:year;help:year
-zeek.omron_fins_detail.month=db:zeek.omron_fins_detail.month;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:month;help:month
-zeek.omron_fins_detail.date=db:zeek.omron_fins_detail.date;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:date;help:date
-zeek.omron_fins_detail.hour=db:zeek.omron_fins_detail.hour;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:hour;help:hour
-zeek.omron_fins_detail.minute=db:zeek.omron_fins_detail.minute;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:minute;help:minute
-zeek.omron_fins_detail.second=db:zeek.omron_fins_detail.second;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:second;help:second
-zeek.omron_fins_detail.day=db:zeek.omron_fins_detail.day;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:day;help:day
-zeek.omron_fins_detail.clock_time=db:zeek.omron_fins_detail.clock_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:clock_time;help:clock_time
-zeek.omron_fins_detail.intelligent_id_no=db:zeek.omron_fins_detail.intelligent_id_no;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:intelligent_id_no;help:intelligent_id_no
-zeek.omron_fins_detail.first_word=db:zeek.omron_fins_detail.first_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:first_word;help:first_word
-zeek.omron_fins_detail.read_length=db:zeek.omron_fins_detail.read_length;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:read_length;help:read_length
-zeek.omron_fins_detail.data_length=db:zeek.omron_fins_detail.data_length;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:data_length;help:data_length
-zeek.omron_fins_detail.num_of_link_nodes=db:zeek.omron_fins_detail.num_of_link_nodes;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:num_of_link_nodes;help:num_of_link_nodes
-zeek.omron_fins_detail.block_record_data_link_status=db:zeek.omron_fins_detail.block_record_data_link_status;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_data_link_status;help:block_record_data_link_status
-zeek.omron_fins_detail.block_record_num_of_link_nodes=db:zeek.omron_fins_detail.block_record_num_of_link_nodes;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:block_record_num_of_link_nodes;help:block_record_num_of_link_nodes
-zeek.omron_fins_detail.block_record_node_num=db:zeek.omron_fins_detail.block_record_node_num;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:block_record_node_num;help:block_record_node_num
-zeek.omron_fins_detail.block_record_cio_area_first_word=db:zeek.omron_fins_detail.block_record_cio_area_first_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_cio_area_first_word;help:block_record_cio_area_first_word
-zeek.omron_fins_detail.block_record_kind_of_dm=db:zeek.omron_fins_detail.block_record_kind_of_dm;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_kind_of_dm;help:block_record_kind_of_dm
-zeek.omron_fins_detail.block_record_dm_area_first_word=db:zeek.omron_fins_detail.block_record_dm_area_first_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:block_record_dm_area_first_word;help:block_record_dm_area_first_word
-zeek.omron_fins_detail.block_record_num_of_total_words=db:zeek.omron_fins_detail.block_record_num_of_total_words;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:block_record_num_of_total_words;help:block_record_num_of_total_words
-zeek.omron_fins_detail.program_no=db:zeek.omron_fins_detail.program_no;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:program_no;help:program_no
-zeek.omron_fins_detail.protect_code=db:zeek.omron_fins_detail.protect_code;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:protect_code;help:protect_code
-zeek.omron_fins_detail.last_word=db:zeek.omron_fins_detail.last_word;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:last_word;help:last_word
-zeek.omron_fins_detail.clear_code=db:zeek.omron_fins_detail.clear_code;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:clear_code;help:clear_code
-zeek.omron_fins_detail.number_of_bytes=db:zeek.omron_fins_detail.number_of_bytes;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_bytes;help:number_of_bytes
-zeek.omron_fins_detail.run_mode=db:zeek.omron_fins_detail.run_mode;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:run_mode;help:run_mode
-zeek.omron_fins_detail.controller_data_to_read=db:zeek.omron_fins_detail.controller_data_to_read;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_data_to_read;help:controller_data_to_read
-zeek.omron_fins_detail.controller_model=db:zeek.omron_fins_detail.controller_model;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_model;help:controller_model
-zeek.omron_fins_detail.controller_version=db:zeek.omron_fins_detail.controller_version;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_version;help:controller_version
-zeek.omron_fins_detail.for_system_use=db:zeek.omron_fins_detail.for_system_use;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:for_system_use;help:for_system_use
-zeek.omron_fins_detail.program_area_size=db:zeek.omron_fins_detail.program_area_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:program_area_size;help:program_area_size
-zeek.omron_fins_detail.iom_size=db:zeek.omron_fins_detail.iom_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:iom_size;help:iom_size
-zeek.omron_fins_detail.no_of_dm_words=db:zeek.omron_fins_detail.no_of_dm_words;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_dm_words;help:no_of_dm_words
-zeek.omron_fins_detail.timer_size=db:zeek.omron_fins_detail.timer_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:timer_size;help:timer_size
-zeek.omron_fins_detail.expansion_dm_size=db:zeek.omron_fins_detail.expansion_dm_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:expansion_dm_size;help:expansion_dm_size
-zeek.omron_fins_detail.no_of_steps_transitions=db:zeek.omron_fins_detail.no_of_steps_transitions;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_steps_transitions;help:no_of_steps_transitions
-zeek.omron_fins_detail.kind_of_memory_card=db:zeek.omron_fins_detail.kind_of_memory_card;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:kind_of_memory_card;help:kind_of_memory_card
-zeek.omron_fins_detail.memory_card_size=db:zeek.omron_fins_detail.memory_card_size;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:memory_card_size;help:memory_card_size
-zeek.omron_fins_detail.cpu_bus_unit_config=db:zeek.omron_fins_detail.cpu_bus_unit_config;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:cpu_bus_unit_config;help:cpu_bus_unit_config
-zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted=db:zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_sysmac_bus_master_mounted;help:no_of_sysmac_bus_master_mounted
-zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted=db:zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_sysmac_bus2_master_mounted;help:no_of_sysmac_bus2_master_mounted
-zeek.omron_fins_detail.peripheral_device_connected=db:zeek.omron_fins_detail.peripheral_device_connected;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:peripheral_device_connected;help:peripheral_device_connected
-zeek.omron_fins_detail.built_in_host_interface=db:zeek.omron_fins_detail.built_in_host_interface;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:built_in_host_interface;help:built_in_host_interface
-zeek.omron_fins_detail.no_of_racks_connected=db:zeek.omron_fins_detail.no_of_racks_connected;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_racks_connected;help:no_of_racks_connected
-zeek.omron_fins_detail.no_of_units=db:zeek.omron_fins_detail.no_of_units;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_units;help:no_of_units
-zeek.omron_fins_detail.unit_address=db:zeek.omron_fins_detail.unit_address;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:unit_address;help:unit_address
-zeek.omron_fins_detail.model_number=db:zeek.omron_fins_detail.model_number;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:model_number;help:model_number
-zeek.omron_fins_detail.controller_status_data_read_status=db:zeek.omron_fins_detail.controller_status_data_read_status;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_status_data_read_status;help:controller_status_data_read_status
-zeek.omron_fins_detail.controller_status_data_read_mode=db:zeek.omron_fins_detail.controller_status_data_read_mode;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:controller_status_data_read_mode;help:controller_status_data_read_mode
-zeek.omron_fins_detail.fatal_error=db:zeek.omron_fins_detail.fatal_error;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fatal_error;help:fatal_error
-zeek.omron_fins_detail.non_fatal_error=db:zeek.omron_fins_detail.non_fatal_error;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:non_fatal_error;help:non_fatal_error
-zeek.omron_fins_detail.message_yes_no=db:zeek.omron_fins_detail.message_yes_no;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_yes_no;help:message_yes_no
-zeek.omron_fins_detail.fal_fals_no=db:zeek.omron_fins_detail.fal_fals_no;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:fal_fals_no;help:fal_fals_no
-zeek.omron_fins_detail.error_message=db:zeek.omron_fins_detail.error_message;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:error_message;help:error_message
-zeek.omron_fins_detail.cycle_time_read_parameter=db:zeek.omron_fins_detail.cycle_time_read_parameter;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:cycle_time_read_parameter;help:cycle_time_read_parameter
-zeek.omron_fins_detail.average_cycle_time=db:zeek.omron_fins_detail.average_cycle_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:average_cycle_time;help:average_cycle_time
-zeek.omron_fins_detail.max_cycle_time=db:zeek.omron_fins_detail.max_cycle_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:max_cycle_time;help:max_cycle_time
-zeek.omron_fins_detail.min_cycle_time=db:zeek.omron_fins_detail.min_cycle_time;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:min_cycle_time;help:min_cycle_time
-zeek.omron_fins_detail.test_data=db:zeek.omron_fins_detail.test_data;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:test_data;help:test_data
-zeek.omron_fins_detail.number_of_receptions=db:zeek.omron_fins_detail.number_of_receptions;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:number_of_receptions;help:number_of_receptions
-zeek.omron_fins_detail.command=db:zeek.omron_fins_detail.command;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:command;help:command
-zeek.omron_fins_detail.message_no_0=db:zeek.omron_fins_detail.message_no_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_0;help:message_no_0
-zeek.omron_fins_detail.message_no_1=db:zeek.omron_fins_detail.message_no_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_1;help:message_no_1
-zeek.omron_fins_detail.message_no_2=db:zeek.omron_fins_detail.message_no_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_2;help:message_no_2
-zeek.omron_fins_detail.message_no_3=db:zeek.omron_fins_detail.message_no_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_3;help:message_no_3
-zeek.omron_fins_detail.message_no_4=db:zeek.omron_fins_detail.message_no_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_4;help:message_no_4
-zeek.omron_fins_detail.message_no_5=db:zeek.omron_fins_detail.message_no_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_5;help:message_no_5
-zeek.omron_fins_detail.message_no_6=db:zeek.omron_fins_detail.message_no_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_6;help:message_no_6
-zeek.omron_fins_detail.message_no_7=db:zeek.omron_fins_detail.message_no_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_no_7;help:message_no_7
-zeek.omron_fins_detail.message_0=db:zeek.omron_fins_detail.message_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_0;help:message_0
-zeek.omron_fins_detail.message_1=db:zeek.omron_fins_detail.message_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_1;help:message_1
-zeek.omron_fins_detail.message_2=db:zeek.omron_fins_detail.message_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_2;help:message_2
-zeek.omron_fins_detail.message_3=db:zeek.omron_fins_detail.message_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_3;help:message_3
-zeek.omron_fins_detail.message_4=db:zeek.omron_fins_detail.message_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_4;help:message_4
-zeek.omron_fins_detail.message_5=db:zeek.omron_fins_detail.message_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_5;help:message_5
-zeek.omron_fins_detail.message_6=db:zeek.omron_fins_detail.message_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_6;help:message_6
-zeek.omron_fins_detail.message_7=db:zeek.omron_fins_detail.message_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:message_7;help:message_7
-zeek.omron_fins_detail.fal_fals_no_0=db:zeek.omron_fins_detail.fal_fals_no_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_0;help:fal_fals_no_0
-zeek.omron_fins_detail.fal_fals_no_1=db:zeek.omron_fins_detail.fal_fals_no_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_1;help:fal_fals_no_1
-zeek.omron_fins_detail.fal_fals_no_2=db:zeek.omron_fins_detail.fal_fals_no_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_2;help:fal_fals_no_2
-zeek.omron_fins_detail.fal_fals_no_3=db:zeek.omron_fins_detail.fal_fals_no_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_3;help:fal_fals_no_3
-zeek.omron_fins_detail.fal_fals_no_4=db:zeek.omron_fins_detail.fal_fals_no_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_4;help:fal_fals_no_4
-zeek.omron_fins_detail.fal_fals_no_5=db:zeek.omron_fins_detail.fal_fals_no_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_5;help:fal_fals_no_5
-zeek.omron_fins_detail.fal_fals_no_6=db:zeek.omron_fins_detail.fal_fals_no_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_6;help:fal_fals_no_6
-zeek.omron_fins_detail.fal_fals_no_7=db:zeek.omron_fins_detail.fal_fals_no_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_7;help:fal_fals_no_7
-zeek.omron_fins_detail.fal_fals_no_8=db:zeek.omron_fins_detail.fal_fals_no_8;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_8;help:fal_fals_no_8
-zeek.omron_fins_detail.fal_fals_no_9=db:zeek.omron_fins_detail.fal_fals_no_9;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_9;help:fal_fals_no_9
-zeek.omron_fins_detail.fal_fals_no_10=db:zeek.omron_fins_detail.fal_fals_no_10;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_10;help:fal_fals_no_10
-zeek.omron_fins_detail.fal_fals_no_11=db:zeek.omron_fins_detail.fal_fals_no_11;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_11;help:fal_fals_no_11
-zeek.omron_fins_detail.fal_fals_no_12=db:zeek.omron_fins_detail.fal_fals_no_12;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_12;help:fal_fals_no_12
-zeek.omron_fins_detail.fal_fals_no_13=db:zeek.omron_fins_detail.fal_fals_no_13;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_no_13;help:fal_fals_no_13
-zeek.omron_fins_detail.fal_fals_0=db:zeek.omron_fins_detail.fal_fals_0;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_0;help:fal_fals_0
-zeek.omron_fins_detail.fal_fals_1=db:zeek.omron_fins_detail.fal_fals_1;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_1;help:fal_fals_1
-zeek.omron_fins_detail.fal_fals_2=db:zeek.omron_fins_detail.fal_fals_2;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_2;help:fal_fals_2
-zeek.omron_fins_detail.fal_fals_3=db:zeek.omron_fins_detail.fal_fals_3;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_3;help:fal_fals_3
-zeek.omron_fins_detail.fal_fals_4=db:zeek.omron_fins_detail.fal_fals_4;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_4;help:fal_fals_4
-zeek.omron_fins_detail.fal_fals_5=db:zeek.omron_fins_detail.fal_fals_5;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_5;help:fal_fals_5
-zeek.omron_fins_detail.fal_fals_6=db:zeek.omron_fins_detail.fal_fals_6;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_6;help:fal_fals_6
-zeek.omron_fins_detail.fal_fals_7=db:zeek.omron_fins_detail.fal_fals_7;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_7;help:fal_fals_7
-zeek.omron_fins_detail.fal_fals_8=db:zeek.omron_fins_detail.fal_fals_8;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_8;help:fal_fals_8
-zeek.omron_fins_detail.fal_fals_9=db:zeek.omron_fins_detail.fal_fals_9;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_9;help:fal_fals_9
-zeek.omron_fins_detail.fal_fals_10=db:zeek.omron_fins_detail.fal_fals_10;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_10;help:fal_fals_10
-zeek.omron_fins_detail.fal_fals_11=db:zeek.omron_fins_detail.fal_fals_11;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_11;help:fal_fals_11
-zeek.omron_fins_detail.fal_fals_12=db:zeek.omron_fins_detail.fal_fals_12;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_12;help:fal_fals_12
-zeek.omron_fins_detail.fal_fals_13=db:zeek.omron_fins_detail.fal_fals_13;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:fal_fals_13;help:fal_fals_13
-zeek.omron_fins_detail.acquire_network_address=db:zeek.omron_fins_detail.acquire_network_address;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:acquire_network_address;help:acquire_network_address
-zeek.omron_fins_detail.acquire_node_number=db:zeek.omron_fins_detail.acquire_node_number;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:acquire_node_number;help:acquire_node_number
-zeek.omron_fins_detail.acquire_unit_address=db:zeek.omron_fins_detail.acquire_unit_address;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:acquire_unit_address;help:acquire_unit_address
-zeek.omron_fins_detail.no_of_bits=db:zeek.omron_fins_detail.no_of_bits;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:no_of_bits;help:no_of_bits
-zeek.omron_fins_detail.set_reset_specification=db:zeek.omron_fins_detail.set_reset_specification;group:zeek_detail_log;kind:termfield;viewerOnly:true;friendly:set_reset_specification;help:set_reset_specification
-zeek.omron_fins_detail.bit_flag=db:zeek.omron_fins_detail.bit_flag;group:zeek_detail_log;kind:integer;viewerOnly:true;friendly:bit_flag;help:bit_flag
+zeek.omron_fins_detail.memory_area_code=db:zeek.omron_fins_detail.memory_area_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:memory_area_code;help:memory_area_code
+zeek.omron_fins_detail.beginning_address=db:zeek.omron_fins_detail.beginning_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:beginning_address;help:beginning_address
+zeek.omron_fins_detail.number_of_items=db:zeek.omron_fins_detail.number_of_items;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:number_of_items;help:number_of_items
+zeek.omron_fins_detail.parameter_area_code=db:zeek.omron_fins_detail.parameter_area_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:parameter_area_code;help:parameter_area_code
+zeek.omron_fins_detail.beginning_word=db:zeek.omron_fins_detail.beginning_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:beginning_word;help:beginning_word
+zeek.omron_fins_detail.number_of_words=db:zeek.omron_fins_detail.number_of_words;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:number_of_words;help:number_of_words
+zeek.omron_fins_detail.last_word_bit=db:zeek.omron_fins_detail.last_word_bit;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:last_word_bit;help:last_word_bit
+zeek.omron_fins_detail.data=db:zeek.omron_fins_detail.data;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:data;help:data
+zeek.omron_fins_detail.date=db:zeek.omron_fins_detail.date;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:date;help:date
+zeek.omron_fins_detail.clock_time=db:zeek.omron_fins_detail.clock_time;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:clock_time;help:clock_time
+zeek.omron_fins_detail.intelligent_id_no=db:zeek.omron_fins_detail.intelligent_id_no;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:intelligent_id_no;help:intelligent_id_no
+zeek.omron_fins_detail.first_word=db:zeek.omron_fins_detail.first_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:first_word;help:first_word
+zeek.omron_fins_detail.read_length=db:zeek.omron_fins_detail.read_length;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:read_length;help:read_length
+zeek.omron_fins_detail.data_length=db:zeek.omron_fins_detail.data_length;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:data_length;help:data_length
+zeek.omron_fins_detail.num_of_link_nodes=db:zeek.omron_fins_detail.num_of_link_nodes;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:num_of_link_nodes;help:num_of_link_nodes
+zeek.omron_fins_detail.block_record_data_link_status=db:zeek.omron_fins_detail.block_record_data_link_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:block_record_data_link_status;help:block_record_data_link_status
+zeek.omron_fins_detail.block_record_num_of_link_nodes=db:zeek.omron_fins_detail.block_record_num_of_link_nodes;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:block_record_num_of_link_nodes;help:block_record_num_of_link_nodes
+zeek.omron_fins_detail.block_record_node_num=db:zeek.omron_fins_detail.block_record_node_num;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:block_record_node_num;help:block_record_node_num
+zeek.omron_fins_detail.block_record_cio_area_first_word=db:zeek.omron_fins_detail.block_record_cio_area_first_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:block_record_cio_area_first_word;help:block_record_cio_area_first_word
+zeek.omron_fins_detail.block_record_kind_of_dm=db:zeek.omron_fins_detail.block_record_kind_of_dm;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:block_record_kind_of_dm;help:block_record_kind_of_dm
+zeek.omron_fins_detail.block_record_dm_area_first_word=db:zeek.omron_fins_detail.block_record_dm_area_first_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:block_record_dm_area_first_word;help:block_record_dm_area_first_word
+zeek.omron_fins_detail.block_record_num_of_total_words=db:zeek.omron_fins_detail.block_record_num_of_total_words;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:block_record_num_of_total_words;help:block_record_num_of_total_words
+zeek.omron_fins_detail.program_no=db:zeek.omron_fins_detail.program_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:program_no;help:program_no
+zeek.omron_fins_detail.protect_code=db:zeek.omron_fins_detail.protect_code;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:protect_code;help:protect_code
+zeek.omron_fins_detail.last_word=db:zeek.omron_fins_detail.last_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:last_word;help:last_word
+zeek.omron_fins_detail.clear_code=db:zeek.omron_fins_detail.clear_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:clear_code;help:clear_code
+zeek.omron_fins_detail.number_of_bytes=db:zeek.omron_fins_detail.number_of_bytes;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:number_of_bytes;help:number_of_bytes
+zeek.omron_fins_detail.run_mode=db:zeek.omron_fins_detail.run_mode;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:run_mode;help:run_mode
+zeek.omron_fins_detail.controller_data_to_read=db:zeek.omron_fins_detail.controller_data_to_read;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:controller_data_to_read;help:controller_data_to_read
+zeek.omron_fins_detail.controller_model=db:zeek.omron_fins_detail.controller_model;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:controller_model;help:controller_model
+zeek.omron_fins_detail.controller_version=db:zeek.omron_fins_detail.controller_version;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:controller_version;help:controller_version
+zeek.omron_fins_detail.for_system_use=db:zeek.omron_fins_detail.for_system_use;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:for_system_use;help:for_system_use
+zeek.omron_fins_detail.program_area_size=db:zeek.omron_fins_detail.program_area_size;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:program_area_size;help:program_area_size
+zeek.omron_fins_detail.iom_size=db:zeek.omron_fins_detail.iom_size;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:iom_size;help:iom_size
+zeek.omron_fins_detail.no_of_dm_words=db:zeek.omron_fins_detail.no_of_dm_words;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_dm_words;help:no_of_dm_words
+zeek.omron_fins_detail.timer_size=db:zeek.omron_fins_detail.timer_size;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:timer_size;help:timer_size
+zeek.omron_fins_detail.expansion_dm_size=db:zeek.omron_fins_detail.expansion_dm_size;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:expansion_dm_size;help:expansion_dm_size
+zeek.omron_fins_detail.no_of_steps_transitions=db:zeek.omron_fins_detail.no_of_steps_transitions;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_steps_transitions;help:no_of_steps_transitions
+zeek.omron_fins_detail.kind_of_memory_card=db:zeek.omron_fins_detail.kind_of_memory_card;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:kind_of_memory_card;help:kind_of_memory_card
+zeek.omron_fins_detail.memory_card_size=db:zeek.omron_fins_detail.memory_card_size;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:memory_card_size;help:memory_card_size
+zeek.omron_fins_detail.cpu_bus_unit_config=db:zeek.omron_fins_detail.cpu_bus_unit_config;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:cpu_bus_unit_config;help:cpu_bus_unit_config
+zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted=db:zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_sysmac_bus_master_mounted;help:no_of_sysmac_bus_master_mounted
+zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted=db:zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_sysmac_bus2_master_mounted;help:no_of_sysmac_bus2_master_mounted
+zeek.omron_fins_detail.peripheral_device_connected=db:zeek.omron_fins_detail.peripheral_device_connected;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:peripheral_device_connected;help:peripheral_device_connected
+zeek.omron_fins_detail.built_in_host_interface=db:zeek.omron_fins_detail.built_in_host_interface;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:built_in_host_interface;help:built_in_host_interface
+zeek.omron_fins_detail.no_of_racks_connected=db:zeek.omron_fins_detail.no_of_racks_connected;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_racks_connected;help:no_of_racks_connected
+zeek.omron_fins_detail.no_of_units=db:zeek.omron_fins_detail.no_of_units;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_units;help:no_of_units
+zeek.omron_fins_detail.unit_address=db:zeek.omron_fins_detail.unit_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:unit_address;help:unit_address
+zeek.omron_fins_detail.model_number=db:zeek.omron_fins_detail.model_number;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:model_number;help:model_number
+zeek.omron_fins_detail.controller_status_data_read_status=db:zeek.omron_fins_detail.controller_status_data_read_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:controller_status_data_read_status;help:controller_status_data_read_status
+zeek.omron_fins_detail.controller_status_data_read_mode=db:zeek.omron_fins_detail.controller_status_data_read_mode;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:controller_status_data_read_mode;help:controller_status_data_read_mode
+zeek.omron_fins_detail.fatal_error=db:zeek.omron_fins_detail.fatal_error;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fatal_error;help:fatal_error
+zeek.omron_fins_detail.non_fatal_error=db:zeek.omron_fins_detail.non_fatal_error;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:non_fatal_error;help:non_fatal_error
+zeek.omron_fins_detail.message_yes_no=db:zeek.omron_fins_detail.message_yes_no;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_yes_no;help:message_yes_no
+zeek.omron_fins_detail.fal_fals_no=db:zeek.omron_fins_detail.fal_fals_no;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:fal_fals_no;help:fal_fals_no
+zeek.omron_fins_detail.error_message=db:zeek.omron_fins_detail.error_message;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:error_message;help:error_message
+zeek.omron_fins_detail.cycle_time_read_parameter=db:zeek.omron_fins_detail.cycle_time_read_parameter;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:cycle_time_read_parameter;help:cycle_time_read_parameter
+zeek.omron_fins_detail.average_cycle_time=db:zeek.omron_fins_detail.average_cycle_time;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:average_cycle_time;help:average_cycle_time
+zeek.omron_fins_detail.max_cycle_time=db:zeek.omron_fins_detail.max_cycle_time;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:max_cycle_time;help:max_cycle_time
+zeek.omron_fins_detail.min_cycle_time=db:zeek.omron_fins_detail.min_cycle_time;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:min_cycle_time;help:min_cycle_time
+zeek.omron_fins_detail.test_data=db:zeek.omron_fins_detail.test_data;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:test_data;help:test_data
+zeek.omron_fins_detail.number_of_receptions=db:zeek.omron_fins_detail.number_of_receptions;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:number_of_receptions;help:number_of_receptions
+zeek.omron_fins_detail.command=db:zeek.omron_fins_detail.command;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:command;help:command
+zeek.omron_fins_detail.message_no_0=db:zeek.omron_fins_detail.message_no_0;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_0;help:message_no_0
+zeek.omron_fins_detail.message_no_1=db:zeek.omron_fins_detail.message_no_1;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_1;help:message_no_1
+zeek.omron_fins_detail.message_no_2=db:zeek.omron_fins_detail.message_no_2;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_2;help:message_no_2
+zeek.omron_fins_detail.message_no_3=db:zeek.omron_fins_detail.message_no_3;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_3;help:message_no_3
+zeek.omron_fins_detail.message_no_4=db:zeek.omron_fins_detail.message_no_4;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_4;help:message_no_4
+zeek.omron_fins_detail.message_no_5=db:zeek.omron_fins_detail.message_no_5;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_5;help:message_no_5
+zeek.omron_fins_detail.message_no_6=db:zeek.omron_fins_detail.message_no_6;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_6;help:message_no_6
+zeek.omron_fins_detail.message_no_7=db:zeek.omron_fins_detail.message_no_7;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_no_7;help:message_no_7
+zeek.omron_fins_detail.message_0=db:zeek.omron_fins_detail.message_0;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_0;help:message_0
+zeek.omron_fins_detail.message_1=db:zeek.omron_fins_detail.message_1;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_1;help:message_1
+zeek.omron_fins_detail.message_2=db:zeek.omron_fins_detail.message_2;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_2;help:message_2
+zeek.omron_fins_detail.message_3=db:zeek.omron_fins_detail.message_3;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_3;help:message_3
+zeek.omron_fins_detail.message_4=db:zeek.omron_fins_detail.message_4;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_4;help:message_4
+zeek.omron_fins_detail.message_5=db:zeek.omron_fins_detail.message_5;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_5;help:message_5
+zeek.omron_fins_detail.message_6=db:zeek.omron_fins_detail.message_6;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_6;help:message_6
+zeek.omron_fins_detail.message_7=db:zeek.omron_fins_detail.message_7;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:message_7;help:message_7
+zeek.omron_fins_detail.fal_fals_no_0=db:zeek.omron_fins_detail.fal_fals_no_0;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_0;help:fal_fals_no_0
+zeek.omron_fins_detail.fal_fals_no_1=db:zeek.omron_fins_detail.fal_fals_no_1;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_1;help:fal_fals_no_1
+zeek.omron_fins_detail.fal_fals_no_2=db:zeek.omron_fins_detail.fal_fals_no_2;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_2;help:fal_fals_no_2
+zeek.omron_fins_detail.fal_fals_no_3=db:zeek.omron_fins_detail.fal_fals_no_3;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_3;help:fal_fals_no_3
+zeek.omron_fins_detail.fal_fals_no_4=db:zeek.omron_fins_detail.fal_fals_no_4;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_4;help:fal_fals_no_4
+zeek.omron_fins_detail.fal_fals_no_5=db:zeek.omron_fins_detail.fal_fals_no_5;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_5;help:fal_fals_no_5
+zeek.omron_fins_detail.fal_fals_no_6=db:zeek.omron_fins_detail.fal_fals_no_6;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_6;help:fal_fals_no_6
+zeek.omron_fins_detail.fal_fals_no_7=db:zeek.omron_fins_detail.fal_fals_no_7;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_7;help:fal_fals_no_7
+zeek.omron_fins_detail.fal_fals_no_8=db:zeek.omron_fins_detail.fal_fals_no_8;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_8;help:fal_fals_no_8
+zeek.omron_fins_detail.fal_fals_no_9=db:zeek.omron_fins_detail.fal_fals_no_9;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_9;help:fal_fals_no_9
+zeek.omron_fins_detail.fal_fals_no_10=db:zeek.omron_fins_detail.fal_fals_no_10;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_10;help:fal_fals_no_10
+zeek.omron_fins_detail.fal_fals_no_11=db:zeek.omron_fins_detail.fal_fals_no_11;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_11;help:fal_fals_no_11
+zeek.omron_fins_detail.fal_fals_no_12=db:zeek.omron_fins_detail.fal_fals_no_12;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_12;help:fal_fals_no_12
+zeek.omron_fins_detail.fal_fals_no_13=db:zeek.omron_fins_detail.fal_fals_no_13;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_no_13;help:fal_fals_no_13
+zeek.omron_fins_detail.fal_fals_0=db:zeek.omron_fins_detail.fal_fals_0;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_0;help:fal_fals_0
+zeek.omron_fins_detail.fal_fals_1=db:zeek.omron_fins_detail.fal_fals_1;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_1;help:fal_fals_1
+zeek.omron_fins_detail.fal_fals_2=db:zeek.omron_fins_detail.fal_fals_2;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_2;help:fal_fals_2
+zeek.omron_fins_detail.fal_fals_3=db:zeek.omron_fins_detail.fal_fals_3;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_3;help:fal_fals_3
+zeek.omron_fins_detail.fal_fals_4=db:zeek.omron_fins_detail.fal_fals_4;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_4;help:fal_fals_4
+zeek.omron_fins_detail.fal_fals_5=db:zeek.omron_fins_detail.fal_fals_5;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_5;help:fal_fals_5
+zeek.omron_fins_detail.fal_fals_6=db:zeek.omron_fins_detail.fal_fals_6;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_6;help:fal_fals_6
+zeek.omron_fins_detail.fal_fals_7=db:zeek.omron_fins_detail.fal_fals_7;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_7;help:fal_fals_7
+zeek.omron_fins_detail.fal_fals_8=db:zeek.omron_fins_detail.fal_fals_8;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_8;help:fal_fals_8
+zeek.omron_fins_detail.fal_fals_9=db:zeek.omron_fins_detail.fal_fals_9;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_9;help:fal_fals_9
+zeek.omron_fins_detail.fal_fals_10=db:zeek.omron_fins_detail.fal_fals_10;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_10;help:fal_fals_10
+zeek.omron_fins_detail.fal_fals_11=db:zeek.omron_fins_detail.fal_fals_11;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_11;help:fal_fals_11
+zeek.omron_fins_detail.fal_fals_12=db:zeek.omron_fins_detail.fal_fals_12;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_12;help:fal_fals_12
+zeek.omron_fins_detail.fal_fals_13=db:zeek.omron_fins_detail.fal_fals_13;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:fal_fals_13;help:fal_fals_13
+zeek.omron_fins_detail.acquire_network_address=db:zeek.omron_fins_detail.acquire_network_address;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:acquire_network_address;help:acquire_network_address
+zeek.omron_fins_detail.acquire_node_number=db:zeek.omron_fins_detail.acquire_node_number;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:acquire_node_number;help:acquire_node_number
+zeek.omron_fins_detail.acquire_unit_address=db:zeek.omron_fins_detail.acquire_unit_address;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:acquire_unit_address;help:acquire_unit_address
+zeek.omron_fins_detail.no_of_bits=db:zeek.omron_fins_detail.no_of_bits;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:no_of_bits;help:no_of_bits
+zeek.omron_fins_detail.set_reset_specification=db:zeek.omron_fins_detail.set_reset_specification;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:set_reset_specification;help:set_reset_specification
+zeek.omron_fins_detail.bit_flag=db:zeek.omron_fins_detail.bit_flag;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:bit_flag;help:bit_flag
 
 # omron_fins.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins.omron_fins_link_id=db:zeek.omron_fins.omron_fins_link_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:omron_fins_link_id;help:omron_fins_link_id
-zeek.omron_fins.tcp_header=db:zeek.omron_fins.tcp_header;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_header;help:tcp_header
-zeek.omron_fins.tcp_length=db:zeek.omron_fins.tcp_length;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:tcp_length;help:tcp_length
-zeek.omron_fins.tcp_command=db:zeek.omron_fins.tcp_command;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_command;help:tcp_command
-zeek.omron_fins.tcp_error_code=db:zeek.omron_fins.tcp_error_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:tcp_error_code;help:tcp_error_code
-zeek.omron_fins.client_node_address=db:zeek.omron_fins.client_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:client_node_address;help:client_node_address
-zeek.omron_fins.server_node_address=db:zeek.omron_fins.server_node_address;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:server_node_address;help:server_node_address
-zeek.omron_fins.icf_gateway=db:zeek.omron_fins.icf_gateway;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_gateway;help:icf_gateway
-zeek.omron_fins.icf_data_type=db:zeek.omron_fins.icf_data_type;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins.icf_response_setting=db:zeek.omron_fins.icf_response_setting;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:icf_response_setting;help:icf_response_setting
-zeek.omron_fins.gateway_count=db:zeek.omron_fins.gateway_count;group:zeek_general_log;kind:integer;viewerOnly:true;friendly:gateway_count;help:gateway_count
-zeek.omron_fins.destination_network_address=db:zeek.omron_fins.destination_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_network_address;help:destination_network_address
-zeek.omron_fins.destination_node_number=db:zeek.omron_fins.destination_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_node_number;help:destination_node_number
-zeek.omron_fins.destination_unit_address=db:zeek.omron_fins.destination_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:destination_unit_address;help:destination_unit_address
-zeek.omron_fins.source_network_address=db:zeek.omron_fins.source_network_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_network_address;help:source_network_address
-zeek.omron_fins.source_node_number=db:zeek.omron_fins.source_node_number;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_node_number;help:source_node_number
-zeek.omron_fins.source_unit_address=db:zeek.omron_fins.source_unit_address;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:source_unit_address;help:source_unit_address
-zeek.omron_fins.service_id=db:zeek.omron_fins.service_id;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:service_id;help:service_id
-zeek.omron_fins.command_code=db:zeek.omron_fins.command_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins.response_code=db:zeek.omron_fins.response_code;group:zeek_general_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins.link_id=db:zeek.omron_fins.link_id;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:link_id;help:link_id
+zeek.omron_fins.tcp_header=db:zeek.omron_fins.tcp_header;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:tcp_header;help:tcp_header
+zeek.omron_fins.tcp_length=db:zeek.omron_fins.tcp_length;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:tcp_length;help:tcp_length
+zeek.omron_fins.tcp_command=db:zeek.omron_fins.tcp_command;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:tcp_command;help:tcp_command
+zeek.omron_fins.tcp_error_code=db:zeek.omron_fins.tcp_error_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:tcp_error_code;help:tcp_error_code
+zeek.omron_fins.client_node_address=db:zeek.omron_fins.client_node_address;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:client_node_address;help:client_node_address
+zeek.omron_fins.server_node_address=db:zeek.omron_fins.server_node_address;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:server_node_address;help:server_node_address
+zeek.omron_fins.icf_gateway=db:zeek.omron_fins.icf_gateway;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:icf_gateway;help:icf_gateway
+zeek.omron_fins.icf_data_type=db:zeek.omron_fins.icf_data_type;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
+zeek.omron_fins.icf_response_setting=db:zeek.omron_fins.icf_response_setting;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:icf_response_setting;help:icf_response_setting
+zeek.omron_fins.gateway_count=db:zeek.omron_fins.gateway_count;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:gateway_count;help:gateway_count
+zeek.omron_fins.destination_network_address=db:zeek.omron_fins.destination_network_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:destination_network_address;help:destination_network_address
+zeek.omron_fins.destination_node_number=db:zeek.omron_fins.destination_node_number;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:destination_node_number;help:destination_node_number
+zeek.omron_fins.destination_unit_address=db:zeek.omron_fins.destination_unit_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:destination_unit_address;help:destination_unit_address
+zeek.omron_fins.source_network_address=db:zeek.omron_fins.source_network_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:source_network_address;help:source_network_address
+zeek.omron_fins.source_node_number=db:zeek.omron_fins.source_node_number;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:source_node_number;help:source_node_number
+zeek.omron_fins.source_unit_address=db:zeek.omron_fins.source_unit_address;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:source_unit_address;help:source_unit_address
+zeek.omron_fins.service_id=db:zeek.omron_fins.service_id;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:service_id;help:service_id
+zeek.omron_fins.command_code=db:zeek.omron_fins.command_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
+zeek.omron_fins.response_code=db:zeek.omron_fins.response_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
+zeek.omron_fins.minute=db:zeek.omron_fins.minute;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins.second=db:zeek.omron_fins.second;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins.day=db:zeek.omron_fins.day;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins.hour=db:zeek.omron_fins.hour;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins.year=db:zeek.omron_fins.year;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins.month=db:zeek.omron_fins.month;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:month;help:month
+
 
 # omron_fins_network_status_read.log
 # https://github.com/cisagov/icsnpp-omron-fins
-zeek.omron_fins_network_status_read.command_code=db:zeek.omron_fins_network_status_read.command_code;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
-zeek.omron_fins_network_status_read.icf_data_type=db:zeek.omron_fins_network_status_read.icf_data_type;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:icf_data_type;help:icf_data_type
-zeek.omron_fins_network_status_read.response_code=db:zeek.omron_fins_network_status_read.response_code;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins_network_status_read.node_number=db:zeek.omron_fins_network_status_read.node_number;group:zeek_network_status_read_log;kind:integer;viewerOnly:true;friendly:node_number;help:node_number
-zeek.omron_fins_network_status_read.in_network=db:zeek.omron_fins_network_status_read.in_network;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:in_network;help:in_network
-zeek.omron_fins_network_status_read.exit_status=db:zeek.omron_fins_network_status_read.exit_status;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:exit_status;help:exit_status
-zeek.omron_fins_network_status_read.polling=db:zeek.omron_fins_network_status_read.polling;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:polling;help:polling
-zeek.omron_fins_network_status_read.communication_cycle_time=db:zeek.omron_fins_network_status_read.communication_cycle_time;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:communication_cycle_time;help:communication_cycle_time
-zeek.omron_fins_network_status_read.current_polling_node_number=db:zeek.omron_fins_network_status_read.current_polling_node_number;group:zeek_network_status_read_log;kind:integer;viewerOnly:true;friendly:current_polling_node_number;help:current_polling_node_number
-zeek.omron_fins_network_status_read.cyclic_operation=db:zeek.omron_fins_network_status_read.cyclic_operation;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:cyclic_operation;help:cyclic_operation
-zeek.omron_fins_network_status_read.cyclic_transmission_status=db:zeek.omron_fins_network_status_read.cyclic_transmission_status;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:cyclic_transmission_status;help:cyclic_transmission_status
-zeek.omron_fins_network_status_read.non_fatal_error=db:zeek.omron_fins_network_status_read.non_fatal_error;group:zeek_network_status_read_log;kind:termfield;viewerOnly:true;friendly:non_fatal_error;help:non_fatal_error
-zeek.omron_fins_network_status_read.cyclic_error_count=db:zeek.omron_fins_network_status_read.cyclic_error_count;group:zeek_network_status_read_log;kind:integer;viewerOnly:true;friendly:cyclic_error_count;help:cyclic_error_count
+zeek.omron_fins_network_status_read.node_number=db:zeek.omron_fins_network_status_read.node_number;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:node_number;help:node_number
+zeek.omron_fins_network_status_read.in_network=db:zeek.omron_fins_network_status_read.in_network;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:in_network;help:in_network
+zeek.omron_fins_network_status_read.exit_status=db:zeek.omron_fins_network_status_read.exit_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:exit_status;help:exit_status
+zeek.omron_fins_network_status_read.polling=db:zeek.omron_fins_network_status_read.polling;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:polling;help:polling
+zeek.omron_fins_network_status_read.communication_cycle_time=db:zeek.omron_fins_network_status_read.communication_cycle_time;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:communication_cycle_time;help:communication_cycle_time
+zeek.omron_fins_network_status_read.current_polling_node_number=db:zeek.omron_fins_network_status_read.current_polling_node_number;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:current_polling_node_number;help:current_polling_node_number
+zeek.omron_fins_network_status_read.cyclic_operation=db:zeek.omron_fins_network_status_read.cyclic_operation;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:cyclic_operation;help:cyclic_operation
+zeek.omron_fins_network_status_read.cyclic_transmission_status=db:zeek.omron_fins_network_status_read.cyclic_transmission_status;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:cyclic_transmission_status;help:cyclic_transmission_status
+zeek.omron_fins_network_status_read.non_fatal_error=db:zeek.omron_fins_network_status_read.non_fatal_error;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:non_fatal_error;help:non_fatal_error
+zeek.omron_fins_network_status_read.cyclic_error_count=db:zeek.omron_fins_network_status_read.cyclic_error_count;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:cyclic_error_count;help:cyclic_error_count
 
 # opcua_binary_activate_session.log
 # https://github.com/cisagov/icsnpp-opcua-binary
@@ -3632,11 +3606,11 @@ o_zeek_notice=require:zeek.notice;title:Zeek notice.log;fields:rule.category,rul
 o_zeek_ntlm=require:zeek.ntlm;title:Zeek ntlm.log;fields:zeek.ntlm.host,zeek.ntlm.domain,zeek.ntlm.success,zeek.ntlm.status,zeek.ntlm.server_nb_computer,zeek.ntlm.server_dns_computer,zeek.ntlm.server_tree
 o_zeek_ntp=require:zeek.ntp;title:Zeek ntp.log;fields:zeek.ntp.version,zeek.ntp.mode,zeek.ntp.mode_str,zeek.ntp.stratum,zeek.ntp.poll,zeek.ntp.precision,zeek.ntp.root_delay,zeek.ntp.root_disp,zeek.ntp.ref_id,zeek.ntp.ref_time,zeek.ntp.org_time,zeek.ntp.rec_time,zeek.ntp.xmt_time,zeek.ntp.num_exts
 o_zeek_ocsp=require:zeek.ocsp;title:Zeek ocsp.log;fields:zeek.ocsp.hashAlgorithm,zeek.ocsp.issuerNameHash,zeek.ocsp.issuerKeyHash,zeek.ocsp.serialNumber,zeek.ocsp.certStatus,zeek.ocsp.revoketime,zeek.ocsp.revokereason,zeek.ocsp.thisUpdate,zeek.ocsp.nextUpdate
-o_zeek_omron_fins_error_log=require:zeek.omron_fins_error;title:Zeek omron_fins_error.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_error.command_code,zeek.omron_fins_error.icf_data_type,zeek.omron_fins_error.response_code,zeek.omron_fins_error.error_reset_fal_no,zeek.omron_fins_error.beginning_record_no,zeek.omron_fins_error.max_no_stored_records,zeek.omron_fins_error.no_of_stored_records,zeek.omron_fins_error.no_of_records,zeek.omron_fins_error.error_code_1,zeek.omron_fins_error.error_code_2,zeek.omron_fins_error.minute,zeek.omron_fins_error.second,zeek.omron_fins_error.day,zeek.omron_fins_error.hour,zeek.omron_fins_error.year,zeek.omron_fins_error.month
-o_zeek_omron_fins_file_log=require:zeek.omron_fins_file;title:Zeek omron_fins_file.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_file.command_code,zeek.omron_fins_file.icf_data_type,zeek.omron_fins_file.response_code,zeek.omron_fins_file.disk_no,zeek.omron_fins_file.beginning_file_position,zeek.omron_fins_file.no_of_files,zeek.omron_fins_file.volume_label,zeek.omron_fins_file.year,zeek.omron_fins_file.month,zeek.omron_fins_file.day,zeek.omron_fins_file.hour,zeek.omron_fins_file.minute,zeek.omron_fins_file.second,zeek.omron_fins_file.total_capacity,zeek.omron_fins_file.unused_capacity,zeek.omron_fins_file.total_no_files,zeek.omron_fins_file.no_files_read,zeek.omron_fins_file.last_file,zeek.omron_fins_file.file_name,zeek.omron_fins_file.file_capacity,zeek.omron_fins_file.file_position,zeek.omron_fins_file.data_length,zeek.omron_fins_file.parameter_code,zeek.omron_fins_file.src_disk_no,zeek.omron_fins_file.src_file_name,zeek.omron_fins_file.dst_disk_no,zeek.omron_fins_file.dst_file_name,zeek.omron_fins_file.old_file_name,zeek.omron_fins_file.new_file_name,zeek.omron_fins_file.parameter_area_code,zeek.omron_fins_file.beginning_address,zeek.omron_fins_file.no_of_words,zeek.omron_fins_file.memory_area_code,zeek.omron_fins_file.no_of_items,zeek.omron_fins_file.program_no,zeek.omron_fins_file.no_of_bytes,zeek.omron_fins_file.beginning_word,zeek.omron_fins_file.beginning_block_no,zeek.omron_fins_file.no_of_blocks,zeek.omron_fins_file.remaining_blocks,zeek.omron_fins_file.total_no_of_blocks,zeek.omron_fins_file.memory_type,zeek.omron_fins_file.data_type,zeek.omron_fins_file.last_block,zeek.omron_fins_file.protected,zeek.omron_fins_file.control_data,zeek.omron_fins_file.block_no,zeek.omron_fins_file.memory_data
-o_zeek_omron_fins_detail_log=require:zeek.omron_fins_detail;title:Zeek omron_fins_detail.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_detail.command_code,zeek.omron_fins_detail.icf_data_type,zeek.omron_fins_detail.memory_area_code,zeek.omron_fins_detail.beginning_address,zeek.omron_fins_detail.number_of_items,zeek.omron_fins_detail.parameter_area_code,zeek.omron_fins_detail.beginning_word,zeek.omron_fins_detail.number_of_words,zeek.omron_fins_detail.last_word_bit,zeek.omron_fins_detail.response_code,zeek.omron_fins_detail.data,zeek.omron_fins_detail.year,zeek.omron_fins_detail.month,zeek.omron_fins_detail.date,zeek.omron_fins_detail.hour,zeek.omron_fins_detail.minute,zeek.omron_fins_detail.second,zeek.omron_fins_detail.day,zeek.omron_fins_detail.clock_time,zeek.omron_fins_detail.intelligent_id_no,zeek.omron_fins_detail.first_word,zeek.omron_fins_detail.read_length,zeek.omron_fins_detail.data_length,zeek.omron_fins_detail.num_of_link_nodes,zeek.omron_fins_detail.block_record_data_link_status,zeek.omron_fins_detail.block_record_num_of_link_nodes,zeek.omron_fins_detail.block_record_node_num,zeek.omron_fins_detail.block_record_cio_area_first_word,zeek.omron_fins_detail.block_record_kind_of_dm,zeek.omron_fins_detail.block_record_dm_area_first_word,zeek.omron_fins_detail.block_record_num_of_total_words,zeek.omron_fins_detail.program_no,zeek.omron_fins_detail.protect_code,zeek.omron_fins_detail.last_word,zeek.omron_fins_detail.clear_code,zeek.omron_fins_detail.number_of_bytes,zeek.omron_fins_detail.run_mode,zeek.omron_fins_detail.controller_data_to_read,zeek.omron_fins_detail.controller_model,zeek.omron_fins_detail.controller_version,zeek.omron_fins_detail.for_system_use,zeek.omron_fins_detail.program_area_size,zeek.omron_fins_detail.iom_size,zeek.omron_fins_detail.no_of_dm_words,zeek.omron_fins_detail.timer_size,zeek.omron_fins_detail.expansion_dm_size,zeek.omron_fins_detail.no_of_steps_transitions,zeek.omron_fins_detail.kind_of_memory_card,zeek.omron_fins_detail.memory_card_size,zeek.omron_fins_detail.cpu_bus_unit_config,zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted,zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted,zeek.omron_fins_detail.peripheral_device_connected,zeek.omron_fins_detail.built_in_host_interface,zeek.omron_fins_detail.no_of_racks_connected,zeek.omron_fins_detail.no_of_units,zeek.omron_fins_detail.unit_address,zeek.omron_fins_detail.model_number,zeek.omron_fins_detail.controller_status_data_read_status,zeek.omron_fins_detail.controller_status_data_read_mode,zeek.omron_fins_detail.fatal_error,zeek.omron_fins_detail.non_fatal_error,zeek.omron_fins_detail.message_yes_no,zeek.omron_fins_detail.fal_fals_no,zeek.omron_fins_detail.error_message,zeek.omron_fins_detail.cycle_time_read_parameter,zeek.omron_fins_detail.average_cycle_time,zeek.omron_fins_detail.max_cycle_time,zeek.omron_fins_detail.min_cycle_time,zeek.omron_fins_detail.test_data,zeek.omron_fins_detail.number_of_receptions,zeek.omron_fins_detail.command,zeek.omron_fins_detail.message_no_0,zeek.omron_fins_detail.message_no_1,zeek.omron_fins_detail.message_no_2,zeek.omron_fins_detail.message_no_3,zeek.omron_fins_detail.message_no_4,zeek.omron_fins_detail.message_no_5,zeek.omron_fins_detail.message_no_6,zeek.omron_fins_detail.message_no_7,zeek.omron_fins_detail.message_0,zeek.omron_fins_detail.message_1,zeek.omron_fins_detail.message_2,zeek.omron_fins_detail.message_3,zeek.omron_fins_detail.message_4,zeek.omron_fins_detail.message_5,zeek.omron_fins_detail.message_6,zeek.omron_fins_detail.message_7,zeek.omron_fins_detail.fal_fals_no_0,zeek.omron_fins_detail.fal_fals_no_1,zeek.omron_fins_detail.fal_fals_no_2,zeek.omron_fins_detail.fal_fals_no_3,zeek.omron_fins_detail.fal_fals_no_4,zeek.omron_fins_detail.fal_fals_no_5,zeek.omron_fins_detail.fal_fals_no_6,zeek.omron_fins_detail.fal_fals_no_7,zeek.omron_fins_detail.fal_fals_no_8,zeek.omron_fins_detail.fal_fals_no_9,zeek.omron_fins_detail.fal_fals_no_10,zeek.omron_fins_detail.fal_fals_no_11,zeek.omron_fins_detail.fal_fals_no_12,zeek.omron_fins_detail.fal_fals_no_13,zeek.omron_fins_detail.fal_fals_0,zeek.omron_fins_detail.fal_fals_1,zeek.omron_fins_detail.fal_fals_2,zeek.omron_fins_detail.fal_fals_3,zeek.omron_fins_detail.fal_fals_4,zeek.omron_fins_detail.fal_fals_5,zeek.omron_fins_detail.fal_fals_6,zeek.omron_fins_detail.fal_fals_7,zeek.omron_fins_detail.fal_fals_8,zeek.omron_fins_detail.fal_fals_9,zeek.omron_fins_detail.fal_fals_10,zeek.omron_fins_detail.fal_fals_11,zeek.omron_fins_detail.fal_fals_12,zeek.omron_fins_detail.fal_fals_13,zeek.omron_fins_detail.acquire_network_address,zeek.omron_fins_detail.acquire_node_number,zeek.omron_fins_detail.acquire_unit_address,zeek.omron_fins_detail.no_of_bits,zeek.omron_fins_detail.set_reset_specification,zeek.omron_fins_detail.bit_flag
-o_zeek_omron_fins_log=require:zeek.omron_fins;title:Zeek omron_fins.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins.tcp_header,zeek.omron_fins.tcp_length,zeek.omron_fins.tcp_command,zeek.omron_fins.tcp_error_code,zeek.omron_fins.client_node_address,zeek.omron_fins.server_node_address,zeek.omron_fins.icf_gateway,zeek.omron_fins.icf_data_type,zeek.omron_fins.icf_response_setting,zeek.omron_fins.gateway_count,zeek.omron_fins.destination_network_address,zeek.omron_fins.destination_node_number,zeek.omron_fins.destination_unit_address,zeek.omron_fins.source_network_address,zeek.omron_fins.source_node_number,zeek.omron_fins.source_unit_address,zeek.omron_fins.service_id,zeek.omron_fins.command_code,zeek.omron_fins.response_code
-o_zeek_omron_fins_network_status_read_log=require:zeek.omron_fins_network_status_read;title:Zeek omron_fins_network_status_read.log;fields:zeek.omron_fins.omron_fins_link_id,zeek.omron_fins_network_status_read.command_code,zeek.omron_fins_network_status_read.icf_data_type,zeek.omron_fins_network_status_read.response_code,zeek.omron_fins_network_status_read.node_number,zeek.omron_fins_network_status_read.in_network,zeek.omron_fins_network_status_read.exit_status,zeek.omron_fins_network_status_read.polling,zeek.omron_fins_network_status_read.communication_cycle_time,zeek.omron_fins_network_status_read.current_polling_node_number,zeek.omron_fins_network_status_read.cyclic_operation,zeek.omron_fins_network_status_read.cyclic_transmission_status,zeek.omron_fins_network_status_read.non_fatal_error,zeek.omron_fins_network_status_read.cyclic_error_count
+o_zeek_omron_fins_error_log=require:zeek.omron_fins_error;title:Zeek omron_fins_error.log;fields:zeek.omron_fins.link_id,zeek.omron_fins.command_code,zeek.omron_fins.icf_data_type,zeek.omron_fins.response_code,zeek.omron_fins_error.error_reset_fal_no,zeek.omron_fins_error.beginning_record_no,zeek.omron_fins_error.max_no_stored_records,zeek.omron_fins_error.no_of_stored_records,zeek.omron_fins_error.no_of_records,zeek.omron_fins_error.error_code_1,zeek.omron_fins_error.error_code_2,zeek.omron_fins.minute,zeek.omron_fins.second,zeek.omron_fins.day,zeek.omron_fins.hour,zeek.omron_fins.year,zeek.omron_fins.month
+o_zeek_omron_fins_file_log=require:zeek.omron_fins_file;title:Zeek omron_fins_file.log;fields:zeek.omron_fins.link_id,zeek.omron_fins.command_code,zeek.omron_fins.icf_data_type,zeek.omron_fins.response_code,zeek.omron_fins_file.disk_no,zeek.omron_fins_file.beginning_file_position,zeek.omron_fins_file.no_of_files,zeek.omron_fins_file.volume_label,zeek.omron_fins.year,zeek.omron_fins.month,zeek.omron_fins.day,zeek.omron_fins.hour,zeek.omron_fins.minute,zeek.omron_fins.second,zeek.omron_fins_file.total_capacity,zeek.omron_fins_file.unused_capacity,zeek.omron_fins_file.total_no_files,zeek.omron_fins_file.no_files_read,zeek.omron_fins_file.last_file,zeek.omron_fins_file.file_name,zeek.omron_fins_file.file_capacity,zeek.omron_fins_file.file_position,zeek.omron_fins_file.data_length,zeek.omron_fins_file.parameter_code,zeek.omron_fins_file.src_disk_no,zeek.omron_fins_file.src_file_name,zeek.omron_fins_file.dst_disk_no,zeek.omron_fins_file.dst_file_name,zeek.omron_fins_file.old_file_name,zeek.omron_fins_file.new_file_name,zeek.omron_fins_file.parameter_area_code,zeek.omron_fins_file.beginning_address,zeek.omron_fins_file.no_of_words,zeek.omron_fins_file.memory_area_code,zeek.omron_fins_file.no_of_items,zeek.omron_fins_file.program_no,zeek.omron_fins_file.no_of_bytes,zeek.omron_fins_file.beginning_word,zeek.omron_fins_file.beginning_block_no,zeek.omron_fins_file.no_of_blocks,zeek.omron_fins_file.remaining_blocks,zeek.omron_fins_file.total_no_of_blocks,zeek.omron_fins_file.memory_type,zeek.omron_fins_file.data_type,zeek.omron_fins_file.last_block,zeek.omron_fins_file.protected,zeek.omron_fins_file.control_data,zeek.omron_fins_file.block_no,zeek.omron_fins_file.memory_data
+o_zeek_omron_fins_detail_log=require:zeek.omron_fins_detail;title:Zeek omron_fins_detail.log;fields:zeek.omron_fins.link_id,zeek.omron_fins.command_code,zeek.omron_fins.icf_data_type,zeek.omron_fins_detail.memory_area_code,zeek.omron_fins_detail.beginning_address,zeek.omron_fins_detail.number_of_items,zeek.omron_fins_detail.parameter_area_code,zeek.omron_fins_detail.beginning_word,zeek.omron_fins_detail.number_of_words,zeek.omron_fins_detail.last_word_bit,zeek.omron_fins.response_code,zeek.omron_fins_detail.data,zeek.omron_fins.year,zeek.omron_fins.month,zeek.omron_fins_detail.date,zeek.omron_fins.hour,zeek.omron_fins.minute,zeek.omron_fins.second,zeek.omron_fins.day,zeek.omron_fins_detail.clock_time,zeek.omron_fins_detail.intelligent_id_no,zeek.omron_fins_detail.first_word,zeek.omron_fins_detail.read_length,zeek.omron_fins_detail.data_length,zeek.omron_fins_detail.num_of_link_nodes,zeek.omron_fins_detail.block_record_data_link_status,zeek.omron_fins_detail.block_record_num_of_link_nodes,zeek.omron_fins_detail.block_record_node_num,zeek.omron_fins_detail.block_record_cio_area_first_word,zeek.omron_fins_detail.block_record_kind_of_dm,zeek.omron_fins_detail.block_record_dm_area_first_word,zeek.omron_fins_detail.block_record_num_of_total_words,zeek.omron_fins_detail.program_no,zeek.omron_fins_detail.protect_code,zeek.omron_fins_detail.last_word,zeek.omron_fins_detail.clear_code,zeek.omron_fins_detail.number_of_bytes,zeek.omron_fins_detail.run_mode,zeek.omron_fins_detail.controller_data_to_read,zeek.omron_fins_detail.controller_model,zeek.omron_fins_detail.controller_version,zeek.omron_fins_detail.for_system_use,zeek.omron_fins_detail.program_area_size,zeek.omron_fins_detail.iom_size,zeek.omron_fins_detail.no_of_dm_words,zeek.omron_fins_detail.timer_size,zeek.omron_fins_detail.expansion_dm_size,zeek.omron_fins_detail.no_of_steps_transitions,zeek.omron_fins_detail.kind_of_memory_card,zeek.omron_fins_detail.memory_card_size,zeek.omron_fins_detail.cpu_bus_unit_config,zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted,zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted,zeek.omron_fins_detail.peripheral_device_connected,zeek.omron_fins_detail.built_in_host_interface,zeek.omron_fins_detail.no_of_racks_connected,zeek.omron_fins_detail.no_of_units,zeek.omron_fins_detail.unit_address,zeek.omron_fins_detail.model_number,zeek.omron_fins_detail.controller_status_data_read_status,zeek.omron_fins_detail.controller_status_data_read_mode,zeek.omron_fins_detail.fatal_error,zeek.omron_fins_detail.non_fatal_error,zeek.omron_fins_detail.message_yes_no,zeek.omron_fins_detail.fal_fals_no,zeek.omron_fins_detail.error_message,zeek.omron_fins_detail.cycle_time_read_parameter,zeek.omron_fins_detail.average_cycle_time,zeek.omron_fins_detail.max_cycle_time,zeek.omron_fins_detail.min_cycle_time,zeek.omron_fins_detail.test_data,zeek.omron_fins_detail.number_of_receptions,zeek.omron_fins_detail.command,zeek.omron_fins_detail.message_no_0,zeek.omron_fins_detail.message_no_1,zeek.omron_fins_detail.message_no_2,zeek.omron_fins_detail.message_no_3,zeek.omron_fins_detail.message_no_4,zeek.omron_fins_detail.message_no_5,zeek.omron_fins_detail.message_no_6,zeek.omron_fins_detail.message_no_7,zeek.omron_fins_detail.message_0,zeek.omron_fins_detail.message_1,zeek.omron_fins_detail.message_2,zeek.omron_fins_detail.message_3,zeek.omron_fins_detail.message_4,zeek.omron_fins_detail.message_5,zeek.omron_fins_detail.message_6,zeek.omron_fins_detail.message_7,zeek.omron_fins_detail.fal_fals_no_0,zeek.omron_fins_detail.fal_fals_no_1,zeek.omron_fins_detail.fal_fals_no_2,zeek.omron_fins_detail.fal_fals_no_3,zeek.omron_fins_detail.fal_fals_no_4,zeek.omron_fins_detail.fal_fals_no_5,zeek.omron_fins_detail.fal_fals_no_6,zeek.omron_fins_detail.fal_fals_no_7,zeek.omron_fins_detail.fal_fals_no_8,zeek.omron_fins_detail.fal_fals_no_9,zeek.omron_fins_detail.fal_fals_no_10,zeek.omron_fins_detail.fal_fals_no_11,zeek.omron_fins_detail.fal_fals_no_12,zeek.omron_fins_detail.fal_fals_no_13,zeek.omron_fins_detail.fal_fals_0,zeek.omron_fins_detail.fal_fals_1,zeek.omron_fins_detail.fal_fals_2,zeek.omron_fins_detail.fal_fals_3,zeek.omron_fins_detail.fal_fals_4,zeek.omron_fins_detail.fal_fals_5,zeek.omron_fins_detail.fal_fals_6,zeek.omron_fins_detail.fal_fals_7,zeek.omron_fins_detail.fal_fals_8,zeek.omron_fins_detail.fal_fals_9,zeek.omron_fins_detail.fal_fals_10,zeek.omron_fins_detail.fal_fals_11,zeek.omron_fins_detail.fal_fals_12,zeek.omron_fins_detail.fal_fals_13,zeek.omron_fins_detail.acquire_network_address,zeek.omron_fins_detail.acquire_node_number,zeek.omron_fins_detail.acquire_unit_address,zeek.omron_fins_detail.no_of_bits,zeek.omron_fins_detail.set_reset_specification,zeek.omron_fins_detail.bit_flag
+o_zeek_omron_fins_log=require:zeek.omron_fins;title:Zeek omron_fins.log;fields:zeek.omron_fins.link_id,zeek.omron_fins.tcp_header,zeek.omron_fins.tcp_length,zeek.omron_fins.tcp_command,zeek.omron_fins.tcp_error_code,zeek.omron_fins.client_node_address,zeek.omron_fins.server_node_address,zeek.omron_fins.icf_gateway,zeek.omron_fins.icf_data_type,zeek.omron_fins.icf_response_setting,zeek.omron_fins.gateway_count,zeek.omron_fins.destination_network_address,zeek.omron_fins.destination_node_number,zeek.omron_fins.destination_unit_address,zeek.omron_fins.source_network_address,zeek.omron_fins.source_node_number,zeek.omron_fins.source_unit_address,zeek.omron_fins.service_id,zeek.omron_fins.command_code,zeek.omron_fins.response_code
+o_zeek_omron_fins_network_status_read_log=require:zeek.omron_fins_network_status_read;title:Zeek omron_fins_network_status_read.log;fields:zeek.omron_fins.link_id,zeek.omron_fins.command_code,zeek.omron_fins.icf_data_type,zeek.omron_fins.response_code,zeek.omron_fins_network_status_read.node_number,zeek.omron_fins_network_status_read.in_network,zeek.omron_fins_network_status_read.exit_status,zeek.omron_fins_network_status_read.polling,zeek.omron_fins_network_status_read.communication_cycle_time,zeek.omron_fins_network_status_read.current_polling_node_number,zeek.omron_fins_network_status_read.cyclic_operation,zeek.omron_fins_network_status_read.cyclic_transmission_status,zeek.omron_fins_network_status_read.non_fatal_error,zeek.omron_fins_network_status_read.cyclic_error_count
 o_zeek_opcua=require:zeek.opcua_binary;title:Zeek OPC UA Binary logs;fields:zeek.opcua_binary.filter_source_link_id,zeek.opcua_binary.operand_source_link_id,zeek.opcua_binary.variant_source_link_id,zeek.opcua_binary.encoding_mask,zeek.opcua_binary.endpoint_url,zeek.opcua_binary.error,zeek.opcua_binary.identifier,zeek.opcua_binary.identifier_str,zeek.opcua_binary.is_final,zeek.opcua_binary.max_chunk_cnt,zeek.opcua_binary.max_msg_size,zeek.opcua_binary.msg_size,zeek.opcua_binary.msg_type,zeek.opcua_binary.namespace_idx,zeek.opcua_binary.opcua_link_id,zeek.opcua_binary.rcv_buf_size,zeek.opcua_binary.rcv_cert,zeek.opcua_binary.rcv_cert_len,zeek.opcua_binary.reason,zeek.opcua_binary.req_hdr_add_hdr_enc_mask,zeek.opcua_binary.req_hdr_add_hdr_type_id,zeek.opcua_binary.req_hdr_audit_entry_id,zeek.opcua_binary.req_hdr_node_id_guid,zeek.opcua_binary.req_hdr_node_id_namespace_idx,zeek.opcua_binary.req_hdr_node_id_numeric,zeek.opcua_binary.req_hdr_node_id_opaque,zeek.opcua_binary.req_hdr_node_id_string,zeek.opcua_binary.req_hdr_node_id_type,zeek.opcua_binary.req_hdr_request_handle,zeek.opcua_binary.req_hdr_return_diag,zeek.opcua_binary.req_hdr_timeout_hint,zeek.opcua_binary.req_hdr_timestamp,zeek.opcua_binary.request_id,zeek.opcua_binary.res_hdr_add_hdr_enc_mask,zeek.opcua_binary.res_hdr_add_hdr_type_id,zeek.opcua_binary.res_hdr_request_handle,zeek.opcua_binary.res_hdr_service_diag_encoding,zeek.opcua_binary.res_hdr_timestamp,zeek.opcua_binary.sec_channel_id,zeek.opcua_binary.sec_policy_uri,zeek.opcua_binary.sec_policy_uri_len,zeek.opcua_binary.seq_number,zeek.opcua_binary.snd_buf_size,zeek.opcua_binary.snd_cert,zeek.opcua_binary.snd_cert_len,zeek.opcua_binary.version,zeek.opcua_binary_activate_session.client_algorithm,zeek.opcua_binary_activate_session.client_signature,zeek.opcua_binary_activate_session.ext_obj_certificate_data,zeek.opcua_binary_activate_session.ext_obj_encoding,zeek.opcua_binary_activate_session.ext_obj_encryption_algorithom,zeek.opcua_binary_activate_session.ext_obj_password,zeek.opcua_binary_activate_session.ext_obj_policy_id,zeek.opcua_binary_activate_session.ext_obj_token_data,zeek.opcua_binary_activate_session.ext_obj_type_id_encoding_mask,zeek.opcua_binary_activate_session.ext_obj_type_id_guid,zeek.opcua_binary_activate_session.ext_obj_type_id_namespace_idx,zeek.opcua_binary_activate_session.ext_obj_type_id_numeric,zeek.opcua_binary_activate_session.ext_obj_type_id_opaque,zeek.opcua_binary_activate_session.ext_obj_type_id_str,zeek.opcua_binary_activate_session.ext_obj_type_id_string,zeek.opcua_binary_activate_session.ext_obj_user_name,zeek.opcua_binary_activate_session.server_nonce,zeek.opcua_binary_activate_session.user_token_algorithm,zeek.opcua_binary_activate_session.user_token_signature,zeek.opcua_binary_activate_session_client_software_cert.cert_data,zeek.opcua_binary_activate_session_client_software_cert.cert_signature,zeek.opcua_binary_activate_session_client_software_cert.client_software_cert_link_id,zeek.opcua_binary_activate_session_locale_id.local_id,zeek.opcua_binary_activate_session_locale_id.opcua_locale_link_id,zeek.opcua_binary_aggregate_filter.aggregate_type_encoding_mask,zeek.opcua_binary_aggregate_filter.aggregate_type_guid,zeek.opcua_binary_aggregate_filter.aggregate_type_namespace_idx,zeek.opcua_binary_aggregate_filter.aggregate_type_numeric,zeek.opcua_binary_aggregate_filter.aggregate_type_opaque,zeek.opcua_binary_aggregate_filter.aggregate_type_string,zeek.opcua_binary_aggregate_filter.percent_data_bad,zeek.opcua_binary_aggregate_filter.percent_data_good,zeek.opcua_binary_aggregate_filter.processing_interval,zeek.opcua_binary_aggregate_filter.revised_percent_data_bad,zeek.opcua_binary_aggregate_filter.revised_percent_data_good,zeek.opcua_binary_aggregate_filter.revised_processing_interval,zeek.opcua_binary_aggregate_filter.revised_start_time,zeek.opcua_binary_aggregate_filter.revised_start_time_str,zeek.opcua_binary_aggregate_filter.revised_treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.revised_use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.revised_use_slopped_extrapolation,zeek.opcua_binary_aggregate_filter.start_time,zeek.opcua_binary_aggregate_filter.start_time_str,zeek.opcua_binary_aggregate_filter.treat_uncertain_as_bad,zeek.opcua_binary_aggregate_filter.use_server_capabilities_default,zeek.opcua_binary_aggregate_filter.use_slopped_extrapolation,zeek.opcua_binary_browse.browse_next_release_continuation_point,zeek.opcua_binary_browse.browse_service_type,zeek.opcua_binary_browse.browse_view_description_timestamp,zeek.opcua_binary_browse.browse_view_description_view_version,zeek.opcua_binary_browse.browse_view_id_encoding_mask,zeek.opcua_binary_browse.browse_view_id_guid,zeek.opcua_binary_browse.browse_view_id_namespace_idx,zeek.opcua_binary_browse.browse_view_id_numeric,zeek.opcua_binary_browse.browse_view_id_opaque,zeek.opcua_binary_browse.browse_view_id_string,zeek.opcua_binary_browse.req_max_ref_nodes,zeek.opcua_binary_browse_description.browse_description_encoding_mask,zeek.opcua_binary_browse_description.browse_description_guid,zeek.opcua_binary_browse_description.browse_description_include_subtypes,zeek.opcua_binary_browse_description.browse_description_link_id,zeek.opcua_binary_browse_description.browse_description_namespace_idx,zeek.opcua_binary_browse_description.browse_description_numeric,zeek.opcua_binary_browse_description.browse_description_opaque,zeek.opcua_binary_browse_description.browse_description_ref_encoding_mask,zeek.opcua_binary_browse_description.browse_description_ref_guid,zeek.opcua_binary_browse_description.browse_description_ref_namespace_idx,zeek.opcua_binary_browse_description.browse_description_ref_numeric,zeek.opcua_binary_browse_description.browse_description_ref_opaque,zeek.opcua_binary_browse_description.browse_description_ref_string,zeek.opcua_binary_browse_description.browse_description_string,zeek.opcua_binary_browse_description.browse_direction,zeek.opcua_binary_browse_description.browse_node_class_mask,zeek.opcua_binary_browse_description.browse_result_mask,zeek.opcua_binary_browse_request_continuation_point.browse_next_link_id,zeek.opcua_binary_browse_request_continuation_point.continuation_point,zeek.opcua_binary_browse_response_references.browse_reference_link_id,zeek.opcua_binary_browse_response_references.browse_response_display_name_locale,zeek.opcua_binary_browse_response_references.browse_response_display_name_mask,zeek.opcua_binary_browse_response_references.browse_response_display_name_text,zeek.opcua_binary_browse_response_references.browse_response_is_forward,zeek.opcua_binary_browse_response_references.browse_response_node_class,zeek.opcua_binary_browse_response_references.browse_response_ref_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_name,zeek.opcua_binary_browse_response_references.browse_response_ref_name_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_string,zeek.opcua_binary_browse_response_references.browse_response_ref_type_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_ref_type_guid,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_ref_type_numeric,zeek.opcua_binary_browse_response_references.browse_response_ref_type_opaque,zeek.opcua_binary_browse_response_references.browse_response_ref_type_server_idx,zeek.opcua_binary_browse_response_references.browse_response_ref_type_string,zeek.opcua_binary_browse_response_references.browse_response_type_def_encoding_mask,zeek.opcua_binary_browse_response_references.browse_response_type_def_guid,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_namespace_uri,zeek.opcua_binary_browse_response_references.browse_response_type_def_numeric,zeek.opcua_binary_browse_response_references.browse_response_type_def_opaque,zeek.opcua_binary_browse_response_references.browse_response_type_def_server_idx,zeek.opcua_binary_browse_response_references.browse_response_type_def_string,zeek.opcua_binary_browse_result.browse_response_link_id,zeek.opcua_binary_browse_result.browse_result_continuation_point,zeek.opcua_binary_close_session.del_subscriptions,zeek.opcua_binary_create_monitored_items.subscription_id,zeek.opcua_binary_create_monitored_items.timestamps_to_return,zeek.opcua_binary_create_monitored_items.timestamps_to_return_str,zeek.opcua_binary_create_monitored_items_create_item.create_item_link_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_attribute_id,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_index_range,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_name,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.item_to_monitor_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitored_item_index_id,zeek.opcua_binary_create_monitored_items_create_item.monitoring_mode,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_client_handle,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_discard_oldest,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_encoding,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_encoding_mask,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_guid,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_namespace_idx,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_numeric,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_opaque,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_node_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_filter_info_type_id_string,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_queue_size,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_revised_sampling_interval,zeek.opcua_binary_create_monitored_items_create_item.monitoring_parameters_sampling_interval,zeek.opcua_binary_create_session.algorithm,zeek.opcua_binary_create_session.application_type,zeek.opcua_binary_create_session.application_uri,zeek.opcua_binary_create_session.auth_token_encoding_mask,zeek.opcua_binary_create_session.auth_token_guid,zeek.opcua_binary_create_session.auth_token_namespace_idx,zeek.opcua_binary_create_session.auth_token_numeric,zeek.opcua_binary_create_session.auth_token_opaque,zeek.opcua_binary_create_session.auth_token_string,zeek.opcua_binary_create_session.client_cert,zeek.opcua_binary_create_session.client_cert_size,zeek.opcua_binary_create_session.client_nonce,zeek.opcua_binary_create_session.discovery_profile_uri,zeek.opcua_binary_create_session.encoding_mask,zeek.opcua_binary_create_session.endpoint_url,zeek.opcua_binary_create_session.gateway_server_uri,zeek.opcua_binary_create_session.locale,zeek.opcua_binary_create_session.max_req_msg_size,zeek.opcua_binary_create_session.max_res_msg_size,zeek.opcua_binary_create_session.product_uri,zeek.opcua_binary_create_session.req_session_timeout,zeek.opcua_binary_create_session.revised_session_timeout,zeek.opcua_binary_create_session.server_cert,zeek.opcua_binary_create_session.server_cert_size,zeek.opcua_binary_create_session.server_nonce,zeek.opcua_binary_create_session.server_uri,zeek.opcua_binary_create_session.session_id_encoding_mask,zeek.opcua_binary_create_session.session_id_guid,zeek.opcua_binary_create_session.session_id_namespace_idx,zeek.opcua_binary_create_session.session_id_numeric,zeek.opcua_binary_create_session.session_id_opaque,zeek.opcua_binary_create_session.session_id_string,zeek.opcua_binary_create_session.session_name,zeek.opcua_binary_create_session.signature,zeek.opcua_binary_create_session.text,zeek.opcua_binary_create_session_discovery.discovery_profile_link_id,zeek.opcua_binary_create_session_discovery.discovery_profile_uri,zeek.opcua_binary_create_session_discovery.discovery_profile_url,zeek.opcua_binary_create_session_endpoints.application_type,zeek.opcua_binary_create_session_endpoints.application_uri,zeek.opcua_binary_create_session_endpoints.cert_size,zeek.opcua_binary_create_session_endpoints.discovery_profile_uri,zeek.opcua_binary_create_session_endpoints.encoding_mask,zeek.opcua_binary_create_session_endpoints.endpoint_link_id,zeek.opcua_binary_create_session_endpoints.endpoint_url,zeek.opcua_binary_create_session_endpoints.gateway_server_uri,zeek.opcua_binary_create_session_endpoints.locale,zeek.opcua_binary_create_session_endpoints.message_security_mode,zeek.opcua_binary_create_session_endpoints.product_uri,zeek.opcua_binary_create_session_endpoints.security_level,zeek.opcua_binary_create_session_endpoints.security_policy_uri,zeek.opcua_binary_create_session_endpoints.server_cert,zeek.opcua_binary_create_session_endpoints.text,zeek.opcua_binary_create_session_endpoints.transport_profile_uri,zeek.opcua_binary_create_session_user_token.user_token_endpoint_url,zeek.opcua_binary_create_session_user_token.user_token_issued_type,zeek.opcua_binary_create_session_user_token.user_token_link_id,zeek.opcua_binary_create_session_user_token.user_token_policy_id,zeek.opcua_binary_create_session_user_token.user_token_sec_policy_uri,zeek.opcua_binary_create_session_user_token.user_token_type,zeek.opcua_binary_create_subscription.max_notifications_per_publish,zeek.opcua_binary_create_subscription.priority,zeek.opcua_binary_create_subscription.publishing_enabled,zeek.opcua_binary_create_subscription.requested_lifetime_count,zeek.opcua_binary_create_subscription.requested_max_keep_alive_count,zeek.opcua_binary_create_subscription.requested_publishing_interval,zeek.opcua_binary_create_subscription.revised_lifetime_count,zeek.opcua_binary_create_subscription.revised_max_keep_alive_count,zeek.opcua_binary_create_subscription.revised_publishing_interval,zeek.opcua_binary_create_subscription.subscription_id,zeek.opcua_binary_data_change_filter.deadband_type,zeek.opcua_binary_data_change_filter.deadband_value,zeek.opcua_binary_data_change_filter.trigger,zeek.opcua_binary_diag_info_detail.addl_info,zeek.opcua_binary_diag_info_detail.diag_info_link_id,zeek.opcua_binary_diag_info_detail.has_addl_info,zeek.opcua_binary_diag_info_detail.has_inner_diag_info,zeek.opcua_binary_diag_info_detail.has_inner_stat_code,zeek.opcua_binary_diag_info_detail.has_locale,zeek.opcua_binary_diag_info_detail.has_locale_txt,zeek.opcua_binary_diag_info_detail.has_namespace_uri,zeek.opcua_binary_diag_info_detail.has_symbolic_id,zeek.opcua_binary_diag_info_detail.inner_diag_level,zeek.opcua_binary_diag_info_detail.inner_stat_code,zeek.opcua_binary_diag_info_detail.locale,zeek.opcua_binary_diag_info_detail.locale_str,zeek.opcua_binary_diag_info_detail.locale_txt,zeek.opcua_binary_diag_info_detail.locale_txt_str,zeek.opcua_binary_diag_info_detail.namespace_uri,zeek.opcua_binary_diag_info_detail.namespace_uri_str,zeek.opcua_binary_diag_info_detail.root_object_id,zeek.opcua_binary_diag_info_detail.source,zeek.opcua_binary_diag_info_detail.source_str,zeek.opcua_binary_diag_info_detail.symbolic_id,zeek.opcua_binary_diag_info_detail.symbolic_id_str,zeek.opcua_binary_event_filter_attribute_operand.alias,zeek.opcua_binary_event_filter_attribute_operand.attribute,zeek.opcua_binary_event_filter_attribute_operand.index_range,zeek.opcua_binary_event_filter_attribute_operand.node_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand.node_id_guid,zeek.opcua_binary_event_filter_attribute_operand.node_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand.node_id_numeric,zeek.opcua_binary_event_filter_attribute_operand.node_id_opaque,zeek.opcua_binary_event_filter_attribute_operand.node_id_string,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.browse_path_element_link_id,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.include_subtypes,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.is_inverse,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.target_name_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_encoding_mask,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_guid,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_namespace_idx,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_numeric,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_opaque,zeek.opcua_binary_event_filter_attribute_operand_browse_paths.type_id_string,zeek.opcua_binary_event_filter_element_operand.element_index,zeek.opcua_binary_event_filter_select_clause.attribute_id,zeek.opcua_binary_event_filter_select_clause.index_range,zeek.opcua_binary_event_filter_select_clause.select_clause_link_id,zeek.opcua_binary_event_filter_select_clause.type_id_encoding_mask,zeek.opcua_binary_event_filter_select_clause.type_id_guid,zeek.opcua_binary_event_filter_select_clause.type_id_namespace_idx,zeek.opcua_binary_event_filter_select_clause.type_id_numeric,zeek.opcua_binary_event_filter_select_clause.type_id_opaque,zeek.opcua_binary_event_filter_select_clause.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand.attribute_id,zeek.opcua_binary_event_filter_simple_attribute_operand.index_range,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_encoding_mask,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_guid,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_namespace_idx,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_numeric,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_opaque,zeek.opcua_binary_event_filter_simple_attribute_operand.type_id_string,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.browse_path_src,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.name,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.namespace_index,zeek.opcua_binary_event_filter_simple_attribute_operand_browse_paths.simple_attribute_operand_browse_path_link_id,zeek.opcua_binary_event_filter_where_clause.where_clause_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_element_link_id,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_encoding,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_encoding_mask,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_guid,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_namespace_idx,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_numeric,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_opaque,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_node_id_string,zeek.opcua_binary_event_filter_where_clause_elements.content_filter_filter_operand_type_id_string,zeek.opcua_binary_event_filter_where_clause_elements.filter_operator,zeek.opcua_binary_get_endpoints.endpoint_url,zeek.opcua_binary_get_endpoints_description.application_type,zeek.opcua_binary_get_endpoints_description.application_uri,zeek.opcua_binary_get_endpoints_description.cert_size,zeek.opcua_binary_get_endpoints_description.discovery_profile_uri,zeek.opcua_binary_get_endpoints_description.encoding_mask,zeek.opcua_binary_get_endpoints_description.endpoint_description_link_id,zeek.opcua_binary_get_endpoints_description.endpoint_uri,zeek.opcua_binary_get_endpoints_description.gateway_server_uri,zeek.opcua_binary_get_endpoints_description.locale,zeek.opcua_binary_get_endpoints_description.message_security_mode,zeek.opcua_binary_get_endpoints_description.product_uri,zeek.opcua_binary_get_endpoints_description.security_level,zeek.opcua_binary_get_endpoints_description.security_policy_uri,zeek.opcua_binary_get_endpoints_description.server_cert,zeek.opcua_binary_get_endpoints_description.text,zeek.opcua_binary_get_endpoints_description.transport_profile_uri,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_link_id,zeek.opcua_binary_get_endpoints_discovery.discovery_profile_url,zeek.opcua_binary_get_endpoints_locale_id.locale_id,zeek.opcua_binary_get_endpoints_locale_id.locale_link_id,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri,zeek.opcua_binary_get_endpoints_profile_uri.profile_uri_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_endpoint_url,zeek.opcua_binary_get_endpoints_user_token.user_token_issued_type,zeek.opcua_binary_get_endpoints_user_token.user_token_link_id,zeek.opcua_binary_get_endpoints_user_token.user_token_policy_id,zeek.opcua_binary_get_endpoints_user_token.user_token_sec_policy_uri,zeek.opcua_binary_get_endpoints_user_token.user_token_type,zeek.opcua_binary_opensecure_channel.client_nonce,zeek.opcua_binary_opensecure_channel.client_proto_ver,zeek.opcua_binary_opensecure_channel.message_security_mode,zeek.opcua_binary_opensecure_channel.req_lifetime,zeek.opcua_binary_opensecure_channel.sec_token_created_at,zeek.opcua_binary_opensecure_channel.sec_token_id,zeek.opcua_binary_opensecure_channel.sec_token_request_type,zeek.opcua_binary_opensecure_channel.sec_token_revised_time,zeek.opcua_binary_opensecure_channel.sec_token_sec_channel_id,zeek.opcua_binary_opensecure_channel.server_nonce,zeek.opcua_binary_opensecure_channel.server_proto_ver,zeek.opcua_binary_read.max_age,zeek.opcua_binary_read.timestamps_to_return,zeek.opcua_binary_read.timestamps_to_return_str,zeek.opcua_binary_read_nodes_to_read.attribute_id,zeek.opcua_binary_read_nodes_to_read.attribute_id_str,zeek.opcua_binary_read_nodes_to_read.data_encoding_name,zeek.opcua_binary_read_nodes_to_read.data_encoding_name_idx,zeek.opcua_binary_read_nodes_to_read.index_range,zeek.opcua_binary_read_nodes_to_read.node_id_encoding_mask,zeek.opcua_binary_read_nodes_to_read.node_id_guid,zeek.opcua_binary_read_nodes_to_read.node_id_namespace_idx,zeek.opcua_binary_read_nodes_to_read.node_id_numeric,zeek.opcua_binary_read_nodes_to_read.node_id_opaque,zeek.opcua_binary_read_nodes_to_read.node_id_string,zeek.opcua_binary_read_nodes_to_read.nodes_to_read_link_id,zeek.opcua_binary_read_results.data_value_encoding_mask,zeek.opcua_binary_read_results.level,zeek.opcua_binary_read_results.results_link_id,zeek.opcua_binary_read_results.server_pico_sec,zeek.opcua_binary_read_results.server_timestamp,zeek.opcua_binary_read_results.source_pico_sec,zeek.opcua_binary_read_results.source_timestamp,zeek.opcua_binary_status_code_detail.historian_bits,zeek.opcua_binary_status_code_detail.historian_bits_str,zeek.opcua_binary_status_code_detail.historianextradata,zeek.opcua_binary_status_code_detail.historianmultivalue,zeek.opcua_binary_status_code_detail.historianpartial,zeek.opcua_binary_status_code_detail.info_type,zeek.opcua_binary_status_code_detail.info_type_str,zeek.opcua_binary_status_code_detail.limit_bits,zeek.opcua_binary_status_code_detail.limit_bits_str,zeek.opcua_binary_status_code_detail.overflow,zeek.opcua_binary_status_code_detail.semantics_changed,zeek.opcua_binary_status_code_detail.severity,zeek.opcua_binary_status_code_detail.severity_str,zeek.opcua_binary_status_code_detail.source,zeek.opcua_binary_status_code_detail.source_level,zeek.opcua_binary_status_code_detail.source_str,zeek.opcua_binary_status_code_detail.status_code,zeek.opcua_binary_status_code_detail.status_code_link_id,zeek.opcua_binary_status_code_detail.structure_changed,zeek.opcua_binary_status_code_detail.sub_code,zeek.opcua_binary_status_code_detail.sub_code_str,zeek.opcua_binary_variant_array_dims.array_dim_link_id,zeek.opcua_binary_variant_array_dims.dimension,zeek.opcua_binary_variant_data.variant_data_encoding_name,zeek.opcua_binary_variant_data.variant_data_encoding_name_idx,zeek.opcua_binary_variant_data.variant_data_link_id,zeek.opcua_binary_variant_data.variant_data_locale,zeek.opcua_binary_variant_data.variant_data_mask,zeek.opcua_binary_variant_data.variant_data_node_id_encoding_mask,zeek.opcua_binary_variant_data.variant_data_node_id_guid,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_idx,zeek.opcua_binary_variant_data.variant_data_node_id_namespace_uri,zeek.opcua_binary_variant_data.variant_data_node_id_numeric,zeek.opcua_binary_variant_data.variant_data_node_id_opaque,zeek.opcua_binary_variant_data.variant_data_node_id_server_idx,zeek.opcua_binary_variant_data.variant_data_node_id_string,zeek.opcua_binary_variant_data.variant_data_text,zeek.opcua_binary_variant_data.variant_data_value_decimal,zeek.opcua_binary_variant_data.variant_data_value_signed_numeric,zeek.opcua_binary_variant_data.variant_data_value_string,zeek.opcua_binary_variant_data.variant_data_value_time,zeek.opcua_binary_variant_data.variant_data_value_unsigned_numeric,zeek.opcua_binary_variant_data_value.data_value_encoding_mask,zeek.opcua_binary_variant_data_value.server_pico_sec,zeek.opcua_binary_variant_data_value.server_timestamp,zeek.opcua_binary_variant_data_value.source_pico_sec,zeek.opcua_binary_variant_data_value.source_timestamp,zeek.opcua_binary_variant_data_value.variant_data_value_source_link,zeek.opcua_binary_variant_extension_object.ext_obj_encoding,zeek.opcua_binary_variant_extension_object.ext_obj_link_id,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_encoding_mask,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_guid,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_namespace_idx,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_numeric,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_opaque,zeek.opcua_binary_variant_extension_object.ext_obj_node_id_string,zeek.opcua_binary_variant_extension_object.ext_obj_type_id_str,zeek.opcua_binary_variant_metadata.built_in_data_type,zeek.opcua_binary_variant_metadata.built_in_data_type_str,zeek.opcua_binary_variant_metadata.dara_variant_encoding_mask,zeek.opcua_binary_variant_metadata.data_variant_data_type,zeek.opcua_binary_variant_metadata.data_variant_data_type_str,zeek.opcua_binary_variant_metadata.variant_data_array_dim,zeek.opcua_binary_variant_metadata.variant_data_source,zeek.opcua_binary_variant_metadata.variant_data_source_str,zeek_opcua_binary_write=require:zeek.opcua_binary_write;title:Zeek opcua_binary_write.log;fields:zeek.opcua_binary_write.source_h,zeek.opcua_binary_write.source_p,zeek.opcua_binary_write.destination_h,zeek.opcua_binary_write.destination_p,zeek.opcua_binary_write.node_id_encoding_mask,zeek.opcua_binary_write.node_id_namespace_idx,zeek.opcua_binary_write.node_id_numeric,zeek.opcua_binary_write.node_id_string,zeek.opcua_binary_write.node_id_guid,zeek.opcua_binary_write.node_id_opaque,zeek.opcua_binary_write.attribute_id,zeek.opcua_binary_write.attribute_id_str,zeek.opcua_binary_write.index_range,zeek.opcua_binary_write.data_value_encoding_mask,zeek.opcua_binary_write.source_timestamp,zeek.opcua_binary_write.source_pico_sec,zeek.opcua_binary_write.server_timestamp,zeek.opcua_binary_write.server_pico_sec
 o_zeek_ospf=require:zeek.ospf;title:Zeek ospf.log;fields:zeek.ospf.ospf_type,zeek.ospf.version,zeek.ospf.router_id,zeek.ospf.area_id,zeek.ospf.interface_id,zeek.ospf.netmask,zeek.ospf.desig_router,zeek.ospf.backup_router,zeek.ospf.neighbors,zeek.ospf.lsa_type,zeek.ospf.link_state_id,zeek.ospf.advert_router,zeek.ospf.routers,zeek.ospf.link_id,zeek.ospf.link_data,zeek.ospf.link_type,zeek.ospf.neighbor_router_id,zeek.ospf.metrics,zeek.ospf.fwd_addrs,zeek.ospf.route_tags,zeek.ospf.neighbor_interface_id,zeek.ospf.prefix,zeek.ospf.metric,zeek.ospf.dest_router_id,zeek.ospf.link_prefixes,zeek.ospf.intra_prefixes
 o_zeek_pe=require:zeek.pe;title:Zeek pe.log;fields:zeek.pe.machine,zeek.pe.compile_ts,zeek.pe.os,zeek.pe.subsystem,zeek.pe.is_exe,zeek.pe.is_64bit,zeek.pe.uses_aslr,zeek.pe.uses_dep,zeek.pe.uses_code_integrity,zeek.pe.uses_seh,zeek.pe.has_import_table,zeek.pe.has_export_table,zeek.pe.has_cert_table,zeek.pe.has_debug_data,zeek.pe.section_names
diff --git a/arkime/wise/source.zeeklogs.js b/arkime/wise/source.zeeklogs.js
index b49538c4c..920213099 100644
--- a/arkime/wise/source.zeeklogs.js
+++ b/arkime/wise/source.zeeklogs.js
@@ -746,6 +746,11 @@ class MalcolmSource extends WISESource {
       "vulnerability.id",
       "vulnerability.reference",
       "vulnerability.scanner.vendor",
+      "zeek.analyzer.analyzer_kind",
+      "zeek.analyzer.analyzer_name",
+      "zeek.analyzer.cause",
+      "zeek.analyzer.failure_data",
+      "zeek.analyzer.failure_reason",
       "zeek.bacnet.bvlc_function",
       "zeek.bacnet.instance_number",
       "zeek.bacnet.invoke_id",
@@ -753,6 +758,7 @@ class MalcolmSource extends WISESource {
       "zeek.bacnet.pdu_type",
       "zeek.bacnet.result_code",
       "zeek.bacnet_device_control.device_state",
+      "zeek.bacnet_device_control.is_orig",
       "zeek.bacnet_device_control.result",
       "zeek.bacnet_device_control.result_code",
       "zeek.bacnet_device_control.time_duration",
@@ -826,7 +832,19 @@ class MalcolmSource extends WISESource {
       "zeek.cip_identity.socket_address",
       "zeek.cip_identity.socket_address_asn",
       "zeek.cip_identity.socket_address_geo.city_name",
+      "zeek.cip_identity.socket_address_geo.continent_code",
+      "zeek.cip_identity.socket_address_geo.country_code2",
+      "zeek.cip_identity.socket_address_geo.country_code3",
       "zeek.cip_identity.socket_address_geo.country_name",
+      "zeek.cip_identity.socket_address_geo.dma_code",
+      "zeek.cip_identity.socket_address_geo.ip",
+      "zeek.cip_identity.socket_address_geo.latitude",
+      "zeek.cip_identity.socket_address_geo.location",
+      "zeek.cip_identity.socket_address_geo.longitude",
+      "zeek.cip_identity.socket_address_geo.postal_code",
+      "zeek.cip_identity.socket_address_geo.region_code",
+      "zeek.cip_identity.socket_address_geo.region_name",
+      "zeek.cip_identity.socket_address_geo.timezone",
       "zeek.cip_identity.socket_port",
       "zeek.cip_identity.vendor_id",
       "zeek.cip_identity.vendor_name",
@@ -998,52 +1016,108 @@ class MalcolmSource extends WISESource {
       "zeek.ftp.reply_code",
       "zeek.ftp.reply_msg",
       "zeek.fuid",
-      "zeek.genisys.crc_calculated",
-      "zeek.genisys.crc_transmitted",
-      "zeek.genisys.direction",
-      "zeek.genisys.header",
-      "zeek.genisys.payload.address",
-      "zeek.genisys.payload.data",
-      "zeek.genisys.server",
-      "zeek.ge_srtp.srtp_type",
-      "zeek.ge_srtp.sequence_number_1",
-      "zeek.ge_srtp.text_length",
-      "zeek.ge_srtp.time_seconds",
-      "zeek.ge_srtp.time_minutes",
-      "zeek.ge_srtp.time_hours",
-      "zeek.ge_srtp.sequence_number_2",
-      "zeek.ge_srtp.message_type",
-      "zeek.ge_srtp.mailbox_source",
-      "zeek.ge_srtp.mailbox_destination",
-      "zeek.ge_srtp.packet_number",
-      "zeek.ge_srtp.total_packet_number",
-      "zeek.ge_srtp.service_request_code",
-      "zeek.ge_srtp.segment_selector",
-      "zeek.ge_srtp.memory_offset",
-      "zeek.ge_srtp.data_length",
-      "zeek.ge_srtp.status_code",
-      "zeek.ge_srtp.minor_status_code",
-      "zeek.ge_srtp.data_requested",
+      "zeek.ge_srtp.constant_sweep_mode",
       "zeek.ge_srtp.control_program_number",
       "zeek.ge_srtp.current_privilege_level",
+      "zeek.ge_srtp.data_length",
+      "zeek.ge_srtp.data_requested",
+      "zeek.ge_srtp.front_panel_enable_switch",
+      "zeek.ge_srtp.front_panel_run_switch",
+      "zeek.ge_srtp.io_fault_entry_last_read",
+      "zeek.ge_srtp.io_fault_entry_present",
       "zeek.ge_srtp.last_sweep_time",
+      "zeek.ge_srtp.mailbox_destination",
+      "zeek.ge_srtp.mailbox_source",
+      "zeek.ge_srtp.memory_offset",
+      "zeek.ge_srtp.message_type",
+      "zeek.ge_srtp.minor_status_code",
+      "zeek.ge_srtp.oem_protected",
       "zeek.ge_srtp.oversweep_flag",
-      "zeek.ge_srtp.constant_sweep_mode",
+      "zeek.ge_srtp.packet_number",
       "zeek.ge_srtp.plc_fault_entry_last_read",
-      "zeek.ge_srtp.io_fault_entry_last_read",
       "zeek.ge_srtp.plc_fault_entry_present",
-      "zeek.ge_srtp.io_fault_entry_present",
-      "zeek.ge_srtp.programmer_attachment",
-      "zeek.ge_srtp.front_panel_enable_switch",
-      "zeek.ge_srtp.front_panel_run_switch",
-      "zeek.ge_srtp.oem_protected",
       "zeek.ge_srtp.plc_state",
+      "zeek.ge_srtp.programmer_attachment",
+      "zeek.ge_srtp.segment_selector",
+      "zeek.ge_srtp.sequence_number_1",
+      "zeek.ge_srtp.sequence_number_2",
+      "zeek.ge_srtp.service_request_code",
+      "zeek.ge_srtp.srtp_type",
+      "zeek.ge_srtp.status_code",
+      "zeek.ge_srtp.text_length",
+      "zeek.ge_srtp.time_hours",
+      "zeek.ge_srtp.time_minutes",
+      "zeek.ge_srtp.time_seconds",
+      "zeek.ge_srtp.total_packet_number",
+      "zeek.genisys.crc_calculated",
+      "zeek.genisys.crc_transmitted",
+      "zeek.genisys.direction",
+      "zeek.genisys.header",
+      "zeek.genisys.payload.address",
+      "zeek.genisys.payload.data",
+      "zeek.genisys.server",
       "zeek.gquic.cyu",
       "zeek.gquic.cyutags",
       "zeek.gquic.server_name",
       "zeek.gquic.tag_count",
       "zeek.gquic.user_agent",
       "zeek.gquic.version",
+      "zeek.hart_ip.command_number_link_id",
+      "zeek.hart_ip.direct_pdu_command_link_id",
+      "zeek.hart_ip.direct_pdu_device_status_cold_start",
+      "zeek.hart_ip.direct_pdu_device_status_configuration_changed",
+      "zeek.hart_ip.direct_pdu_device_status_device_malfunction",
+      "zeek.hart_ip.direct_pdu_device_status_loop_current_fixed",
+      "zeek.hart_ip.direct_pdu_device_status_loop_current_saturated",
+      "zeek.hart_ip.direct_pdu_device_status_more_status_available",
+      "zeek.hart_ip.direct_pdu_device_status_non_primary_variable_out_of_limits",
+      "zeek.hart_ip.direct_pdu_device_status_primary_variable_out_of_limits",
+      "zeek.hart_ip.direct_pdu_extended_status_critical_power_failure",
+      "zeek.hart_ip.direct_pdu_extended_status_device_variable_alert",
+      "zeek.hart_ip.direct_pdu_extended_status_failure",
+      "zeek.hart_ip.direct_pdu_extended_status_function_check",
+      "zeek.hart_ip.direct_pdu_extended_status_maintenance_required",
+      "zeek.hart_ip.direct_pdu_extended_status_out_of_specification",
+      "zeek.hart_ip.direct_pdu_extended_status_undefined_bits",
+      "zeek.hart_ip.header_length",
+      "zeek.hart_ip.header_message_id",
+      "zeek.hart_ip.header_message_type_message_type",
+      "zeek.hart_ip.header_message_type_reserved",
+      "zeek.hart_ip.header_sequence_number",
+      "zeek.hart_ip.header_status_code",
+      "zeek.hart_ip.header_version",
+      "zeek.hart_ip.message_packet_bytes",
+      "zeek.hart_ip.read_audit_log_last_security_change",
+      "zeek.hart_ip.read_audit_log_number_of_records",
+      "zeek.hart_ip.read_audit_log_power_up_time",
+      "zeek.hart_ip.read_audit_log_server_status_insecure_syslog_connection",
+      "zeek.hart_ip.read_audit_log_server_status_syslog_server_located_but_connection_failed",
+      "zeek.hart_ip.read_audit_log_server_status_unable_to_locate_syslog_server",
+      "zeek.hart_ip.read_audit_log_server_status_undefined_bits",
+      "zeek.hart_ip.read_audit_log_session_record_size",
+      "zeek.hart_ip.read_audit_log_start_record",
+      "zeek.hart_ip.session_initiate_inactivity_close_timer",
+      "zeek.hart_ip.session_initiate_master_type",
+      "zeek.hart_ip.session_log_record_link_id",
+      "zeek.hart_ip.token_passing_pdu_address_v4",
+      "zeek.hart_ip.token_passing_pdu_address_v6",
+      "zeek.hart_ip.token_passing_pdu_byte_count",
+      "zeek.hart_ip.token_passing_pdu_check_byte",
+      "zeek.hart_ip.token_passing_pdu_command_number",
+      "zeek.hart_ip.token_passing_pdu_contents_data_data",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_cold_start",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_configuration_changed",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_device_malfunction",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_fixed",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_saturated",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_more_status_available",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits",
+      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits",
+      "zeek.hart_ip.token_passing_pdu_contents_response_response_code",
+      "zeek.hart_ip.token_passing_pdu_delimiter_address_type",
+      "zeek.hart_ip.token_passing_pdu_delimiter_expansion_bytes",
+      "zeek.hart_ip.token_passing_pdu_delimiter_frame_type",
+      "zeek.hart_ip.token_passing_pdu_delimiter_physical_layer_type",
       "zeek.hart_ip_common_commands.eeprom_control_eeprom_control_code",
       "zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_number_code",
       "zeek.hart_ip_common_commands.enter_exit_fixed_analog_channel_mode_analog_channel_units_code",
@@ -1301,62 +1375,6 @@ class MalcolmSource extends WISESource {
       "zeek.hart_ip_direct_pdu_command.direct_pdu_command_command_number",
       "zeek.hart_ip_direct_pdu_command.direct_pdu_command_data_data",
       "zeek.hart_ip_direct_pdu_command.direct_pdu_contents_response_response_code",
-      "zeek.hart_ip.command_number_link_id",
-      "zeek.hart_ip.direct_pdu_command_link_id",
-      "zeek.hart_ip.direct_pdu_device_status_cold_start",
-      "zeek.hart_ip.direct_pdu_device_status_configuration_changed",
-      "zeek.hart_ip.direct_pdu_device_status_device_malfunction",
-      "zeek.hart_ip.direct_pdu_device_status_loop_current_fixed",
-      "zeek.hart_ip.direct_pdu_device_status_loop_current_saturated",
-      "zeek.hart_ip.direct_pdu_device_status_more_status_available",
-      "zeek.hart_ip.direct_pdu_device_status_non_primary_variable_out_of_limits",
-      "zeek.hart_ip.direct_pdu_device_status_primary_variable_out_of_limits",
-      "zeek.hart_ip.direct_pdu_extended_status_critical_power_failure",
-      "zeek.hart_ip.direct_pdu_extended_status_device_variable_alert",
-      "zeek.hart_ip.direct_pdu_extended_status_failure",
-      "zeek.hart_ip.direct_pdu_extended_status_function_check",
-      "zeek.hart_ip.direct_pdu_extended_status_maintenance_required",
-      "zeek.hart_ip.direct_pdu_extended_status_out_of_specification",
-      "zeek.hart_ip.direct_pdu_extended_status_undefined_bits",
-      "zeek.hart_ip.header_length",
-      "zeek.hart_ip.header_message_id",
-      "zeek.hart_ip.header_message_type_message_type",
-      "zeek.hart_ip.header_message_type_reserved",
-      "zeek.hart_ip.header_sequence_number",
-      "zeek.hart_ip.header_status_code",
-      "zeek.hart_ip.header_version",
-      "zeek.hart_ip.message_packet_bytes",
-      "zeek.hart_ip.read_audit_log_last_security_change",
-      "zeek.hart_ip.read_audit_log_number_of_records",
-      "zeek.hart_ip.read_audit_log_power_up_time",
-      "zeek.hart_ip.read_audit_log_server_status_insecure_syslog_connection",
-      "zeek.hart_ip.read_audit_log_server_status_syslog_server_located_but_connection_failed",
-      "zeek.hart_ip.read_audit_log_server_status_unable_to_locate_syslog_server",
-      "zeek.hart_ip.read_audit_log_server_status_undefined_bits",
-      "zeek.hart_ip.read_audit_log_session_record_size",
-      "zeek.hart_ip.read_audit_log_start_record",
-      "zeek.hart_ip.session_initiate_inactivity_close_timer",
-      "zeek.hart_ip.session_initiate_master_type",
-      "zeek.hart_ip.session_log_record_link_id",
-      "zeek.hart_ip.token_passing_pdu_address_v4",
-      "zeek.hart_ip.token_passing_pdu_address_v6",
-      "zeek.hart_ip.token_passing_pdu_byte_count",
-      "zeek.hart_ip.token_passing_pdu_check_byte",
-      "zeek.hart_ip.token_passing_pdu_command_number",
-      "zeek.hart_ip.token_passing_pdu_contents_data_data",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_cold_start",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_configuration_changed",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_device_malfunction",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_fixed",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_loop_current_saturated",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_more_status_available",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_non_primary_variable_out_of_limits",
-      "zeek.hart_ip.token_passing_pdu_contents_response_device_status_primary_variable_out_of_limits",
-      "zeek.hart_ip.token_passing_pdu_contents_response_response_code",
-      "zeek.hart_ip.token_passing_pdu_delimiter_address_type",
-      "zeek.hart_ip.token_passing_pdu_delimiter_expansion_bytes",
-      "zeek.hart_ip.token_passing_pdu_delimiter_frame_type",
-      "zeek.hart_ip.token_passing_pdu_delimiter_physical_layer_type",
       "zeek.hart_ip_session_record.session_log_record_client_i_pv4_address",
       "zeek.hart_ip_session_record.session_log_record_client_i_pv6_address",
       "zeek.hart_ip_session_record.session_log_record_client_port",
@@ -1720,8 +1738,8 @@ class MalcolmSource extends WISESource {
       "zeek.known_certs.serial",
       "zeek.known_certs.subject",
       "zeek.known_modbus.device_type",
-      "zeek.known_routers.ttl",
       "zeek.known_routers.hlim",
+      "zeek.known_routers.ttl",
       "zeek.ldap.argument",
       "zeek.ldap.message_id",
       "zeek.ldap.object",
@@ -1750,6 +1768,7 @@ class MalcolmSource extends WISESource {
       "zeek.modbus_detailed.address",
       "zeek.modbus_detailed.quantity",
       "zeek.modbus_detailed.values",
+      "zeek.modbus_mask_write_register.address",
       "zeek.modbus_mask_write_register.and_mask",
       "zeek.modbus_mask_write_register.or_mask",
       "zeek.modbus_read_device_identification.conformity_level",
@@ -1835,6 +1854,208 @@ class MalcolmSource extends WISESource {
       "zeek.ocsp.revoketime",
       "zeek.ocsp.serialNumber",
       "zeek.ocsp.thisUpdate",
+      "zeek.omron_fins.client_node_address",
+      "zeek.omron_fins.command_code",
+      "zeek.omron_fins.destination_network_address",
+      "zeek.omron_fins.destination_node_number",
+      "zeek.omron_fins.destination_unit_address",
+      "zeek.omron_fins.gateway_count",
+      "zeek.omron_fins.icf_data_type",
+      "zeek.omron_fins.icf_gateway",
+      "zeek.omron_fins.icf_response_setting",
+      "zeek.omron_fins.link_id",
+      "zeek.omron_fins.response_code",
+      "zeek.omron_fins.server_node_address",
+      "zeek.omron_fins.service_id",
+      "zeek.omron_fins.source_network_address",
+      "zeek.omron_fins.source_node_number",
+      "zeek.omron_fins.source_unit_address",
+      "zeek.omron_fins.tcp_command",
+      "zeek.omron_fins.tcp_error_code",
+      "zeek.omron_fins.tcp_header",
+      "zeek.omron_fins.tcp_length",
+      "zeek.omron_fins.year",
+      "zeek.omron_fins.month",
+      "zeek.omron_fins.day",
+      "zeek.omron_fins.hour",
+      "zeek.omron_fins.minute",
+      "zeek.omron_fins.second",
+      "zeek.omron_fins_data_link_status_read.data_links",
+      "zeek.omron_fins_data_link_status_read.error_status",
+      "zeek.omron_fins_data_link_status_read.master_node_number",
+      "zeek.omron_fins_data_link_status_read.mode_status",
+      "zeek.omron_fins_data_link_status_read.node_number",
+      "zeek.omron_fins_data_link_status_read.node_setting",
+      "zeek.omron_fins_data_link_status_read.warning_status",
+      "zeek.omron_fins_detail.acquire_network_address",
+      "zeek.omron_fins_detail.acquire_node_number",
+      "zeek.omron_fins_detail.acquire_unit_address",
+      "zeek.omron_fins_detail.average_cycle_time",
+      "zeek.omron_fins_detail.beginning_address",
+      "zeek.omron_fins_detail.beginning_word",
+      "zeek.omron_fins_detail.bit_flag",
+      "zeek.omron_fins_detail.block_record_cio_area_first_word",
+      "zeek.omron_fins_detail.block_record_data_link_status",
+      "zeek.omron_fins_detail.block_record_dm_area_first_word",
+      "zeek.omron_fins_detail.block_record_kind_of_dm",
+      "zeek.omron_fins_detail.block_record_node_num",
+      "zeek.omron_fins_detail.block_record_num_of_link_nodes",
+      "zeek.omron_fins_detail.block_record_num_of_total_words",
+      "zeek.omron_fins_detail.built_in_host_interface",
+      "zeek.omron_fins_detail.clear_code",
+      "zeek.omron_fins_detail.clock_time",
+      "zeek.omron_fins_detail.command",
+      "zeek.omron_fins_detail.controller_data_to_read",
+      "zeek.omron_fins_detail.controller_model",
+      "zeek.omron_fins_detail.controller_status_data_read_mode",
+      "zeek.omron_fins_detail.controller_status_data_read_status",
+      "zeek.omron_fins_detail.controller_version",
+      "zeek.omron_fins_detail.cpu_bus_unit_config",
+      "zeek.omron_fins_detail.cycle_time_read_parameter",
+      "zeek.omron_fins_detail.data",
+      "zeek.omron_fins_detail.data_length",
+      "zeek.omron_fins_detail.date",
+      "zeek.omron_fins_detail.error_message",
+      "zeek.omron_fins_detail.expansion_dm_size",
+      "zeek.omron_fins_detail.fal_fals_0",
+      "zeek.omron_fins_detail.fal_fals_1",
+      "zeek.omron_fins_detail.fal_fals_10",
+      "zeek.omron_fins_detail.fal_fals_11",
+      "zeek.omron_fins_detail.fal_fals_12",
+      "zeek.omron_fins_detail.fal_fals_13",
+      "zeek.omron_fins_detail.fal_fals_2",
+      "zeek.omron_fins_detail.fal_fals_3",
+      "zeek.omron_fins_detail.fal_fals_4",
+      "zeek.omron_fins_detail.fal_fals_5",
+      "zeek.omron_fins_detail.fal_fals_6",
+      "zeek.omron_fins_detail.fal_fals_7",
+      "zeek.omron_fins_detail.fal_fals_8",
+      "zeek.omron_fins_detail.fal_fals_9",
+      "zeek.omron_fins_detail.fal_fals_no",
+      "zeek.omron_fins_detail.fal_fals_no_0",
+      "zeek.omron_fins_detail.fal_fals_no_1",
+      "zeek.omron_fins_detail.fal_fals_no_10",
+      "zeek.omron_fins_detail.fal_fals_no_11",
+      "zeek.omron_fins_detail.fal_fals_no_12",
+      "zeek.omron_fins_detail.fal_fals_no_13",
+      "zeek.omron_fins_detail.fal_fals_no_2",
+      "zeek.omron_fins_detail.fal_fals_no_3",
+      "zeek.omron_fins_detail.fal_fals_no_4",
+      "zeek.omron_fins_detail.fal_fals_no_5",
+      "zeek.omron_fins_detail.fal_fals_no_6",
+      "zeek.omron_fins_detail.fal_fals_no_7",
+      "zeek.omron_fins_detail.fal_fals_no_8",
+      "zeek.omron_fins_detail.fal_fals_no_9",
+      "zeek.omron_fins_detail.fatal_error",
+      "zeek.omron_fins_detail.first_word",
+      "zeek.omron_fins_detail.for_system_use",
+      "zeek.omron_fins_detail.intelligent_id_no",
+      "zeek.omron_fins_detail.iom_size",
+      "zeek.omron_fins_detail.kind_of_memory_card",
+      "zeek.omron_fins_detail.last_word",
+      "zeek.omron_fins_detail.last_word_bit",
+      "zeek.omron_fins_detail.max_cycle_time",
+      "zeek.omron_fins_detail.memory_area_code",
+      "zeek.omron_fins_detail.memory_card_size",
+      "zeek.omron_fins_detail.message_0",
+      "zeek.omron_fins_detail.message_1",
+      "zeek.omron_fins_detail.message_2",
+      "zeek.omron_fins_detail.message_3",
+      "zeek.omron_fins_detail.message_4",
+      "zeek.omron_fins_detail.message_5",
+      "zeek.omron_fins_detail.message_6",
+      "zeek.omron_fins_detail.message_7",
+      "zeek.omron_fins_detail.message_no_0",
+      "zeek.omron_fins_detail.message_no_1",
+      "zeek.omron_fins_detail.message_no_2",
+      "zeek.omron_fins_detail.message_no_3",
+      "zeek.omron_fins_detail.message_no_4",
+      "zeek.omron_fins_detail.message_no_5",
+      "zeek.omron_fins_detail.message_no_6",
+      "zeek.omron_fins_detail.message_no_7",
+      "zeek.omron_fins_detail.message_yes_no",
+      "zeek.omron_fins_detail.min_cycle_time",
+      "zeek.omron_fins_detail.model_number",
+      "zeek.omron_fins_detail.no_of_bits",
+      "zeek.omron_fins_detail.no_of_dm_words",
+      "zeek.omron_fins_detail.no_of_racks_connected",
+      "zeek.omron_fins_detail.no_of_steps_transitions",
+      "zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted",
+      "zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted",
+      "zeek.omron_fins_detail.no_of_units",
+      "zeek.omron_fins_detail.non_fatal_error",
+      "zeek.omron_fins_detail.num_of_link_nodes",
+      "zeek.omron_fins_detail.number_of_bytes",
+      "zeek.omron_fins_detail.number_of_items",
+      "zeek.omron_fins_detail.number_of_receptions",
+      "zeek.omron_fins_detail.number_of_words",
+      "zeek.omron_fins_detail.parameter_area_code",
+      "zeek.omron_fins_detail.peripheral_device_connected",
+      "zeek.omron_fins_detail.program_area_size",
+      "zeek.omron_fins_detail.program_no",
+      "zeek.omron_fins_detail.protect_code",
+      "zeek.omron_fins_detail.read_length",
+      "zeek.omron_fins_detail.run_mode",
+      "zeek.omron_fins_detail.set_reset_specification",
+      "zeek.omron_fins_detail.test_data",
+      "zeek.omron_fins_detail.timer_size",
+      "zeek.omron_fins_detail.unit_address",
+      "zeek.omron_fins_error.beginning_record_no",
+      "zeek.omron_fins_error.error_code_1",
+      "zeek.omron_fins_error.error_code_2",
+      "zeek.omron_fins_error.error_reset_fal_no",
+      "zeek.omron_fins_error.max_no_stored_records",
+      "zeek.omron_fins_error.no_of_records",
+      "zeek.omron_fins_error.no_of_stored_records",
+      "zeek.omron_fins_file.beginning_address",
+      "zeek.omron_fins_file.beginning_block_no",
+      "zeek.omron_fins_file.beginning_file_position",
+      "zeek.omron_fins_file.beginning_word",
+      "zeek.omron_fins_file.block_no",
+      "zeek.omron_fins_file.control_data",
+      "zeek.omron_fins_file.data_length",
+      "zeek.omron_fins_file.data_type",
+      "zeek.omron_fins_file.disk_no",
+      "zeek.omron_fins_file.dst_disk_no",
+      "zeek.omron_fins_file.dst_file_name",
+      "zeek.omron_fins_file.file_capacity",
+      "zeek.omron_fins_file.file_name",
+      "zeek.omron_fins_file.file_position",
+      "zeek.omron_fins_file.last_block",
+      "zeek.omron_fins_file.last_file",
+      "zeek.omron_fins_file.memory_area_code",
+      "zeek.omron_fins_file.memory_data",
+      "zeek.omron_fins_file.memory_type",
+      "zeek.omron_fins_file.new_file_name",
+      "zeek.omron_fins_file.no_files_read",
+      "zeek.omron_fins_file.no_of_blocks",
+      "zeek.omron_fins_file.no_of_bytes",
+      "zeek.omron_fins_file.no_of_files",
+      "zeek.omron_fins_file.no_of_items",
+      "zeek.omron_fins_file.no_of_words",
+      "zeek.omron_fins_file.old_file_name",
+      "zeek.omron_fins_file.parameter_area_code",
+      "zeek.omron_fins_file.parameter_code",
+      "zeek.omron_fins_file.program_no",
+      "zeek.omron_fins_file.protected",
+      "zeek.omron_fins_file.remaining_blocks",
+      "zeek.omron_fins_file.src_disk_no",
+      "zeek.omron_fins_file.src_file_name",
+      "zeek.omron_fins_file.total_capacity",
+      "zeek.omron_fins_file.total_no_files",
+      "zeek.omron_fins_file.total_no_of_blocks",
+      "zeek.omron_fins_file.unused_capacity",
+      "zeek.omron_fins_file.volume_label",
+      "zeek.omron_fins_network_status_read.communication_cycle_time",
+      "zeek.omron_fins_network_status_read.current_polling_node_number",
+      "zeek.omron_fins_network_status_read.cyclic_error_count",
+      "zeek.omron_fins_network_status_read.cyclic_operation",
+      "zeek.omron_fins_network_status_read.cyclic_transmission_status",
+      "zeek.omron_fins_network_status_read.exit_status",
+      "zeek.omron_fins_network_status_read.in_network",
+      "zeek.omron_fins_network_status_read.node_number",
+      "zeek.omron_fins_network_status_read.non_fatal_error",
+      "zeek.omron_fins_network_status_read.polling",
       "zeek.opcua_binary.encoding_mask",
       "zeek.opcua_binary.endpoint_url",
       "zeek.opcua_binary.error",
@@ -1842,6 +2063,7 @@ class MalcolmSource extends WISESource {
       "zeek.opcua_binary.identifier",
       "zeek.opcua_binary.identifier_str",
       "zeek.opcua_binary.is_final",
+      "zeek.opcua_binary.log_types",
       "zeek.opcua_binary.max_chunk_cnt",
       "zeek.opcua_binary.max_msg_size",
       "zeek.opcua_binary.msg_size",
@@ -2295,20 +2517,20 @@ class MalcolmSource extends WISESource {
       "zeek.opcua_binary_variant_metadata.variant_data_array_dim",
       "zeek.opcua_binary_variant_metadata.variant_data_source",
       "zeek.opcua_binary_variant_metadata.variant_data_source_str",
+      "zeek.opcua_binary_write.attribute_id",
+      "zeek.opcua_binary_write.attribute_id_str",
+      "zeek.opcua_binary_write.data_value_encoding_mask",
+      "zeek.opcua_binary_write.index_range",
       "zeek.opcua_binary_write.node_id_encoding_mask",
+      "zeek.opcua_binary_write.node_id_guid",
       "zeek.opcua_binary_write.node_id_namespace_idx",
       "zeek.opcua_binary_write.node_id_numeric",
-      "zeek.opcua_binary_write.node_id_string",
-      "zeek.opcua_binary_write.node_id_guid",
       "zeek.opcua_binary_write.node_id_opaque",
-      "zeek.opcua_binary_write.attribute_id",
-      "zeek.opcua_binary_write.attribute_id_str",
-      "zeek.opcua_binary_write.index_range",
-      "zeek.opcua_binary_write.data_value_encoding_mask",
-      "zeek.opcua_binary_write.source_timestamp",
-      "zeek.opcua_binary_write.source_pico_sec",
-      "zeek.opcua_binary_write.server_timestamp",
+      "zeek.opcua_binary_write.node_id_string",
       "zeek.opcua_binary_write.server_pico_sec",
+      "zeek.opcua_binary_write.server_timestamp",
+      "zeek.opcua_binary_write.source_pico_sec",
+      "zeek.opcua_binary_write.source_timestamp",
       "zeek.ospf.advert_router",
       "zeek.ospf.area_id",
       "zeek.ospf.backup_router",
@@ -2350,6 +2572,13 @@ class MalcolmSource extends WISESource {
       "zeek.pe.uses_code_integrity",
       "zeek.pe.uses_dep",
       "zeek.pe.uses_seh",
+      "zeek.postgresql.application_name",
+      "zeek.postgresql.backend",
+      "zeek.postgresql.backend_arg",
+      "zeek.postgresql.database",
+      "zeek.postgresql.frontend",
+      "zeek.postgresql.frontend_arg",
+      "zeek.postgresql.rows",
       "zeek.profinet.block_version",
       "zeek.profinet.index",
       "zeek.profinet.operation_type",
@@ -2362,41 +2591,42 @@ class MalcolmSource extends WISESource {
       "zeek.profinet_dce_rpc.packet_type",
       "zeek.profinet_dce_rpc.server_boot_time",
       "zeek.profinet_dce_rpc.version",
-      "zeek.profinet_io_cm.rpc_version",
-      "zeek.profinet_io_cm.packet_type",
-      "zeek.profinet_io_cm.reserved_for_impl_1",
-      "zeek.profinet_io_cm.last_fragment",
-      "zeek.profinet_io_cm.fragment",
-      "zeek.profinet_io_cm.no_fragment_requested",
-      "zeek.profinet_io_cm.maybe",
-      "zeek.profinet_io_cm.idempotent",
+      "zeek.profinet_io_cm.activity_hint",
+      "zeek.profinet_io_cm.activity_uuid",
+      "zeek.profinet_io_cm.auth_protocol",
       "zeek.profinet_io_cm.broadcast",
-      "zeek.profinet_io_cm.reserved_for_impl_2",
       "zeek.profinet_io_cm.cancel_was_pending_at_call_end",
-      "zeek.profinet_io_cm.integer_encoding",
       "zeek.profinet_io_cm.character_encoding",
       "zeek.profinet_io_cm.floating_point_encoding",
-      "zeek.profinet_io_cm.serial_high",
-      "zeek.profinet_io_cm.object_uuid",
-      "zeek.profinet_io_cm.interface_uuid",
-      "zeek.profinet_io_cm.activity_uuid",
-      "zeek.profinet_io_cm.server_boot_time",
-      "zeek.profinet_io_cm.uuid_version",
-      "zeek.profinet_io_cm.sequence_num",
-      "zeek.profinet_io_cm.operation_num",
+      "zeek.profinet_io_cm.fragment",
+      "zeek.profinet_io_cm.fragment_num",
+      "zeek.profinet_io_cm.idempotent",
+      "zeek.profinet_io_cm.integer_encoding",
       "zeek.profinet_io_cm.interface_hint",
-      "zeek.profinet_io_cm.activity_hint",
+      "zeek.profinet_io_cm.interface_uuid",
+      "zeek.profinet_io_cm.last_fragment",
       "zeek.profinet_io_cm.len_of_body",
-      "zeek.profinet_io_cm.fragment_num",
-      "zeek.profinet_io_cm.auth_protocol",
+      "zeek.profinet_io_cm.max_frag_size",
+      "zeek.profinet_io_cm.max_tsdu",
+      "zeek.profinet_io_cm.maybe",
+      "zeek.profinet_io_cm.no_fragment_requested",
+      "zeek.profinet_io_cm.object_uuid",
+      "zeek.profinet_io_cm.operation",
+      "zeek.profinet_io_cm.operation_num",
+      "zeek.profinet_io_cm.packet_type",
+      "zeek.profinet_io_cm.reserved_for_impl_1",
+      "zeek.profinet_io_cm.reserved_for_impl_2",
+      "zeek.profinet_io_cm.rpc_version",
+      "zeek.profinet_io_cm.sel_ack",
+      "zeek.profinet_io_cm.sel_ack_len",
+      "zeek.profinet_io_cm.sequence_num",
+      "zeek.profinet_io_cm.serial_high",
       "zeek.profinet_io_cm.serial_low",
+      "zeek.profinet_io_cm.serial_number",
+      "zeek.profinet_io_cm.server_boot_time",
+      "zeek.profinet_io_cm.uuid_version",
       "zeek.profinet_io_cm.vers_fack",
       "zeek.profinet_io_cm.window_size",
-      "zeek.profinet_io_cm.max_tsdu",
-      "zeek.profinet_io_cm.max_frag_size",
-      "zeek.profinet_io_cm.serial_number",
-      "zeek.profinet_io_cm.sel_ack_len",
-      "zeek.profinet_io_cm.sel_ack",
       "zeek.radius.connect_info",
       "zeek.radius.framed_addr",
       "zeek.radius.mac",
@@ -2460,6 +2690,7 @@ class MalcolmSource extends WISESource {
       "zeek.s7comm_upload_download.rosctr_name",
       "zeek.s7comm_upload_download.session_id",
       "zeek.signatures.event_message",
+      "zeek.signatures.hits",
       "zeek.signatures.hits.Capa",
       "zeek.signatures.hits.ClamAV",
       "zeek.signatures.hits.Yara",
@@ -2769,6 +3000,7 @@ class MalcolmSource extends WISESource {
       "zeek.syslog.severity",
       "zeek.tds.command",
       "zeek.tds_rpc.parameter",
+      "zeek.tds_rpc.parameters",
       "zeek.tds_rpc.procedure_name",
       "zeek.tds_sql_batch.header_type",
       "zeek.tds_sql_batch.query",
@@ -2785,13 +3017,13 @@ class MalcolmSource extends WISESource {
       "zeek.tunnel.action",
       "zeek.tunnel.tunnel_type",
       "zeek.uid",
+      "zeek.websocket.client_extensions",
+      "zeek.websocket.client_protocols",
       "zeek.websocket.host",
+      "zeek.websocket.server_extensions",
+      "zeek.websocket.subprotocol",
       "zeek.websocket.uri",
       "zeek.websocket.user_agent",
-      "zeek.websocket.subprotocol",
-      "zeek.websocket.client_protocols",
-      "zeek.websocket.server_extensions",
-      "zeek.websocket.client_extensions",
       "zeek.weird.addl",
       "zeek.weird.notice",
       "zeek.weird.source",
diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
index 44ce16531..e92395ea9 100644
--- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
+++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json
@@ -112,7 +112,7 @@
       "version": "Wzc0MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
index 0e973d700..25da19ff1 100644
--- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
+++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json
@@ -87,7 +87,7 @@
       "version": "Wzc5NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
index 3e10f3b2b..9201c80b0 100644
--- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
+++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json
@@ -92,7 +92,7 @@
       "version": "Wzg3OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
index 363bd09e9..0776100a0 100644
--- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
+++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
index a4d2c2186..3e8c206fd 100644
--- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
+++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json
@@ -87,7 +87,7 @@
       "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
index 4ee157222..e75646d1b 100644
--- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
+++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json
@@ -87,7 +87,7 @@
       "version": "Wzc5NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
index a66b2d273..01cfc7d1a 100644
--- a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
+++ b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
index 8026201dc..0b77b8507 100644
--- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
+++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
index 7b1d4218c..699f481b7 100644
--- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
+++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json
@@ -82,7 +82,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
index ecee23717..2012caa4a 100644
--- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
+++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
index 5bc7096af..2e99dd457 100644
--- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
+++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json
@@ -82,7 +82,7 @@
       "version": "Wzc1NSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
index 20c4602fa..8c6280da5 100644
--- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
+++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
@@ -127,7 +127,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
index 4aef07405..2e21d0095 100644
--- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
+++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json
@@ -92,7 +92,7 @@
       "version": "WzkzNiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
index 87f4d1312..d8a925189 100644
--- a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
index 2a7c00e02..af5e76976 100644
--- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
+++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json
@@ -72,7 +72,7 @@
       "version": "Wzc4NCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
index c87499cb2..b0c4fdc8a 100644
--- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json
@@ -112,7 +112,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
index 11466d8b3..82229a2cc 100644
--- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json
@@ -122,7 +122,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
index 6b16b866d..caba9fc21 100644
--- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
+++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json
@@ -122,7 +122,7 @@
       "version": "Wzg0OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
index 4a0662d81..a613e72d6 100644
--- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
+++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json
@@ -107,7 +107,7 @@
       "version": "Wzg3OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
index aa6e79a92..c867ed874 100644
--- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
+++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json
@@ -117,7 +117,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
index 2c76bc4aa..97bb2a7a1 100644
--- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json
@@ -72,7 +72,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
index 5662a236d..631d0ca4d 100644
--- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
+++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json
@@ -92,7 +92,7 @@
       "version": "WzkyOSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
index 91bb38e7c..157e206b4 100644
--- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
+++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json
@@ -127,7 +127,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
index c8a16794f..82431e205 100644
--- a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json b/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
index 846e46991..32e903ffc 100644
--- a/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
+++ b/dashboards/dashboards/3a9e3440-75e2-11ef-8138-03748f839a49.json
@@ -162,7 +162,7 @@
       "version": "WzkxNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
index 3075858b3..d697cc5fc 100644
--- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
+++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json
@@ -102,7 +102,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
index dc646ef18..a658a0a40 100644
--- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
+++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
index ac2493564..ed66626ab 100644
--- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
+++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json
@@ -82,7 +82,7 @@
       "version": "Wzg4MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
index 58e51d154..dc00cc87c 100644
--- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
+++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json
@@ -97,7 +97,7 @@
       "version": "Wzg4OCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
index 2d6254453..6ac48e28d 100644
--- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
+++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json
@@ -87,7 +87,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
index f8be11f76..7729841d8 100644
--- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
+++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
index 0296c5961..9fe18453b 100644
--- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
+++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json
@@ -97,7 +97,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
index 85a91b8d8..8dda81bb8 100644
--- a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -47,7 +47,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
index 8b05d929b..15bf2522b 100644
--- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
+++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json
@@ -97,7 +97,7 @@
       "version": "Wzg2MSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
index 896aca630..7bb423ddd 100644
--- a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
+++ b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
index fd893e831..0341bccf3 100644
--- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
+++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json
@@ -77,7 +77,7 @@
       "version": "Wzc4NCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
index dee09358c..8872d3d33 100644
--- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
+++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json
@@ -122,7 +122,7 @@
       "version": "Wzg4NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
index 3dd4a6e42..5be6aa1bd 100644
--- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
+++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json
@@ -82,7 +82,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
index 548687248..0c1dead80 100644
--- a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
index f7728c6d0..4cacd39f6 100644
--- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
+++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
index bfc44433c..7799d6cde 100644
--- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
+++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json
@@ -117,7 +117,7 @@
       "version": "Wzg1OCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
index 4c73ffc1f..d533f2122 100644
--- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
+++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
index 160fc15e0..e713897b7 100644
--- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
+++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
index 452c35624..008a28bf7 100644
--- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
+++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
index 65c31c787..a387b2cb1 100644
--- a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
+++ b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json
@@ -62,7 +62,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
index 99e6973d8..2c44be62e 100644
--- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
+++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json
@@ -102,7 +102,7 @@
       "version": "WzgzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
index 8ea92286e..d9760aef4 100644
--- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
+++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
index f1a565ea7..b08af35ce 100644
--- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
+++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json
@@ -102,7 +102,7 @@
       "version": "Wzg1NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
index a75130ab5..aeca23faa 100644
--- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
+++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json
@@ -122,7 +122,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
index 513305756..34023a38e 100644
--- a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
index e7ff8cdcb..d99e3991b 100644
--- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
+++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json
@@ -82,7 +82,7 @@
       "version": "Wzg1OSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
index d597ea8c2..1c1c82d31 100644
--- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json
@@ -87,7 +87,7 @@
       "version": "Wzg2MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
index 351ed9f01..74100e7c4 100644
--- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
+++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json
@@ -167,7 +167,7 @@
       "version": "Wzc4NiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
index 9e1d8a715..22d9196d0 100644
--- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
+++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json
@@ -87,7 +87,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
index f907ad541..4d84c1360 100644
--- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
+++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json
@@ -87,7 +87,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
index 9f23a37de..db15f1a62 100644
--- a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
+++ b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json b/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
index 16f04da0c..7a7858913 100644
--- a/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
+++ b/dashboards/dashboards/b8cf5890-87ed-11ef-ae18-dbcd34795edb.json
@@ -92,7 +92,7 @@
       "version": "WzkxNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
index 833ac3d1b..bcd950ef2 100644
--- a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
index f69a65ba2..c4b64f322 100644
--- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
+++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json
@@ -107,7 +107,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json b/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
index 992bea2ab..43b444a6d 100644
--- a/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
+++ b/dashboards/dashboards/beats/046212a0-a2a1-11e7-928f-5dbe6f6f5519.json
@@ -156,7 +156,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
index f1f1eedb0..5c7505de6 100644
--- a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
+++ b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json
@@ -65,7 +65,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
index 8a6cdefaa..851baafab 100644
--- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json
@@ -55,7 +55,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
index 5be94e53a..b5ccf5418 100644
--- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
+++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json
@@ -115,7 +115,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json b/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
index 5cf4d2a31..561139587 100644
--- a/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
+++ b/dashboards/dashboards/beats/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519.json
@@ -255,7 +255,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
index a6775619c..e08209d32 100644
--- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
+++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json
@@ -80,7 +80,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
index f75eebfcb..e5d9b979b 100644
--- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
+++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json
@@ -75,7 +75,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
index c3f58fe19..f072e5acd 100644
--- a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
+++ b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
@@ -65,7 +65,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
index dfac9c304..1cb7a9a85 100644
--- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
+++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json
@@ -65,7 +65,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/Metricbeat-host-overview.json b/dashboards/dashboards/beats/Metricbeat-host-overview.json
index 4ba39d32e..7cc2a3e08 100644
--- a/dashboards/dashboards/beats/Metricbeat-host-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-host-overview.json
@@ -442,7 +442,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/Metricbeat-system-overview.json b/dashboards/dashboards/beats/Metricbeat-system-overview.json
index 9249f5a88..850b0e8a0 100644
--- a/dashboards/dashboards/beats/Metricbeat-system-overview.json
+++ b/dashboards/dashboards/beats/Metricbeat-system-overview.json
@@ -332,7 +332,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
index 71da3c9c1..d2ddc21ea 100644
--- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
+++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json
@@ -70,7 +70,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
index 406439da6..95d871899 100644
--- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json
@@ -72,7 +72,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
index 7a220d7b4..9997bb4c3 100644
--- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
+++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json
@@ -82,7 +82,7 @@
       "version": "WzY5MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
index 6d56e888e..e63e4794a 100644
--- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
+++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json
@@ -77,7 +77,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json b/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
new file mode 100644
index 000000000..17a5a96de
--- /dev/null
+++ b/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
@@ -0,0 +1,243 @@
+{
+  "objects": [
+    {
+      "attributes": {
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":31,\"i\":\"93a55ef0-2531-4e0f-b541-007b15675877\"},\"panelIndex\":\"93a55ef0-2531-4e0f-b541-007b15675877\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":31,\"i\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\"},\"panelIndex\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\"},\"panelIndex\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":14,\"w\":10,\"h\":17,\"i\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\"},\"panelIndex\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":14,\"w\":11,\"h\":17,\"i\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\"},\"panelIndex\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":29,\"i\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\"},\"panelIndex\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "timeRestore": false,
+        "title": "Omron FINS",
+        "version": 1
+      },
+      "id": "c899f8b0-d36b-11ef-b619-17836b3bbf47",
+      "migrationVersion": {
+        "dashboard": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+          "name": "panel_0",
+          "type": "visualization"
+        },
+        {
+          "id": "3ed65fa0-d36c-11ef-b619-17836b3bbf47",
+          "name": "panel_1",
+          "type": "visualization"
+        },
+        {
+          "id": "7c385510-d36c-11ef-b619-17836b3bbf47",
+          "name": "panel_2",
+          "type": "visualization"
+        },
+        {
+          "id": "9dcfba60-d36c-11ef-b619-17836b3bbf47",
+          "name": "panel_3",
+          "type": "visualization"
+        },
+        {
+          "id": "d44dec60-d36c-11ef-b619-17836b3bbf47",
+          "name": "panel_4",
+          "type": "visualization"
+        },
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "panel_5",
+          "type": "search"
+        }
+      ],
+      "type": "dashboard",
+      "updated_at": "2025-01-15T18:17:04.667Z",
+      "version": "WzEwODgsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "title": "Navigation",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+      },
+      "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [],
+      "type": "visualization",
+      "updated_at": "2025-01-15T17:59:42.815Z",
+      "version": "WzEwNjIsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Log Counts",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Log Counts\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}}}"
+      },
+      "id": "3ed65fa0-d36c-11ef-b619-17836b3bbf47",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T18:12:13.594Z",
+      "version": "WzEwODQsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Logs Over Time",
+        "uiStateJSON": "{}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Logs Over Time\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"timeRange\":{\"from\":\"now-25y\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.dataset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"
+      },
+      "id": "7c385510-d36c-11ef-b619-17836b3bbf47",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T18:13:56.577Z",
+      "version": "WzEwODUsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Source IP",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Source IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "9dcfba60-d36c-11ef-b619-17836b3bbf47",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T18:14:52.934Z",
+      "version": "WzEwODYsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Destination IP",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"
+      },
+      "id": "d44dec60-d36c-11ef-b619-17836b3bbf47",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T18:16:24.358Z",
+      "version": "WzEwODcsMV0="
+    },
+    {
+      "attributes": {
+        "columns": [
+          "event.dataset",
+          "source.ip",
+          "destination.ip",
+          "zeek.omron_fins.icf_data_type",
+          "event.action",
+          "event.result",
+          "zeek.omron_fins.link_id",
+          "event.id"
+        ],
+        "description": "",
+        "hits": 0,
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:omron*\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+        },
+        "sort": [],
+        "title": "Omron FINS - All Logs",
+        "version": 1
+      },
+      "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+      "migrationVersion": {
+        "search": "7.9.3"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "MALCOLM_NETWORK_INDEX_PATTERN_REPLACER",
+          "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
+          "type": "index-pattern"
+        }
+      ],
+      "type": "search",
+      "updated_at": "2025-01-15T18:09:30.997Z",
+      "version": "WzEwODMsMV0="
+    }
+  ],
+  "version": "2.18.0"
+}
diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
index f859120c2..a4d3d86bb 100644
--- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
+++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json
@@ -92,7 +92,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
index 5c14e27e6..a0de63d3c 100644
--- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
+++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
index 357f34edb..0262edc14 100644
--- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
+++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json
@@ -112,7 +112,7 @@
       "version": "WzczOSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
index 24baf6363..b1c888d41 100644
--- a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
index 05a0e8308..6c3eba9fe 100644
--- a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
+++ b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
index aca52b10c..5aec75879 100644
--- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
+++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json
@@ -107,7 +107,7 @@
       "version": "WzgzOCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
index 993c5b6b8..578de1400 100644
--- a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
+++ b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json b/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
index fce03aee8..a6eebd520 100644
--- a/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
+++ b/dashboards/dashboards/e233a570-45d9-11ef-96a6-432365601033.json
@@ -127,7 +127,7 @@
       "version": "Wzg3NywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
index fe7fce269..5acf54593 100644
--- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
+++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json
@@ -97,7 +97,7 @@
       "version": "Wzg2MCwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
index 36da0f08a..cac27a18e 100644
--- a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
+++ b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json
@@ -47,7 +47,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
index 3cd5f2c3c..780ca9287 100644
--- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
+++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json
@@ -137,7 +137,7 @@
       "version": "Wzg2MSwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json b/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
index e55d71ea6..2759b8f14 100644
--- a/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
+++ b/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
@@ -85,7 +85,7 @@
         "title": "Navigation",
         "uiStateJSON": "{}",
         "version": 1,
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"
       },
       "id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
       "migrationVersion": {
diff --git a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
index 15540b85f..1237e02e1 100644
--- a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
+++ b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json
@@ -57,7 +57,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
index acdb18967..82590a12a 100644
--- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
+++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json
@@ -102,7 +102,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
index 6001c3b27..4182df020 100644
--- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
+++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json
@@ -77,7 +77,7 @@
       "version": "Wzg3MiwxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
index 18de1ce0c..1e5e1cd94 100644
--- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
+++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json
@@ -102,7 +102,7 @@
       "version": "WzkzNywxXQ==",
       "attributes": {
         "title": "Navigation",
-        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
+        "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General Network Logs\\n[Overview](#/dashboard/0ad3d7c2-3441-485e-9dfe-dbb22e84e576)  \\n[Security Overview](#/dashboard/95479950-41f2-11ea-88fa-7151df485405)  \\n[ICS/IoT Security Overview](#/dashboard/4a4bde20-4760-11ea-949c-bbb5a9feecbf)  \\n[Severity](#/dashboard/d2dd0180-06b1-11ec-8c6b-353266ade330)  \\n[Connections](#/dashboard/abdd7550-2c7c-40dc-947e-f6d186a158c4)  \\n[Actions and Results](#/dashboard/a33e0a50-afcd-11ea-993f-b7d8522a8bed)  \\n[Files](#/dashboard/9ee51f94-3316-4fc5-bd89-93a52af69714)  \\n[Executables](#/dashboard/0a490422-0ce9-44bf-9a2d-19329ddde8c3)  \\n[Software](#/dashboard/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85)  \\n[Zeek Known Summary](#/dashboard/89d1cc50-974c-11ed-bb6b-3fb06c879b11)  \\n[Zeek Intelligence](#/dashboard/36ed695f-edcc-47c1-b0ec-50d20c93ce0f)  \\n[Zeek Notices](#/dashboard/f1f09567-fc7f-450b-a341-19d2f2bb468b)  \\n[Zeek Weird](#/dashboard/1fff49f6-0199-4a0f-820b-721aff9ff1f1)  \\n[Signatures](#/dashboard/665d1610-523d-11e9-a30e-e3576242f3ed)  \\n[Suricata Alerts](#/dashboard/5694ca60-cbdf-11ec-a50a-5fedd672f5c5)  \\n[Asset Interaction Analysis](#/dashboard/677ee170-809e-11ed-8d5b-07069f823b6f)  \\n[↪ NetBox](/netbox/)  \\n[↪ Arkime](/arkime/)  \\n\\n### Common Protocols\\n[DCE/RPC](#/dashboard/432af556-c5c0-4cc3-8166-b274b4e3a406)   ●   [DHCP](#/dashboard/2d98bb8e-214c-4374-837b-20e1bcd63a5e)   ●   [DNS](#/dashboard/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9)   ●   [FTP](#/dashboard/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](#/dashboard/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48)   ●   [HTTP](#/dashboard/37041ee1-79c0-4684-a436-3173b0e89876) / [WebSocket](#/dashboard/b8cf5890-87ed-11ef-ae18-dbcd34795edb)   ●   [IRC](#/dashboard/76f2f912-80da-44cd-ab66-6a73c8344cc3)   ●   [Kerberos](#/dashboard/82da3101-2a9c-4ae2-bb61-d447a3fbe673)   ●   [LDAP](#/dashboard/05e3e000-f118-11e9-acda-83a8e29e1a24)   ●   [MQTT](#/dashboard/87a32f90-ef58-11e9-974e-9d600036d105)   ●   [MySQL](#/dashboard/50ced171-1b10-4c3f-8b67-2db9635661a6)   ●   [NTLM](#/dashboard/543118a9-02d7-43fe-b669-b8652177fc37)   ●   [NTP](#/dashboard/af5df620-eeb6-11e9-bdef-65a192b7f586)   ●   [OSPF](#/dashboard/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0)   ●   [PostgreSQL](#/dashboard/f2c0da10-d2c5-11ef-8864-d58a560dc292)   ●   [QUIC](#/dashboard/11ddd980-e388-11e9-b568-cf17de8e860c)   ●   [RADIUS](#/dashboard/ae79b7d1-4281-4095-b2f6-fa7eafda9970)   ●   [RDP](#/dashboard/7f41913f-cba8-43f5-82a8-241b7ead03e0)   ●   [RFB](#/dashboard/f77bf097-18a8-465c-b634-eb2acc7a4f26)   ●   [SIP](#/dashboard/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa)   ●   [SMB](#/dashboard/42e831b9-41a9-4f35-8b7d-e1566d368773)   ●   [SMTP](#/dashboard/bb827f8e-639e-468c-93c8-9f5bc132eb8f)   ●   [SNMP](#/dashboard/4e5f106e-c60a-4226-8f64-d534abb912ab)   ●   [SSH](#/dashboard/caef3ade-d289-4d05-a511-149f3e97f238)   ●   [SSL](#/dashboard/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](#/dashboard/024062a6-48d6-498f-a91a-3bf2da3a3cd3)   ●   [STUN](#/dashboard/fa477130-2b8a-11ec-a9f2-3911c8571bfd)   ●   [Syslog](#/dashboard/92985909-dc29-4533-9e80-d3182a0ecf1d)   ●   [TDS](#/dashboard/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](#/dashboard/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](#/dashboard/fa141950-ef89-11e9-b38a-2db3ee640e88)   ●   [Telnet / rlogin / rsh](#/dashboard/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2)   ●   [Tunnels](#/dashboard/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](#/dashboard/2bec1490-eb94-11e9-a384-0fcf32210194)   ●   [BSAP](#/dashboard/ca5799a0-56b5-11eb-b749-576de068f8ad)   ●   [DNP3](#/dashboard/870a5862-6c26-4a08-99fd-0c06cda85ba3)   ●   [EtherCAT](#/dashboard/4a073440-b286-11eb-a4d4-09fa12a6ebd4)   ●   [EtherNet/IP](#/dashboard/29a1b290-eb98-11e9-a384-0fcf32210194)   ●   [GENISYS](#/dashboard/03207c00-d07e-11ec-b4a7-d1b4003706b7)   ●   [GE SRTP](#/dashboard/e233a570-45d9-11ef-96a6-432365601033)   ●   [HART-IP](#/dashboard/3a9e3440-75e2-11ef-8138-03748f839a49)   ●   [Modbus](#/dashboard/152f29dc-51a2-4f53-93e9-6e92765567b8)   ●   [Omron FINS](#/dashboard/c899f8b0-d36b-11ef-b619-17836b3bbf47)   ●   [OPCUA Binary](#/dashboard/dd87edd0-796a-11ec-9ce6-b395c1ff58f4)   ●   [PROFINET](#/dashboard/a7514350-eba6-11e9-a384-0fcf32210194)   ●   [S7comm](#/dashboard/e76d05c0-eb9f-11e9-a384-0fcf32210194)   ●   [Synchrophasor](#/dashboard/2cc56240-e460-11ed-a9d5-9f591c284cb4)   ●   [Best Guess](#/dashboard/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\\n\\n### Malcolm and Third-Party Logs\\n\\nResources: [System Overview](#/dashboard/Metricbeat-system-overview) / [Host Overview](#/dashboard/Miscbeat-host-overview)   ●   [Hardware Temperature](#/dashboard/0d4955f0-eb25-11ec-a6d4-b3526526c2c7)   ●   nginx [Overview](#/dashboard/55a9e6e0-a29e-11e7-928f-5dbe6f6f5519) / [Access and Error Logs](#/dashboard/046212a0-a2a1-11e7-928f-5dbe6f6f5519)   ●   Linux [Journald](#/dashboard/f6600310-9943-11ee-a029-e973f4774355) / [Kernel Messages](#/dashboard/3768ef70-d819-11ee-820d-dd9fd73a3921) / [Syslog](#/dashboard/88bcec50-cc74-11ef-bae9-0d6b8da935ba)   ●   [Windows Events](#/dashboard/79202ee0-d811-11ee-820d-dd9fd73a3921)   ●   [Malcolm Sensor File Integrity](#/dashboard/903f42c0-f634-11ec-828d-2fb7a4a26e1f)   ●   [Malcolm Sensor Audit Logs](#/dashboard/7a7e0a60-e8e8-11ec-b9d4-4569bb965430)   ●   [Packet Capture Statistics](#/dashboard/4ca94c70-d7da-11ee-9ed3-e7afff29e59a)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
         "uiStateJSON": "{}",
         "description": "",
         "version": 1,
diff --git a/dashboards/templates/composable/component/zeek_ot.json b/dashboards/templates/composable/component/zeek_ot.json
index 8b7603cae..3bac50e6a 100644
--- a/dashboards/templates/composable/component/zeek_ot.json
+++ b/dashboards/templates/composable/component/zeek_ot.json
@@ -856,184 +856,75 @@
         "zeek.modbus_read_write_multiple_registers.read_start_address": { "type": "integer" },
         "zeek.modbus_read_write_multiple_registers.write_registers": { "type": "keyword" },
         "zeek.modbus_read_write_multiple_registers.write_start_address": { "type": "integer" },
-        "zeek.omron_fins_data_link_status_read.command_code": { "type": "keyword" },
-        "zeek.omron_fins_data_link_status_read.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_data_link_status_read.response_code": { "type": "keyword" },
-        "zeek.omron_fins_data_link_status_read.node_number": { "type": "long" },
+        "zeek.omron_fins.client_node_address": { "type": "long" },
+        "zeek.omron_fins.command_code": { "type": "keyword" },
+        "zeek.omron_fins.day": { "type": "long" },
+        "zeek.omron_fins.destination_network_address": { "type": "keyword" },
+        "zeek.omron_fins.destination_node_number": { "type": "keyword" },
+        "zeek.omron_fins.destination_unit_address": { "type": "keyword" },
+        "zeek.omron_fins.gateway_count": { "type": "long" },
+        "zeek.omron_fins.hour": { "type": "long" },
+        "zeek.omron_fins.icf_data_type": { "type": "keyword" },
+        "zeek.omron_fins.icf_gateway": { "type": "keyword" },
+        "zeek.omron_fins.icf_response_setting": { "type": "keyword" },
+        "zeek.omron_fins.link_id": { "type": "keyword" },
+        "zeek.omron_fins.minute": { "type": "long" },
+        "zeek.omron_fins.month": { "type": "long" },
+        "zeek.omron_fins.response_code": { "type": "keyword" },
+        "zeek.omron_fins.second": { "type": "long" },
+        "zeek.omron_fins.server_node_address": { "type": "long" },
+        "zeek.omron_fins.service_id": { "type": "keyword" },
+        "zeek.omron_fins.source_network_address": { "type": "keyword" },
+        "zeek.omron_fins.source_node_number": { "type": "keyword" },
+        "zeek.omron_fins.source_unit_address": { "type": "keyword" },
+        "zeek.omron_fins.tcp_command": { "type": "keyword" },
+        "zeek.omron_fins.tcp_error_code": { "type": "keyword" },
+        "zeek.omron_fins.tcp_header": { "type": "keyword" },
+        "zeek.omron_fins.tcp_length": { "type": "long" },
+        "zeek.omron_fins.year": { "type": "long" },
         "zeek.omron_fins_data_link_status_read.data_links": { "type": "keyword" },
-        "zeek.omron_fins_data_link_status_read.node_setting": { "type": "keyword" },
-        "zeek.omron_fins_data_link_status_read.master_node_number": { "type": "long" },
         "zeek.omron_fins_data_link_status_read.error_status": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.master_node_number": { "type": "long" },
         "zeek.omron_fins_data_link_status_read.mode_status": { "type": "keyword" },
+        "zeek.omron_fins_data_link_status_read.node_number": { "type": "long" },
+        "zeek.omron_fins_data_link_status_read.node_setting": { "type": "keyword" },
         "zeek.omron_fins_data_link_status_read.warning_status": { "type": "keyword" },
-        "zeek.omron_fins_error.command_code": { "type": "keyword" },
-        "zeek.omron_fins_error.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_error.response_code": { "type": "keyword" },
-        "zeek.omron_fins_error.error_reset_fal_no": { "type": "keyword" },
-        "zeek.omron_fins_error.beginning_record_no": { "type": "long" },
-        "zeek.omron_fins_error.max_no_stored_records": { "type": "long" },
-        "zeek.omron_fins_error.no_of_stored_records": { "type": "long" },
-        "zeek.omron_fins_error.no_of_records": { "type": "long" },
-        "zeek.omron_fins_error.error_code_1": { "type": "keyword" },
-        "zeek.omron_fins_error.error_code_2": { "type": "keyword" },
-        "zeek.omron_fins_error.minute": { "type": "long" },
-        "zeek.omron_fins_error.second": { "type": "long" },
-        "zeek.omron_fins_error.day": { "type": "long" },
-        "zeek.omron_fins_error.hour": { "type": "long" },
-        "zeek.omron_fins_error.year": { "type": "long" },
-        "zeek.omron_fins_error.month": { "type": "long" },
-        "zeek.omron_fins_file.command_code": { "type": "keyword" },
-        "zeek.omron_fins_file.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_file.response_code": { "type": "keyword" },
-        "zeek.omron_fins_file.disk_no": { "type": "long" },
-        "zeek.omron_fins_file.beginning_file_position": { "type": "keyword" },
-        "zeek.omron_fins_file.no_of_files": { "type": "long" },
-        "zeek.omron_fins_file.volume_label": { "type": "keyword" },
-        "zeek.omron_fins_file.year": { "type": "long" },
-        "zeek.omron_fins_file.month": { "type": "long" },
-        "zeek.omron_fins_file.day": { "type": "long" },
-        "zeek.omron_fins_file.hour": { "type": "long" },
-        "zeek.omron_fins_file.minute": { "type": "long" },
-        "zeek.omron_fins_file.second": { "type": "long" },
-        "zeek.omron_fins_file.total_capacity": { "type": "long" },
-        "zeek.omron_fins_file.unused_capacity": { "type": "long" },
-        "zeek.omron_fins_file.total_no_files": { "type": "long" },
-        "zeek.omron_fins_file.no_files_read": { "type": "long" },
-        "zeek.omron_fins_file.last_file": { "type": "keyword" },
-        "zeek.omron_fins_file.file_name": { "type": "keyword" },
-        "zeek.omron_fins_file.file_capacity": { "type": "long" },
-        "zeek.omron_fins_file.file_position": { "type": "long" },
-        "zeek.omron_fins_file.data_length": { "type": "long" },
-        "zeek.omron_fins_file.parameter_code": { "type": "keyword" },
-        "zeek.omron_fins_file.src_disk_no": { "type": "long" },
-        "zeek.omron_fins_file.src_file_name": { "type": "keyword" },
-        "zeek.omron_fins_file.dst_disk_no": { "type": "long" },
-        "zeek.omron_fins_file.dst_file_name": { "type": "keyword" },
-        "zeek.omron_fins_file.old_file_name": { "type": "keyword" },
-        "zeek.omron_fins_file.new_file_name": { "type": "keyword" },
-        "zeek.omron_fins_file.parameter_area_code": { "type": "keyword" },
-        "zeek.omron_fins_file.beginning_address": { "type": "keyword" },
-        "zeek.omron_fins_file.no_of_words": { "type": "long" },
-        "zeek.omron_fins_file.memory_area_code": { "type": "keyword" },
-        "zeek.omron_fins_file.no_of_items": { "type": "long" },
-        "zeek.omron_fins_file.program_no": { "type": "keyword" },
-        "zeek.omron_fins_file.no_of_bytes": { "type": "long" },
-        "zeek.omron_fins_file.beginning_word": { "type": "keyword" },
-        "zeek.omron_fins_file.beginning_block_no": { "type": "long" },
-        "zeek.omron_fins_file.no_of_blocks": { "type": "long" },
-        "zeek.omron_fins_file.remaining_blocks": { "type": "long" },
-        "zeek.omron_fins_file.total_no_of_blocks": { "type": "long" },
-        "zeek.omron_fins_file.memory_type": { "type": "keyword" },
-        "zeek.omron_fins_file.data_type": { "type": "keyword" },
-        "zeek.omron_fins_file.last_block": { "type": "keyword" },
-        "zeek.omron_fins_file.protected": { "type": "keyword" },
-        "zeek.omron_fins_file.control_data": { "type": "long" },
-        "zeek.omron_fins_file.block_no": { "type": "long" },
-        "zeek.omron_fins_file.memory_data": { "type": "keyword" },
-        "zeek.omron_fins_detail.command_code": { "type": "keyword" },
-        "zeek.omron_fins_detail.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_detail.memory_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.acquire_network_address": { "type": "long" },
+        "zeek.omron_fins_detail.acquire_node_number": { "type": "long" },
+        "zeek.omron_fins_detail.acquire_unit_address": { "type": "long" },
+        "zeek.omron_fins_detail.average_cycle_time": { "type": "float" },
         "zeek.omron_fins_detail.beginning_address": { "type": "keyword" },
-        "zeek.omron_fins_detail.number_of_items": { "type": "long" },
-        "zeek.omron_fins_detail.parameter_area_code": { "type": "keyword" },
         "zeek.omron_fins_detail.beginning_word": { "type": "keyword" },
-        "zeek.omron_fins_detail.number_of_words": { "type": "long" },
-        "zeek.omron_fins_detail.last_word_bit": { "type": "long" },
-        "zeek.omron_fins_detail.response_code": { "type": "keyword" },
-        "zeek.omron_fins_detail.data": { "type": "keyword" },
-        "zeek.omron_fins_detail.year": { "type": "long" },
-        "zeek.omron_fins_detail.month": { "type": "long" },
-        "zeek.omron_fins_detail.date": { "type": "long" },
-        "zeek.omron_fins_detail.hour": { "type": "long" },
-        "zeek.omron_fins_detail.minute": { "type": "long" },
-        "zeek.omron_fins_detail.second": { "type": "long" },
-        "zeek.omron_fins_detail.day": { "type": "keyword" },
-        "zeek.omron_fins_detail.clock_time": { "type": "date" },
-        "zeek.omron_fins_detail.intelligent_id_no": { "type": "keyword" },
-        "zeek.omron_fins_detail.first_word": { "type": "keyword" },
-        "zeek.omron_fins_detail.read_length": { "type": "keyword" },
-        "zeek.omron_fins_detail.data_length": { "type": "keyword" },
-        "zeek.omron_fins_detail.num_of_link_nodes": { "type": "long" },
-        "zeek.omron_fins_detail.block_record_data_link_status": { "type": "keyword" },
-        "zeek.omron_fins_detail.block_record_num_of_link_nodes": { "type": "long" },
-        "zeek.omron_fins_detail.block_record_node_num": { "type": "long" },
+        "zeek.omron_fins_detail.bit_flag": { "type": "long" },
         "zeek.omron_fins_detail.block_record_cio_area_first_word": { "type": "keyword" },
-        "zeek.omron_fins_detail.block_record_kind_of_dm": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_data_link_status": { "type": "keyword" },
         "zeek.omron_fins_detail.block_record_dm_area_first_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_kind_of_dm": { "type": "keyword" },
+        "zeek.omron_fins_detail.block_record_node_num": { "type": "long" },
+        "zeek.omron_fins_detail.block_record_num_of_link_nodes": { "type": "long" },
         "zeek.omron_fins_detail.block_record_num_of_total_words": { "type": "long" },
-        "zeek.omron_fins_detail.program_no": { "type": "long" },
-        "zeek.omron_fins_detail.protect_code": { "type": "long" },
-        "zeek.omron_fins_detail.last_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.built_in_host_interface": { "type": "long" },
         "zeek.omron_fins_detail.clear_code": { "type": "keyword" },
-        "zeek.omron_fins_detail.number_of_bytes": { "type": "long" },
-        "zeek.omron_fins_detail.run_mode": { "type": "keyword" },
+        "zeek.omron_fins_detail.clock_time": { "type": "date" },
+        "zeek.omron_fins_detail.command": { "type": "keyword" },
         "zeek.omron_fins_detail.controller_data_to_read": { "type": "keyword" },
         "zeek.omron_fins_detail.controller_model": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_status_data_read_mode": { "type": "keyword" },
+        "zeek.omron_fins_detail.controller_status_data_read_status": { "type": "keyword" },
         "zeek.omron_fins_detail.controller_version": { "type": "keyword" },
-        "zeek.omron_fins_detail.for_system_use": { "type": "keyword" },
-        "zeek.omron_fins_detail.program_area_size": { "type": "long" },
-        "zeek.omron_fins_detail.iom_size": { "type": "long" },
-        "zeek.omron_fins_detail.no_of_dm_words": { "type": "long" },
-        "zeek.omron_fins_detail.timer_size": { "type": "long" },
-        "zeek.omron_fins_detail.expansion_dm_size": { "type": "long" },
-        "zeek.omron_fins_detail.no_of_steps_transitions": { "type": "long" },
-        "zeek.omron_fins_detail.kind_of_memory_card": { "type": "keyword" },
-        "zeek.omron_fins_detail.memory_card_size": { "type": "long" },
         "zeek.omron_fins_detail.cpu_bus_unit_config": { "type": "keyword" },
-        "zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted": { "type": "long" },
-        "zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted": { "type": "long" },
-        "zeek.omron_fins_detail.peripheral_device_connected": { "type": "long" },
-        "zeek.omron_fins_detail.built_in_host_interface": { "type": "long" },
-        "zeek.omron_fins_detail.no_of_racks_connected": { "type": "long" },
-        "zeek.omron_fins_detail.no_of_units": { "type": "long" },
-        "zeek.omron_fins_detail.unit_address": { "type": "keyword" },
-        "zeek.omron_fins_detail.model_number": { "type": "keyword" },
-        "zeek.omron_fins_detail.controller_status_data_read_status": { "type": "keyword" },
-        "zeek.omron_fins_detail.controller_status_data_read_mode": { "type": "keyword" },
-        "zeek.omron_fins_detail.fatal_error": { "type": "keyword" },
-        "zeek.omron_fins_detail.non_fatal_error": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_yes_no": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no": { "type": "long" },
-        "zeek.omron_fins_detail.error_message": { "type": "keyword" },
         "zeek.omron_fins_detail.cycle_time_read_parameter": { "type": "keyword" },
-        "zeek.omron_fins_detail.average_cycle_time": { "type": "float" },
-        "zeek.omron_fins_detail.max_cycle_time": { "type": "float" },
-        "zeek.omron_fins_detail.min_cycle_time": { "type": "float" },
-        "zeek.omron_fins_detail.test_data": { "type": "keyword" },
-        "zeek.omron_fins_detail.number_of_receptions": { "type": "long" },
-        "zeek.omron_fins_detail.command": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_0": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_1": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_2": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_3": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_4": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_5": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_6": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_no_7": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_0": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_1": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_2": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_3": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_4": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_5": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_6": { "type": "keyword" },
-        "zeek.omron_fins_detail.message_7": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_0": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_1": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_2": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_3": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_4": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_5": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_6": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_7": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_8": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_9": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_10": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_11": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_12": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_no_13": { "type": "keyword" },
+        "zeek.omron_fins_detail.data": { "type": "keyword" },
+        "zeek.omron_fins_detail.data_length": { "type": "keyword" },
+        "zeek.omron_fins_detail.date": { "type": "long" },
+        "zeek.omron_fins_detail.error_message": { "type": "keyword" },
+        "zeek.omron_fins_detail.expansion_dm_size": { "type": "long" },
         "zeek.omron_fins_detail.fal_fals_0": { "type": "keyword" },
         "zeek.omron_fins_detail.fal_fals_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_10": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_11": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_12": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_13": { "type": "keyword" },
         "zeek.omron_fins_detail.fal_fals_2": { "type": "keyword" },
         "zeek.omron_fins_detail.fal_fals_3": { "type": "keyword" },
         "zeek.omron_fins_detail.fal_fals_4": { "type": "keyword" },
@@ -1042,49 +933,131 @@
         "zeek.omron_fins_detail.fal_fals_7": { "type": "keyword" },
         "zeek.omron_fins_detail.fal_fals_8": { "type": "keyword" },
         "zeek.omron_fins_detail.fal_fals_9": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_10": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_11": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_12": { "type": "keyword" },
-        "zeek.omron_fins_detail.fal_fals_13": { "type": "keyword" },
-        "zeek.omron_fins_detail.acquire_network_address": { "type": "long" },
-        "zeek.omron_fins_detail.acquire_node_number": { "type": "long" },
-        "zeek.omron_fins_detail.acquire_unit_address": { "type": "long" },
+        "zeek.omron_fins_detail.fal_fals_no": { "type": "long" },
+        "zeek.omron_fins_detail.fal_fals_no_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_10": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_11": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_12": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_13": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_8": { "type": "keyword" },
+        "zeek.omron_fins_detail.fal_fals_no_9": { "type": "keyword" },
+        "zeek.omron_fins_detail.fatal_error": { "type": "keyword" },
+        "zeek.omron_fins_detail.first_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.for_system_use": { "type": "keyword" },
+        "zeek.omron_fins_detail.intelligent_id_no": { "type": "keyword" },
+        "zeek.omron_fins_detail.iom_size": { "type": "long" },
+        "zeek.omron_fins_detail.kind_of_memory_card": { "type": "keyword" },
+        "zeek.omron_fins_detail.last_word": { "type": "keyword" },
+        "zeek.omron_fins_detail.last_word_bit": { "type": "long" },
+        "zeek.omron_fins_detail.max_cycle_time": { "type": "float" },
+        "zeek.omron_fins_detail.memory_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.memory_card_size": { "type": "long" },
+        "zeek.omron_fins_detail.message_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_0": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_1": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_2": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_3": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_4": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_5": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_6": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_no_7": { "type": "keyword" },
+        "zeek.omron_fins_detail.message_yes_no": { "type": "keyword" },
+        "zeek.omron_fins_detail.min_cycle_time": { "type": "float" },
+        "zeek.omron_fins_detail.model_number": { "type": "keyword" },
         "zeek.omron_fins_detail.no_of_bits": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_dm_words": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_racks_connected": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_steps_transitions": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_sysmac_bus2_master_mounted": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_sysmac_bus_master_mounted": { "type": "long" },
+        "zeek.omron_fins_detail.no_of_units": { "type": "long" },
+        "zeek.omron_fins_detail.non_fatal_error": { "type": "keyword" },
+        "zeek.omron_fins_detail.num_of_link_nodes": { "type": "long" },
+        "zeek.omron_fins_detail.number_of_bytes": { "type": "long" },
+        "zeek.omron_fins_detail.number_of_items": { "type": "long" },
+        "zeek.omron_fins_detail.number_of_receptions": { "type": "long" },
+        "zeek.omron_fins_detail.number_of_words": { "type": "long" },
+        "zeek.omron_fins_detail.parameter_area_code": { "type": "keyword" },
+        "zeek.omron_fins_detail.peripheral_device_connected": { "type": "long" },
+        "zeek.omron_fins_detail.program_area_size": { "type": "long" },
+        "zeek.omron_fins_detail.program_no": { "type": "long" },
+        "zeek.omron_fins_detail.protect_code": { "type": "long" },
+        "zeek.omron_fins_detail.read_length": { "type": "keyword" },
+        "zeek.omron_fins_detail.run_mode": { "type": "keyword" },
         "zeek.omron_fins_detail.set_reset_specification": { "type": "keyword" },
-        "zeek.omron_fins_detail.bit_flag": { "type": "long" },
-        "zeek.omron_fins.omron_fins_link_id": { "type": "keyword" },
-        "zeek.omron_fins.tcp_header": { "type": "keyword" },
-        "zeek.omron_fins.tcp_length": { "type": "long" },
-        "zeek.omron_fins.tcp_command": { "type": "keyword" },
-        "zeek.omron_fins.tcp_error_code": { "type": "keyword" },
-        "zeek.omron_fins.client_node_address": { "type": "long" },
-        "zeek.omron_fins.server_node_address": { "type": "long" },
-        "zeek.omron_fins.icf_gateway": { "type": "keyword" },
-        "zeek.omron_fins.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins.icf_response_setting": { "type": "keyword" },
-        "zeek.omron_fins.gateway_count": { "type": "long" },
-        "zeek.omron_fins.destination_network_address": { "type": "keyword" },
-        "zeek.omron_fins.destination_node_number": { "type": "keyword" },
-        "zeek.omron_fins.destination_unit_address": { "type": "keyword" },
-        "zeek.omron_fins.source_network_address": { "type": "keyword" },
-        "zeek.omron_fins.source_node_number": { "type": "keyword" },
-        "zeek.omron_fins.source_unit_address": { "type": "keyword" },
-        "zeek.omron_fins.service_id": { "type": "keyword" },
-        "zeek.omron_fins.command_code": { "type": "keyword" },
-        "zeek.omron_fins.response_code": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.command_code": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.icf_data_type": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.response_code": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.node_number": { "type": "long" },
-        "zeek.omron_fins_network_status_read.in_network": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.exit_status": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.polling": { "type": "keyword" },
+        "zeek.omron_fins_detail.test_data": { "type": "keyword" },
+        "zeek.omron_fins_detail.timer_size": { "type": "long" },
+        "zeek.omron_fins_detail.unit_address": { "type": "keyword" },
+        "zeek.omron_fins_error.beginning_record_no": { "type": "long" },
+        "zeek.omron_fins_error.error_code_1": { "type": "keyword" },
+        "zeek.omron_fins_error.error_code_2": { "type": "keyword" },
+        "zeek.omron_fins_error.error_reset_fal_no": { "type": "keyword" },
+        "zeek.omron_fins_error.max_no_stored_records": { "type": "long" },
+        "zeek.omron_fins_error.no_of_records": { "type": "long" },
+        "zeek.omron_fins_error.no_of_stored_records": { "type": "long" },
+        "zeek.omron_fins_file.beginning_address": { "type": "keyword" },
+        "zeek.omron_fins_file.beginning_block_no": { "type": "long" },
+        "zeek.omron_fins_file.beginning_file_position": { "type": "keyword" },
+        "zeek.omron_fins_file.beginning_word": { "type": "keyword" },
+        "zeek.omron_fins_file.block_no": { "type": "long" },
+        "zeek.omron_fins_file.control_data": { "type": "long" },
+        "zeek.omron_fins_file.data_length": { "type": "long" },
+        "zeek.omron_fins_file.data_type": { "type": "keyword" },
+        "zeek.omron_fins_file.disk_no": { "type": "long" },
+        "zeek.omron_fins_file.dst_disk_no": { "type": "long" },
+        "zeek.omron_fins_file.dst_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.file_capacity": { "type": "long" },
+        "zeek.omron_fins_file.file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.file_position": { "type": "long" },
+        "zeek.omron_fins_file.last_block": { "type": "keyword" },
+        "zeek.omron_fins_file.last_file": { "type": "keyword" },
+        "zeek.omron_fins_file.memory_area_code": { "type": "keyword" },
+        "zeek.omron_fins_file.memory_data": { "type": "keyword" },
+        "zeek.omron_fins_file.memory_type": { "type": "keyword" },
+        "zeek.omron_fins_file.new_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.no_files_read": { "type": "long" },
+        "zeek.omron_fins_file.no_of_blocks": { "type": "long" },
+        "zeek.omron_fins_file.no_of_bytes": { "type": "long" },
+        "zeek.omron_fins_file.no_of_files": { "type": "long" },
+        "zeek.omron_fins_file.no_of_items": { "type": "long" },
+        "zeek.omron_fins_file.no_of_words": { "type": "long" },
+        "zeek.omron_fins_file.old_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.parameter_area_code": { "type": "keyword" },
+        "zeek.omron_fins_file.parameter_code": { "type": "keyword" },
+        "zeek.omron_fins_file.program_no": { "type": "keyword" },
+        "zeek.omron_fins_file.protected": { "type": "keyword" },
+        "zeek.omron_fins_file.remaining_blocks": { "type": "long" },
+        "zeek.omron_fins_file.src_disk_no": { "type": "long" },
+        "zeek.omron_fins_file.src_file_name": { "type": "keyword" },
+        "zeek.omron_fins_file.total_capacity": { "type": "long" },
+        "zeek.omron_fins_file.total_no_files": { "type": "long" },
+        "zeek.omron_fins_file.total_no_of_blocks": { "type": "long" },
+        "zeek.omron_fins_file.unused_capacity": { "type": "long" },
+        "zeek.omron_fins_file.volume_label": { "type": "keyword" },
         "zeek.omron_fins_network_status_read.communication_cycle_time": { "type": "float" },
         "zeek.omron_fins_network_status_read.current_polling_node_number": { "type": "long" },
+        "zeek.omron_fins_network_status_read.cyclic_error_count": { "type": "long" },
         "zeek.omron_fins_network_status_read.cyclic_operation": { "type": "keyword" },
         "zeek.omron_fins_network_status_read.cyclic_transmission_status": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.exit_status": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.in_network": { "type": "keyword" },
+        "zeek.omron_fins_network_status_read.node_number": { "type": "long" },
         "zeek.omron_fins_network_status_read.non_fatal_error": { "type": "keyword" },
-        "zeek.omron_fins_network_status_read.cyclic_error_count": { "type": "long" },
+        "zeek.omron_fins_network_status_read.polling": { "type": "keyword" },
         "zeek.opcua_binary.encoding_mask": { "type": "long" },
         "zeek.opcua_binary.endpoint_url": { "type": "keyword" },
         "zeek.opcua_binary.error": { "type": "long" },
diff --git a/logstash/pipelines/zeek/1200_zeek_mutate.conf b/logstash/pipelines/zeek/1200_zeek_mutate.conf
index b7e8427b5..0ce07835b 100644
--- a/logstash/pipelines/zeek/1200_zeek_mutate.conf
+++ b/logstash/pipelines/zeek/1200_zeek_mutate.conf
@@ -1536,11 +1536,45 @@ filter {
 
     mutate {
       id => "mutate_rename_omron_fins_linkage_fields"
-      rename => { "[zeek][omron_fins_data_link_status_read][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_error][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_file][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_detail][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
-      rename => { "[zeek][omron_fins_network_status_read][omron_fins_link_id]" => "[zeek][omron_fins][omron_fins_link_id]" }
+      rename => { "[zeek][omron_fins][omron_fins_link_id]" => "[zeek][omron_fins][link_id]" }
+      rename => { "[zeek][omron_fins_data_link_status_read][omron_fins_link_id]" => "[zeek][omron_fins][link_id]" }
+      rename => { "[zeek][omron_fins_error][omron_fins_link_id]" => "[zeek][omron_fins][link_id]" }
+      rename => { "[zeek][omron_fins_file][omron_fins_link_id]" => "[zeek][omron_fins][link_id]" }
+      rename => { "[zeek][omron_fins_detail][omron_fins_link_id]" => "[zeek][omron_fins][link_id]" }
+      rename => { "[zeek][omron_fins_network_status_read][omron_fins_link_id]" => "[zeek][omron_fins][link_id]" }
+      rename => { "[zeek][omron_fins_data_link_status_read][response_code]" => "[zeek][omron_fins][response_code]" }
+      rename => { "[zeek][omron_fins_detail][response_code]" => "[zeek][omron_fins][response_code]" }
+      rename => { "[zeek][omron_fins_error][response_code]" => "[zeek][omron_fins][response_code]" }
+      rename => { "[zeek][omron_fins_file][response_code]" => "[zeek][omron_fins][response_code]" }
+      rename => { "[zeek][omron_fins_network_status_read][response_code]" => "[zeek][omron_fins][response_code]" }
+      rename => { "[zeek][omron_fins_data_link_status_read][command_code]" => "[zeek][omron_fins][command_code]" }
+      rename => { "[zeek][omron_fins_detail][command_code]" => "[zeek][omron_fins][command_code]" }
+      rename => { "[zeek][omron_fins_error][command_code]" => "[zeek][omron_fins][command_code]" }
+      rename => { "[zeek][omron_fins_file][command_code]" => "[zeek][omron_fins][command_code]" }
+      rename => { "[zeek][omron_fins_network_status_read][command_code]" => "[zeek][omron_fins][command_code]" }
+      rename => { "[zeek][omron_fins_data_link_status_read][icf_data_type]" => "[zeek][omron_fins][icf_data_type]" }
+      rename => { "[zeek][omron_fins_detail][icf_data_type]" => "[zeek][omron_fins][icf_data_type]" }
+      rename => { "[zeek][omron_fins_error][icf_data_type]" => "[zeek][omron_fins][icf_data_type]" }
+      rename => { "[zeek][omron_fins_file][icf_data_type]" => "[zeek][omron_fins][icf_data_type]" }
+      rename => { "[zeek][omron_fins_network_status_read][icf_data_type]" => "[zeek][omron_fins][icf_data_type]" }
+      rename => { "[zeek][omron_fins_detail][day]" => "[zeek][omron_fins][day]" }
+      rename => { "[zeek][omron_fins_detail][hour]" => "[zeek][omron_fins][hour]" }
+      rename => { "[zeek][omron_fins_detail][minute]" => "[zeek][omron_fins][minute]" }
+      rename => { "[zeek][omron_fins_detail][month]" => "[zeek][omron_fins][month]" }
+      rename => { "[zeek][omron_fins_detail][second]" => "[zeek][omron_fins][second]" }
+      rename => { "[zeek][omron_fins_detail][year]" => "[zeek][omron_fins][year]" }
+      rename => { "[zeek][omron_fins_error][day]" => "[zeek][omron_fins][day]" }
+      rename => { "[zeek][omron_fins_error][hour]" => "[zeek][omron_fins][hour]" }
+      rename => { "[zeek][omron_fins_error][minute]" => "[zeek][omron_fins][minute]" }
+      rename => { "[zeek][omron_fins_error][month]" => "[zeek][omron_fins][month]" }
+      rename => { "[zeek][omron_fins_error][second]" => "[zeek][omron_fins][second]" }
+      rename => { "[zeek][omron_fins_error][year]" => "[zeek][omron_fins][year]" }
+      rename => { "[zeek][omron_fins_file][day]" => "[zeek][omron_fins][day]" }
+      rename => { "[zeek][omron_fins_file][hour]" => "[zeek][omron_fins][hour]" }
+      rename => { "[zeek][omron_fins_file][minute]" => "[zeek][omron_fins][minute]" }
+      rename => { "[zeek][omron_fins_file][month]" => "[zeek][omron_fins][month]" }
+      rename => { "[zeek][omron_fins_file][second]" => "[zeek][omron_fins][second]" }
+      rename => { "[zeek][omron_fins_file][year]" => "[zeek][omron_fins][year]" }
     }
 
   } else if ([log_source] =~ /^opcua_binary/) {
diff --git a/logstash/pipelines/zeek/1300_zeek_normalize.conf b/logstash/pipelines/zeek/1300_zeek_normalize.conf
index 26508e412..99d4253b9 100644
--- a/logstash/pipelines/zeek/1300_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/1300_zeek_normalize.conf
@@ -531,6 +531,9 @@ filter {
   if ([zeek][ntp][mode_str])                     { mutate { id => "mutate_merge_normalize_zeek_ntp_mode_str"
                                                            merge => { "[event][action]" => "[zeek][ntp][mode_str]" } } }
 
+  if ([zeek][omron_fins][command_code])          { mutate { id => "mutate_merge_normalize_zeek_omron_fins_command_code"
+                                                            merge => { "[event][action]" => "[zeek][omron_fins][command_code]" } } }
+
   if ([zeek][ospf][ospf_type])                   { mutate { id => "mutate_merge_normalize_zeek_ospf_ospf_type"
                                                             merge => { "[event][action]" => "[zeek][ospf][ospf_type]" } } }
 
@@ -1096,6 +1099,23 @@ filter {
              merge => { "[event][result]" => "[@metadata][zeek_ntlm_result]" } }
   }
 
+  if ([zeek][omron_fins][response_code]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_response_code"
+                                                    merge => { "[event][result]" => "[zeek][omron_fins][response_code]" } } }
+  if ([zeek][omron_fins_data_link_status_read][error_status]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_data_link_status_read_error_status"
+                                                                         merge => { "[event][result]" => "[zeek][omron_fins_data_link_status_read][error_status]" } } }
+  if ([zeek][omron_fins_data_link_status_read][warning_status]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_data_link_status_read_warning_status"
+                                                                         merge => { "[event][result]" => "[zeek][omron_fins_data_link_status_read][warning_status]" } } }
+  if ([zeek][omron_fins_error][error_code_1]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_error_error_code_1"
+                                                         merge => { "[event][result]" => "[zeek][omron_fins_error][error_code_1]" } } }
+  if ([zeek][omron_fins_error][error_code_2]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_error_error_code_2"
+                                                         merge => { "[event][result]" => "[zeek][omron_fins_error][error_code_2]" } } }
+  if ([zeek][omron_fins_error][error_reset_fal_no]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_error_error_reset_fal_no"
+                                                               merge => { "[event][result]" => "[zeek][omron_fins_error][error_reset_fal_no]" } } }
+  if ([zeek][omron_fins_error][response_code]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_error_response_code"
+                                                          merge => { "[event][result]" => "[zeek][omron_fins_error][response_code]" } } }
+  if ([zeek][omron_fins_network_status_read][exit_status]) { mutate { id => "mutate_merge_normalize_zeek_omron_fins_network_status_read_exit_status"
+                                                                      merge => { "[event][result]" => "[zeek][omron_fins_network_status_read][exit_status]" } } }
+
   if ([zeek][opcua_binary][error] or [zeek][opcua_binary][reason]) {
     ruby {
       # result = error:reason
diff --git a/logstash/pipelines/zeek/1400_zeek_convert.conf b/logstash/pipelines/zeek/1400_zeek_convert.conf
index d6e54f09e..9020f7729 100644
--- a/logstash/pipelines/zeek/1400_zeek_convert.conf
+++ b/logstash/pipelines/zeek/1400_zeek_convert.conf
@@ -138,6 +138,32 @@ filter {
     }
   }
 
+  if ([zeek][omron_fins_detail][clock_time]) {
+    if ([zeek][omron_fins_detail][clock_time] == "0.000000") {
+      mutate { id => "mutate_remove_field_zeek_omron_fins_detail_clock_time_zero"
+               remove_field => [ "[zeek][omron_fins_detail][clock_time]" ] }
+    } else {
+      date {
+        id => "date_zeek_omron_fins_detail_clock_time"
+        match => [ "[zeek][omron_fins_detail][clock_time]", "UNIX" ]
+        target => "[zeek][omron_fins_detail][clock_time]"
+      }
+    }
+  }
+
+  if ([zeek][omron_fins_detail][date]) {
+    if ([zeek][omron_fins_detail][date] == "0.000000") {
+      mutate { id => "mutate_remove_field_zeek_omron_fins_detail_date_zero"
+               remove_field => [ "[zeek][omron_fins_detail][date]" ] }
+    } else {
+      date {
+        id => "date_zeek_omron_fins_detail_date"
+        match => [ "[zeek][omron_fins_detail][date]", "UNIX" ]
+        target => "[zeek][omron_fins_detail][date]"
+      }
+    }
+  }
+
   if ([zeek][opcua_binary][req_hdr_timestamp]) {
     if ([zeek][opcua_binary][req_hdr_timestamp] == "0.000000") {
       mutate { id => "mutate_remove_zeek_opcua_binary_req_hdr_timestamp"

From 0ca98c0775dc004855bfee366a77af4ab33aed4d Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 14:11:55 -0700
Subject: [PATCH 45/53] WIP omron fins integration, cisagov/Malcolm#554

---
 Dockerfiles/zeek.Dockerfile                        |  6 ++++--
 config/zeek.env.example                            |  2 ++
 .../includes.chroot/usr/local/etc/zeek/local.zeek  | 14 ++++++++++++++
 .../interface/sensor_ctl/control_vars.conf         |  2 ++
 logstash/pipelines/zeek/1171_zeek_omron_fins.conf  |  2 --
 zeek/config/local.zeek                             | 14 ++++++++++++++
 6 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/Dockerfiles/zeek.Dockerfile b/Dockerfiles/zeek.Dockerfile
index 0515e0a0a..0f98f5921 100644
--- a/Dockerfiles/zeek.Dockerfile
+++ b/Dockerfiles/zeek.Dockerfile
@@ -190,9 +190,9 @@ RUN mkdir -p /tmp/logs && \
     export ZEEK_THIRD_PARTY_PLUGINS_COUNT=$(echo "$ZEEK_THIRD_PARTY_PLUGINS_GREP" | grep -P -o "\([^)]+\)" | head -n 1 | sed "s/^(//" | sed "s/)$//" | tr '|' '\n' | wc -l) && \
     export ZEEK_THIRD_PARTY_SCRIPTS_COUNT=$(echo "$ZEEK_THIRD_PARTY_SCRIPTS_GREP" | grep -P -o "\([^)]+\)" | head -n 1 | sed "s/^(//" | sed "s/)$//" | tr '|' '\n' | wc -l) && \
     "$ZEEK_DIR"/bin/zeek-offline -NN local >zeeknn.log 2>/dev/null && \
-      bash -c "(( $(grep -cP "$ZEEK_THIRD_PARTY_PLUGINS_GREP" zeeknn.log) >= $ZEEK_THIRD_PARTY_PLUGINS_COUNT)) && echo $ZEEK_THIRD_PARTY_PLUGINS_COUNT' Zeek plugins loaded correctly' || (echo 'One or more Zeek plugins did not load correctly' && cat zeeknn.log && exit 1)" && \
+      bash -c "(( $(grep -cP "$ZEEK_THIRD_PARTY_PLUGINS_GREP" zeeknn.log) >= $ZEEK_THIRD_PARTY_PLUGINS_COUNT )) && echo $ZEEK_THIRD_PARTY_PLUGINS_COUNT' Zeek plugins loaded correctly' || (echo 'One or more Zeek plugins did not load correctly' && cat zeeknn.log && exit 1)" && \
     "$ZEEK_DIR"/bin/zeek-offline -C -r /tmp/pcaps/udp.pcap local policy/misc/loaded-scripts >loaded_scripts.log 2>/dev/null && \
-      bash -c "(( $(grep -cP "$ZEEK_THIRD_PARTY_SCRIPTS_GREP" loaded_scripts.log) == $ZEEK_THIRD_PARTY_SCRIPTS_COUNT)) && echo $ZEEK_THIRD_PARTY_SCRIPTS_COUNT' Zeek scripts loaded correctly' || (echo 'One or more Zeek scripts did not load correctly' && cat loaded_scripts.log && exit 1)" && \
+      bash -c "(( $(grep -cP "$ZEEK_THIRD_PARTY_SCRIPTS_GREP" loaded_scripts.log) == $ZEEK_THIRD_PARTY_SCRIPTS_COUNT )) && echo $ZEEK_THIRD_PARTY_SCRIPTS_COUNT' Zeek scripts loaded correctly' || (echo 'One or more Zeek scripts did not load correctly' && cat loaded_scripts.log && exit 1)" && \
     cd /tmp && \
     rm -rf /tmp/logs /tmp/pcaps
 
@@ -267,6 +267,7 @@ ARG ZEEK_DISABLE_SPICY_TAILSCALE=
 ARG ZEEK_DISABLE_SPICY_TFTP=
 ARG ZEEK_DISABLE_SPICY_WIREGUARD=
 ARG ZEEK_SYNCHROPHASOR_DETAILED=
+ARG ZEEK_OMRON_FINS_DETAILED=true
 ARG ZEEK_KAFKA_ENABLED=
 ARG ZEEK_KAFKA_BROKERS=kafka.local:9091
 ARG ZEEK_KAFKA_TOPIC=zeek
@@ -288,6 +289,7 @@ ENV ZEEK_DISABLE_SPICY_TAILSCALE $ZEEK_DISABLE_SPICY_TAILSCALE
 ENV ZEEK_DISABLE_SPICY_TFTP $ZEEK_DISABLE_SPICY_TFTP
 ENV ZEEK_DISABLE_SPICY_WIREGUARD $ZEEK_DISABLE_SPICY_WIREGUARD
 ENV ZEEK_SYNCHROPHASOR_DETAILED $ZEEK_SYNCHROPHASOR_DETAILED
+ENV ZEEK_OMRON_FINS_DETAILED $ZEEK_OMRON_FINS_DETAILED
 ENV ZEEK_KAFKA_ENABLED $ZEEK_KAFKA_ENABLED
 ENV ZEEK_KAFKA_BROKERS $ZEEK_KAFKA_BROKERS
 ENV ZEEK_KAFKA_TOPIC $ZEEK_KAFKA_TOPIC
diff --git a/config/zeek.env.example b/config/zeek.env.example
index 5c69531bf..51a52aca1 100644
--- a/config/zeek.env.example
+++ b/config/zeek.env.example
@@ -88,6 +88,7 @@ ZEEK_DISABLE_ICS_ETHERCAT=
 ZEEK_DISABLE_ICS_GENISYS=true
 ZEEK_DISABLE_ICS_GE_SRTP=true
 ZEEK_DISABLE_ICS_HART_IP=
+ZEEK_DISABLE_ICS_OMRON_FINS=
 ZEEK_DISABLE_ICS_OPCUA_BINARY=
 ZEEK_DISABLE_ICS_MODBUS=
 ZEEK_DISABLE_ICS_PROFINET=
@@ -96,6 +97,7 @@ ZEEK_DISABLE_ICS_S7COMM=
 ZEEK_DISABLE_ICS_SYNCHROPHASOR=
 ZEEK_SYNCHROPHASOR_PORTS=
 ZEEK_SYNCHROPHASOR_DETAILED=
+ZEEK_OMRON_FINS_DETAILED=true
 ZEEK_GENISYS_PORTS=
 ZEEK_ENIP_PORTS=
 ZEEK_DISABLE_BEST_GUESS_ICS=true
diff --git a/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek b/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek
index 4f697c2c9..aa8dce339 100644
--- a/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek
+++ b/hedgehog-iso/config/includes.chroot/usr/local/etc/zeek/local.zeek
@@ -13,6 +13,7 @@ global disable_ssl_validate_certs = (getenv("ZEEK_DISABLE_SSL_VALIDATE_CERTS") =
 global disable_track_all_assets = (getenv("ZEEK_DISABLE_TRACK_ALL_ASSETS") == true_regex) ? T : F;
 global disable_best_guess_ics = (getenv("ZEEK_DISABLE_BEST_GUESS_ICS") == true_regex) ? T : F;
 global disable_detect_routers = (getenv("ZEEK_DISABLE_DETECT_ROUTERS") == true_regex) ? T : F;
+global omron_fins_detailed = (getenv("ZEEK_OMRON_FINS_DETAILED") == true_regex) ? T : F;
 global synchrophasor_detailed = (getenv("ZEEK_SYNCHROPHASOR_DETAILED") == true_regex) ? T : F;
 global synchrophasor_ports_str = getenv("ZEEK_SYNCHROPHASOR_PORTS");
 global genisys_ports_str = getenv("ZEEK_GENISYS_PORTS");
@@ -38,6 +39,7 @@ global disable_ics_ethercat = (getenv("ZEEK_DISABLE_ICS_ETHERCAT") == true_regex
 global disable_ics_genisys = (getenv("ZEEK_DISABLE_ICS_GENISYS") == true_regex) ? T : F;
 global disable_ics_ge_srtp = (getenv("ZEEK_DISABLE_ICS_GE_SRTP") == true_regex) ? T : F;
 global disable_ics_hart_ip = (getenv("ZEEK_DISABLE_ICS_HART_IP") == true_regex) ? T : F;
+global disable_ics_omron_fins = (getenv("ZEEK_DISABLE_ICS_OMRON_FINS") == true_regex) ? T : F;
 global disable_ics_opcua_binary = (getenv("ZEEK_DISABLE_ICS_OPCUA_BINARY") == true_regex) ? T : F;
 global disable_ics_modbus = (getenv("ZEEK_DISABLE_ICS_MODBUS") == true_regex) ? T : F;
 global disable_ics_profinet = (getenv("ZEEK_DISABLE_ICS_PROFINET") == true_regex) ? T : F;
@@ -168,6 +170,10 @@ event zeek_init() &priority=-5 {
   if (disable_ics_all || disable_ics_modbus) {
     Analyzer::disable_analyzer(Analyzer::ANALYZER_MODBUS);
   }
+  if (disable_ics_all || disable_ics_omron_fins) {
+    Spicy::disable_protocol_analyzer(Analyzer::ANALYZER_OMRON_FINS_TCP);
+    Spicy::disable_protocol_analyzer(Analyzer::ANALYZER_OMRON_FINS_UDP);
+  }
   if (disable_ics_all || disable_ics_profinet) {
     Analyzer::disable_analyzer(Analyzer::ANALYZER_PROFINET);
   }
@@ -319,6 +325,14 @@ redef CVE_2021_44228::log = F;
       break;
   }
 @endif
+@if ((!disable_ics_all) && (!disable_ics_omron_fins) && (!omron_fins_detailed))
+  hook OMRON_FINS::log_policy_detail(
+    rec : OMRON_FINS::detail_log,
+    id : Log::ID,
+    filter : Log::Filter) {
+      break;
+  }
+@endif
 
 ##! Other logs we're just disabling unilaterally
 
diff --git a/hedgehog-iso/interface/sensor_ctl/control_vars.conf b/hedgehog-iso/interface/sensor_ctl/control_vars.conf
index d5249ff11..d5806e1b1 100644
--- a/hedgehog-iso/interface/sensor_ctl/control_vars.conf
+++ b/hedgehog-iso/interface/sensor_ctl/control_vars.conf
@@ -140,6 +140,7 @@ export ZEEK_DISABLE_ICS_GENISYS=true
 export ZEEK_DISABLE_ICS_GE_SRTP=true
 export ZEEK_DISABLE_ICS_HART_IP=
 export ZEEK_DISABLE_ICS_OPCUA_BINARY=
+export ZEEK_DISABLE_ICS_OMRON_FINS=
 export ZEEK_DISABLE_ICS_MODBUS=
 export ZEEK_DISABLE_ICS_PROFINET=
 export ZEEK_DISABLE_ICS_PROFINET_IO_CM=
@@ -148,6 +149,7 @@ export ZEEK_DISABLE_ICS_SYNCHROPHASOR=
 export ZEEK_JA4SSH_PACKET_COUNT=200
 export ZEEK_SYNCHROPHASOR_PORTS=
 export ZEEK_SYNCHROPHASOR_DETAILED=
+export ZEEK_OMRON_FINS_DETAILED=true
 export ZEEK_GENISYS_PORTS=
 export ZEEK_ENIP_PORTS=
 export ZEEK_DISABLE_BEST_GUESS_ICS=true
diff --git a/logstash/pipelines/zeek/1171_zeek_omron_fins.conf b/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
index 91780d586..ae82091d6 100644
--- a/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
+++ b/logstash/pipelines/zeek/1171_zeek_omron_fins.conf
@@ -165,8 +165,6 @@ filter {
     mutate {
       id => "mutate_add_fields_zeek_omron_fins"
       add_field => { "[zeek_cols][service]" => "omron_fins" }
-      # TODO: when omron_fins_general.log fixes its useless proto field, remove this
-      remove_field => [ "[zeek_cols][proto]" ]
       add_tag => [ "ics" ]
     }
 
diff --git a/zeek/config/local.zeek b/zeek/config/local.zeek
index ac8167e1d..be877c14e 100644
--- a/zeek/config/local.zeek
+++ b/zeek/config/local.zeek
@@ -13,6 +13,7 @@ global disable_ssl_validate_certs = (getenv("ZEEK_DISABLE_SSL_VALIDATE_CERTS") =
 global disable_track_all_assets = (getenv("ZEEK_DISABLE_TRACK_ALL_ASSETS") == true_regex) ? T : F;
 global disable_best_guess_ics = (getenv("ZEEK_DISABLE_BEST_GUESS_ICS") == true_regex) ? T : F;
 global disable_detect_routers = (getenv("ZEEK_DISABLE_DETECT_ROUTERS") == true_regex) ? T : F;
+global omron_fins_detailed = (getenv("ZEEK_OMRON_FINS_DETAILED") == true_regex) ? T : F;
 global synchrophasor_detailed = (getenv("ZEEK_SYNCHROPHASOR_DETAILED") == true_regex) ? T : F;
 global synchrophasor_ports_str = getenv("ZEEK_SYNCHROPHASOR_PORTS");
 global genisys_ports_str = getenv("ZEEK_GENISYS_PORTS");
@@ -38,6 +39,7 @@ global disable_ics_ethercat = (getenv("ZEEK_DISABLE_ICS_ETHERCAT") == true_regex
 global disable_ics_genisys = (getenv("ZEEK_DISABLE_ICS_GENISYS") == true_regex) ? T : F;
 global disable_ics_ge_srtp = (getenv("ZEEK_DISABLE_ICS_GE_SRTP") == true_regex) ? T : F;
 global disable_ics_hart_ip = (getenv("ZEEK_DISABLE_ICS_HART_IP") == true_regex) ? T : F;
+global disable_ics_omron_fins = (getenv("ZEEK_DISABLE_ICS_OMRON_FINS") == true_regex) ? T : F;
 global disable_ics_opcua_binary = (getenv("ZEEK_DISABLE_ICS_OPCUA_BINARY") == true_regex) ? T : F;
 global disable_ics_modbus = (getenv("ZEEK_DISABLE_ICS_MODBUS") == true_regex) ? T : F;
 global disable_ics_profinet = (getenv("ZEEK_DISABLE_ICS_PROFINET") == true_regex) ? T : F;
@@ -168,6 +170,10 @@ event zeek_init() &priority=-5 {
   if (disable_ics_all || disable_ics_modbus) {
     Analyzer::disable_analyzer(Analyzer::ANALYZER_MODBUS);
   }
+  if (disable_ics_all || disable_ics_omron_fins) {
+    Spicy::disable_protocol_analyzer(Analyzer::ANALYZER_OMRON_FINS_TCP);
+    Spicy::disable_protocol_analyzer(Analyzer::ANALYZER_OMRON_FINS_UDP);
+  }
   if (disable_ics_all || disable_ics_profinet) {
     Analyzer::disable_analyzer(Analyzer::ANALYZER_PROFINET);
   }
@@ -319,6 +325,14 @@ redef CVE_2021_44228::log = F;
       break;
   }
 @endif
+@if ((!disable_ics_all) && (!disable_ics_omron_fins) && (!omron_fins_detailed))
+  hook OMRON_FINS::log_policy_detail(
+    rec : OMRON_FINS::detail_log,
+    id : Log::ID,
+    filter : Log::Filter) {
+      break;
+  }
+@endif
 
 ##! Other logs we're just disabling unilaterally
 

From 2f5a02200d9e30b0ac75d5b6412b4b9a878b1332 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 15:43:28 -0700
Subject: [PATCH 46/53] WIP omron fins integration, cisagov/Malcolm#554

---
 arkime/etc/config.ini                         |  14 +-
 .../c899f8b0-d36b-11ef-b619-17836b3bbf47.json | 248 ++++++++++++++++--
 .../composable/component/zeek_ot.json         |  14 +-
 .../pipelines/zeek/1300_zeek_normalize.conf   |  10 +-
 4 files changed, 251 insertions(+), 35 deletions(-)

diff --git a/arkime/etc/config.ini b/arkime/etc/config.ini
index f23f56cf6..a1e62b213 100644
--- a/arkime/etc/config.ini
+++ b/arkime/etc/config.ini
@@ -1538,7 +1538,7 @@ zeek.omron_fins_detail.beginning_word=db:zeek.omron_fins_detail.beginning_word;g
 zeek.omron_fins_detail.number_of_words=db:zeek.omron_fins_detail.number_of_words;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:number_of_words;help:number_of_words
 zeek.omron_fins_detail.last_word_bit=db:zeek.omron_fins_detail.last_word_bit;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:last_word_bit;help:last_word_bit
 zeek.omron_fins_detail.data=db:zeek.omron_fins_detail.data;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:data;help:data
-zeek.omron_fins_detail.date=db:zeek.omron_fins_detail.date;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:date;help:date
+zeek.omron_fins_detail.date=db:zeek.omron_fins_detail.date;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:date;help:date
 zeek.omron_fins_detail.clock_time=db:zeek.omron_fins_detail.clock_time;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:clock_time;help:clock_time
 zeek.omron_fins_detail.intelligent_id_no=db:zeek.omron_fins_detail.intelligent_id_no;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:intelligent_id_no;help:intelligent_id_no
 zeek.omron_fins_detail.first_word=db:zeek.omron_fins_detail.first_word;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:first_word;help:first_word
@@ -1666,12 +1666,12 @@ zeek.omron_fins.source_unit_address=db:zeek.omron_fins.source_unit_address;group
 zeek.omron_fins.service_id=db:zeek.omron_fins.service_id;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:service_id;help:service_id
 zeek.omron_fins.command_code=db:zeek.omron_fins.command_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:command_code;help:command_code
 zeek.omron_fins.response_code=db:zeek.omron_fins.response_code;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:response_code;help:response_code
-zeek.omron_fins.minute=db:zeek.omron_fins.minute;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:minute;help:minute
-zeek.omron_fins.second=db:zeek.omron_fins.second;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:second;help:second
-zeek.omron_fins.day=db:zeek.omron_fins.day;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:day;help:day
-zeek.omron_fins.hour=db:zeek.omron_fins.hour;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:hour;help:hour
-zeek.omron_fins.year=db:zeek.omron_fins.year;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:year;help:year
-zeek.omron_fins.month=db:zeek.omron_fins.month;group:zeek_omron_fins;kind:integer;viewerOnly:true;friendly:month;help:month
+zeek.omron_fins.minute=db:zeek.omron_fins.minute;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:minute;help:minute
+zeek.omron_fins.second=db:zeek.omron_fins.second;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:second;help:second
+zeek.omron_fins.day=db:zeek.omron_fins.day;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:day;help:day
+zeek.omron_fins.hour=db:zeek.omron_fins.hour;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:hour;help:hour
+zeek.omron_fins.year=db:zeek.omron_fins.year;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:year;help:year
+zeek.omron_fins.month=db:zeek.omron_fins.month;group:zeek_omron_fins;kind:termfield;viewerOnly:true;friendly:month;help:month
 
 
 # omron_fins_network_status_read.log
diff --git a/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json b/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
index 17a5a96de..f88b33573 100644
--- a/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
+++ b/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
@@ -8,7 +8,7 @@
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
         },
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":31,\"i\":\"93a55ef0-2531-4e0f-b541-007b15675877\"},\"panelIndex\":\"93a55ef0-2531-4e0f-b541-007b15675877\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":31,\"i\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\"},\"panelIndex\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":14,\"i\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\"},\"panelIndex\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":16,\"y\":14,\"w\":10,\"h\":17,\"i\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\"},\"panelIndex\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":26,\"y\":14,\"w\":11,\"h\":17,\"i\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\"},\"panelIndex\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":29,\"i\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\"},\"panelIndex\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]",
+        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"93a55ef0-2531-4e0f-b541-007b15675877\"},\"panelIndex\":\"93a55ef0-2531-4e0f-b541-007b15675877\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":10,\"h\":33,\"i\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\"},\"panelIndex\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":14,\"i\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\"},\"panelIndex\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":18,\"y\":14,\"w\":30,\"h\":19,\"i\":\"8af980bf-56dd-4d6e-b7bf-8edf0d2fb319\"},\"panelIndex\":\"8af980bf-56dd-4d6e-b7bf-8edf0d2fb319\",\"embeddableConfig\":{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":9,\"h\":19,\"i\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\"},\"panelIndex\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":9,\"y\":33,\"w\":10,\"h\":19,\"i\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\"},\"panelIndex\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":19,\"y\":33,\"w\":17,\"h\":19,\"i\":\"f470af29-165f-405f-b7d7-645daa139a33\"},\"panelIndex\":\"f470af29-165f-405f-b7d7-645daa139a33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":36,\"y\":33,\"w\":12,\"h\":19,\"i\":\"a98fe06a-c49c-47ee-a696-555df58f7fbb\"},\"panelIndex\":\"a98fe06a-c49c-47ee-a696-555df58f7fbb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":13,\"h\":19,\"i\":\"daf32d2d-164d-418a-b1f1-1f329ce71ff0\"},\"panelIndex\":\"daf32d2d-164d-418a-b1f1-1f329ce71ff0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":13,\"y\":52,\"w\":16,\"h\":19,\"i\":\"140856ec-a808-4b4d-b576-083f94388bf5\"},\"panelIndex\":\"140856ec-a808-4b4d-b576-083f94388bf5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":29,\"y\":52,\"w\":19,\"h\":19,\"i\":\"15fb5c1b-0f41-42fc-9bb5-06402e78e215\"},\"panelIndex\":\"15fb5c1b-0f41-42fc-9bb5-06402e78e215\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":29,\"i\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\"},\"panelIndex\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
         "timeRestore": false,
         "title": "Omron FINS",
         "version": 1
@@ -37,24 +37,54 @@
           "type": "visualization"
         },
         {
-          "id": "9dcfba60-d36c-11ef-b619-17836b3bbf47",
+          "id": "801920a0-d38b-11ef-8ae2-0dd19e7f01ed",
           "name": "panel_3",
           "type": "visualization"
         },
         {
-          "id": "d44dec60-d36c-11ef-b619-17836b3bbf47",
+          "id": "9dcfba60-d36c-11ef-b619-17836b3bbf47",
           "name": "panel_4",
           "type": "visualization"
         },
         {
-          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "id": "d44dec60-d36c-11ef-b619-17836b3bbf47",
           "name": "panel_5",
+          "type": "visualization"
+        },
+        {
+          "id": "5a1a7eb0-d38d-11ef-8ae2-0dd19e7f01ed",
+          "name": "panel_6",
+          "type": "visualization"
+        },
+        {
+          "id": "685f7d80-d38e-11ef-8ae2-0dd19e7f01ed",
+          "name": "panel_7",
+          "type": "visualization"
+        },
+        {
+          "id": "5c20abc0-d389-11ef-b66a-3bee4dc3b330",
+          "name": "panel_8",
+          "type": "visualization"
+        },
+        {
+          "id": "d4ac0ef0-d38d-11ef-8ae2-0dd19e7f01ed",
+          "name": "panel_9",
+          "type": "visualization"
+        },
+        {
+          "id": "27315d80-d391-11ef-8ae2-0dd19e7f01ed",
+          "name": "panel_10",
+          "type": "visualization"
+        },
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "panel_11",
           "type": "search"
         }
       ],
       "type": "dashboard",
-      "updated_at": "2025-01-15T18:17:04.667Z",
-      "version": "WzEwODgsMV0="
+      "updated_at": "2025-01-15T22:37:50.583Z",
+      "version": "WzEwOTQsMV0="
     },
     {
       "attributes": {
@@ -76,8 +106,8 @@
       ],
       "references": [],
       "type": "visualization",
-      "updated_at": "2025-01-15T17:59:42.815Z",
-      "version": "WzEwNjIsMV0="
+      "updated_at": "2025-01-15T21:49:43.578Z",
+      "version": "WzEwNzAsMV0="
     },
     {
       "attributes": {
@@ -106,8 +136,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T18:12:13.594Z",
-      "version": "WzEwODQsMV0="
+      "updated_at": "2025-01-15T21:49:15.240Z",
+      "version": "Wzc2NiwxXQ=="
     },
     {
       "attributes": {
@@ -136,8 +166,38 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T18:13:56.577Z",
-      "version": "WzEwODUsMV0="
+      "updated_at": "2025-01-15T21:49:15.240Z",
+      "version": "Wzc2NywxXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Action and Result",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Action and Result\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.result\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Result\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "801920a0-d38b-11ef-8ae2-0dd19e7f01ed",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T21:55:57.482Z",
+      "version": "WzEwODEsMV0="
     },
     {
       "attributes": {
@@ -166,8 +226,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T18:14:52.934Z",
-      "version": "WzEwODYsMV0="
+      "updated_at": "2025-01-15T21:49:15.240Z",
+      "version": "Wzc2OSwxXQ=="
     },
     {
       "attributes": {
@@ -196,16 +256,166 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T18:16:24.358Z",
-      "version": "WzEwODcsMV0="
+      "updated_at": "2025-01-15T21:49:15.240Z",
+      "version": "Wzc3MCwxXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Controller Model and Version",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Controller Model and Version\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins_detail.controller_model\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Controller Model\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins_detail.controller_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Controller Version\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"
+      },
+      "id": "5a1a7eb0-d38d-11ef-8ae2-0dd19e7f01ed",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T22:09:12.731Z",
+      "version": "WzEwODMsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Files/Volumes",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":1,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Files/Volumes\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Volume Label\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "685f7d80-d38e-11ef-8ae2-0dd19e7f01ed",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T22:23:30.148Z",
+      "version": "WzEwOTAsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Transport Protocol",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Transport Protocol\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Transport Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
+      },
+      "id": "5c20abc0-d389-11ef-b66a-3bee4dc3b330",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T21:49:15.240Z",
+      "version": "Wzc2OCwxXQ=="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Data Type",
+        "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Data Type\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.icf_data_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"
+      },
+      "id": "d4ac0ef0-d38d-11ef-8ae2-0dd19e7f01ed",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T22:12:38.367Z",
+      "version": "WzEwODUsMV0="
+    },
+    {
+      "attributes": {
+        "description": "",
+        "kibanaSavedObjectMeta": {
+          "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
+        },
+        "savedSearchRefName": "search_0",
+        "title": "Omron FINS - Address, Node, and Unit",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":6,\"direction\":\"desc\"}}}",
+        "version": 1,
+        "visState": "{\"title\":\"Omron FINS - Address, Node, and Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_network_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Net Addr\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_node_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Node Num\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_unit_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Unit Addr\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_network_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Net Addr\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_node_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Node Num\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_unit_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Unit Addr\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+      },
+      "id": "27315d80-d391-11ef-8ae2-0dd19e7f01ed",
+      "migrationVersion": {
+        "visualization": "7.10.0"
+      },
+      "namespaces": [
+        "default"
+      ],
+      "references": [
+        {
+          "id": "ddec0a50-d36b-11ef-b619-17836b3bbf47",
+          "name": "search_0",
+          "type": "search"
+        }
+      ],
+      "type": "visualization",
+      "updated_at": "2025-01-15T22:36:25.304Z",
+      "version": "WzEwOTMsMV0="
     },
     {
       "attributes": {
         "columns": [
           "event.dataset",
+          "network.transport",
           "source.ip",
           "destination.ip",
-          "zeek.omron_fins.icf_data_type",
           "event.action",
           "event.result",
           "zeek.omron_fins.link_id",
@@ -235,8 +445,8 @@
         }
       ],
       "type": "search",
-      "updated_at": "2025-01-15T18:09:30.997Z",
-      "version": "WzEwODMsMV0="
+      "updated_at": "2025-01-15T21:49:15.240Z",
+      "version": "Wzc3MSwxXQ=="
     }
   ],
   "version": "2.18.0"
diff --git a/dashboards/templates/composable/component/zeek_ot.json b/dashboards/templates/composable/component/zeek_ot.json
index 3bac50e6a..4a54b755a 100644
--- a/dashboards/templates/composable/component/zeek_ot.json
+++ b/dashboards/templates/composable/component/zeek_ot.json
@@ -858,20 +858,20 @@
         "zeek.modbus_read_write_multiple_registers.write_start_address": { "type": "integer" },
         "zeek.omron_fins.client_node_address": { "type": "long" },
         "zeek.omron_fins.command_code": { "type": "keyword" },
-        "zeek.omron_fins.day": { "type": "long" },
+        "zeek.omron_fins.day": { "type": "keyword" },
         "zeek.omron_fins.destination_network_address": { "type": "keyword" },
         "zeek.omron_fins.destination_node_number": { "type": "keyword" },
         "zeek.omron_fins.destination_unit_address": { "type": "keyword" },
         "zeek.omron_fins.gateway_count": { "type": "long" },
-        "zeek.omron_fins.hour": { "type": "long" },
+        "zeek.omron_fins.hour": { "type": "keyword" },
         "zeek.omron_fins.icf_data_type": { "type": "keyword" },
         "zeek.omron_fins.icf_gateway": { "type": "keyword" },
         "zeek.omron_fins.icf_response_setting": { "type": "keyword" },
         "zeek.omron_fins.link_id": { "type": "keyword" },
-        "zeek.omron_fins.minute": { "type": "long" },
-        "zeek.omron_fins.month": { "type": "long" },
+        "zeek.omron_fins.minute": { "type": "keyword" },
+        "zeek.omron_fins.month": { "type": "keyword" },
         "zeek.omron_fins.response_code": { "type": "keyword" },
-        "zeek.omron_fins.second": { "type": "long" },
+        "zeek.omron_fins.second": { "type": "keyword" },
         "zeek.omron_fins.server_node_address": { "type": "long" },
         "zeek.omron_fins.service_id": { "type": "keyword" },
         "zeek.omron_fins.source_network_address": { "type": "keyword" },
@@ -881,7 +881,7 @@
         "zeek.omron_fins.tcp_error_code": { "type": "keyword" },
         "zeek.omron_fins.tcp_header": { "type": "keyword" },
         "zeek.omron_fins.tcp_length": { "type": "long" },
-        "zeek.omron_fins.year": { "type": "long" },
+        "zeek.omron_fins.year": { "type": "keyword" },
         "zeek.omron_fins_data_link_status_read.data_links": { "type": "keyword" },
         "zeek.omron_fins_data_link_status_read.error_status": { "type": "keyword" },
         "zeek.omron_fins_data_link_status_read.master_node_number": { "type": "long" },
@@ -916,7 +916,7 @@
         "zeek.omron_fins_detail.cycle_time_read_parameter": { "type": "keyword" },
         "zeek.omron_fins_detail.data": { "type": "keyword" },
         "zeek.omron_fins_detail.data_length": { "type": "keyword" },
-        "zeek.omron_fins_detail.date": { "type": "long" },
+        "zeek.omron_fins_detail.date": { "type": "date" },
         "zeek.omron_fins_detail.error_message": { "type": "keyword" },
         "zeek.omron_fins_detail.expansion_dm_size": { "type": "long" },
         "zeek.omron_fins_detail.fal_fals_0": { "type": "keyword" },
diff --git a/logstash/pipelines/zeek/1300_zeek_normalize.conf b/logstash/pipelines/zeek/1300_zeek_normalize.conf
index 99d4253b9..ba529dd71 100644
--- a/logstash/pipelines/zeek/1300_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/1300_zeek_normalize.conf
@@ -1522,11 +1522,17 @@ filter {
   if ([zeek][http][resp_filenames])              { mutate { id => "mutate_merge_normalize_zeek_http_resp_filenames"
                                                            merge => { "[file][path]" => "[zeek][http][resp_filenames]" } } }
 
+  if ([zeek][http][resp_filenames])              { mutate { id => "mutate_merge_normalize_zeek_http_resp_filenames"
+                                                           merge => { "[file][path]" => "[zeek][http][resp_filenames]" } } }
+
   if ([zeek][s7comm_upload_download][filename])  { mutate { id => "mutate_merge_normalize_zeek_s7comm_upload_download_filename"
                                                             merge => { "[file][path]" => "[zeek][s7comm_upload_download][filename]" } } }
 
-  if ([zeek][tftp][fname])                       { mutate { id => "mutate_merge_normalize_zeek_tftp_fname"
-                                                           merge => { "[file][path]" => "[zeek][tftp][fname]" } } }
+  if ([zeek][omron_fins_file][volume_label])     { mutate { id => "mutate_merge_normalize_zeek_omron_fins_file_volume_label"
+                                                            merge => { "[file][path]" => "[zeek][omron_fins_file][volume_label]" } } }
+
+  if ([zeek][omron_fins_file][file_name])        { mutate { id => "mutate_merge_normalize_zeek_omron_fins_file_file_name"
+                                                            merge => { "[file][path]" => "[zeek][omron_fins_file][file_name]" } } }
 
   # as we already did a bunch of work parsing out smb.host, smb.share and smb.filename in 12_zeek_mutate.conf, use those here as well
   # this should cover smb_files, smb_cmd and smb_mapping

From 9503a4d2b0d3877cf5dc4bf264df70a03c8c474a Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 15:49:34 -0700
Subject: [PATCH 47/53] WIP omron fins integration, cisagov/Malcolm#554

---
 logstash/pipelines/zeek/1300_zeek_normalize.conf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/logstash/pipelines/zeek/1300_zeek_normalize.conf b/logstash/pipelines/zeek/1300_zeek_normalize.conf
index ba529dd71..9028fcc6d 100644
--- a/logstash/pipelines/zeek/1300_zeek_normalize.conf
+++ b/logstash/pipelines/zeek/1300_zeek_normalize.conf
@@ -1522,9 +1522,6 @@ filter {
   if ([zeek][http][resp_filenames])              { mutate { id => "mutate_merge_normalize_zeek_http_resp_filenames"
                                                            merge => { "[file][path]" => "[zeek][http][resp_filenames]" } } }
 
-  if ([zeek][http][resp_filenames])              { mutate { id => "mutate_merge_normalize_zeek_http_resp_filenames"
-                                                           merge => { "[file][path]" => "[zeek][http][resp_filenames]" } } }
-
   if ([zeek][s7comm_upload_download][filename])  { mutate { id => "mutate_merge_normalize_zeek_s7comm_upload_download_filename"
                                                             merge => { "[file][path]" => "[zeek][s7comm_upload_download][filename]" } } }
 

From 5d8fed7ad4cede73dd973e6be28708a2d0be04e5 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Wed, 15 Jan 2025 16:17:44 -0700
Subject: [PATCH 48/53] WIP omron fins integration, cisagov/Malcolm#554

---
 dashboards/scripts/index-refresh.py |  3 ++
 nginx/nginx.conf                    | 71 +++++++++++++++++++----------
 nginx/nginx_readonly.conf           | 70 ++++++++++++++++++----------
 3 files changed, 97 insertions(+), 47 deletions(-)

diff --git a/dashboards/scripts/index-refresh.py b/dashboards/scripts/index-refresh.py
index bb14970e8..9b6ec989a 100755
--- a/dashboards/scripts/index-refresh.py
+++ b/dashboards/scripts/index-refresh.py
@@ -397,6 +397,9 @@ def main():
                         'urlTemplate'
                     ] = '/netbox/search/?q={{value}}&obj_types=dcim.site&lookup=iexact'
 
+                elif field['name'] == 'zeek.files.extracted_uri':
+                    fieldFormatInfo['params']['urlTemplate'] = '/{{value}}'
+
                 else:
                     # for Arkime to query by database field name, see arkime issue/PR 1461/1463
                     valQuote = '"' if field['type'] == 'string' else ''
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index cc63e6787..d31c82556 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -170,6 +170,53 @@ http {
       proxy_set_header X-Remote-Auth $authenticated_user;
     }
 
+    # extracted file download
+    location ~* ^/extracted-files\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
+      set $filereq $1;
+      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+
+    # extracted file download hedgehog redirect
+    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
+    # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/extracted-files/(.*) {
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/extracted-files/(.*) $forwarded_scheme://$host/extracted-files/$1 redirect;
+      proxy_pass http://extracted-file-http-server;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+    location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
     # Arkime -> Dashboards shortcut
     location ~* /idark2dash(.*) {
       set $filter_start_time now-1d;
@@ -223,30 +270,6 @@ http {
       proxy_set_header Host dashboards-helper.malcolm.local;
     }
 
-    # extracted file download
-    location ~* ^/extracted-files\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
-      set $filereq $1;
-      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
-      proxy_redirect off;
-      proxy_set_header Host file-monitor.malcolm.local;
-    }
-
-    # extracted file download hedgehog redirect
-    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      # TODO: check, do i need is_args/args here?
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
-      proxy_pass https://$upstream;
-      proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
-    }
-
     # Fix cyberchef JS module(s)
     # https://localhost/arkime/session/190924-KgO9H30qhdREw7ltsDXn1Rgp/modules/Regex.js
     location ~* ^/arkime/session/.*/(modules/.*\.js) {
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index 2fd67aba1..d642d55ce 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -131,6 +131,53 @@ http {
       proxy_set_header X-Remote-Auth $authenticated_user;
     }
 
+    # extracted file download
+    location ~* ^/extracted-files\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
+      set $filereq $1;
+      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+
+    # extracted file download hedgehog redirect
+    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      # TODO: check, do i need is_args/args here?
+      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
+    # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it)
+    location ~* ^/dashboards/app/extracted-files/(.*) {
+      set $forwarded_scheme $scheme;
+      if ($http_x_forwarded_proto = 'https') {
+          set $forwarded_scheme https;
+      }
+      set $fwuri $1;
+      rewrite ^/dashboards/app/extracted-files/(.*) $forwarded_scheme://$host/extracted-files/$1 redirect;
+      proxy_pass http://extracted-file-http-server;
+      proxy_redirect off;
+      proxy_set_header Host file-monitor.malcolm.local;
+    }
+    location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+      include /etc/nginx/nginx_auth_rt.conf;
+      include /etc/nginx/nginx_system_resolver.conf;
+      set $upstream $1:8006;
+      set $filereq $2;
+      rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      proxy_pass https://$upstream;
+      proxy_ssl_verify off;
+      proxy_set_header Host $1;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+    }
+
     # Dashboards -> Arkime shortcut
     location ~* /iddash2ark/(.*) {
       set $forwarded_scheme $scheme;
@@ -158,29 +205,6 @@ http {
       proxy_set_header Host dashboards-helper.malcolm.local;
     }
 
-    # extracted file download
-    location ~* ^/extracted-files\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      # thanks to https://stackoverflow.com/a/31440150, handle spaces in names
-      set $filereq $1;
-      proxy_pass http://extracted-file-http-server$filereq$is_args$args;
-      proxy_redirect off;
-      proxy_set_header Host file-monitor.malcolm.local;
-    }
-
-    # extracted file download hedgehog redirect
-    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
-      include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      # TODO: check, do i need is_args/args here?
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
-      proxy_pass https://$upstream;
-      proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
-    }
-
     # favicon, logos, banners, etc.
     include /etc/nginx/nginx_image_aliases.conf;
 

From 401da78c8afd93d50a22efd9b099f780d4ef810b Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 16 Jan 2025 08:59:47 -0700
Subject: [PATCH 49/53] dashboards tweaks

---
 .../88bcec50-cc74-11ef-bae9-0d6b8da935ba.json |  2 +-
 .../c899f8b0-d36b-11ef-b619-17836b3bbf47.json | 52 +++++++++----------
 .../f2c0da10-d2c5-11ef-8864-d58a560dc292.json |  2 +-
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
index f072e5acd..35c22c80f 100644
--- a/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
+++ b/dashboards/dashboards/beats/88bcec50-cc74-11ef-bae9-0d6b8da935ba.json
@@ -212,7 +212,7 @@
         "description": "",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:syslog\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"365d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.module:syslog\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_OTHER_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"365d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "sort": [],
         "title": "Syslog",
diff --git a/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json b/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
index f88b33573..8d8441066 100644
--- a/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
+++ b/dashboards/dashboards/c899f8b0-d36b-11ef-b619-17836b3bbf47.json
@@ -8,7 +8,7 @@
           "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"
         },
         "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
-        "panelsJSON": "[{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":33,\"i\":\"93a55ef0-2531-4e0f-b541-007b15675877\"},\"panelIndex\":\"93a55ef0-2531-4e0f-b541-007b15675877\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":10,\"h\":33,\"i\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\"},\"panelIndex\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":14,\"i\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\"},\"panelIndex\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":18,\"y\":14,\"w\":30,\"h\":19,\"i\":\"8af980bf-56dd-4d6e-b7bf-8edf0d2fb319\"},\"panelIndex\":\"8af980bf-56dd-4d6e-b7bf-8edf0d2fb319\",\"embeddableConfig\":{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}},\"panelRefName\":\"panel_3\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":33,\"w\":9,\"h\":19,\"i\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\"},\"panelIndex\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":9,\"y\":33,\"w\":10,\"h\":19,\"i\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\"},\"panelIndex\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":19,\"y\":33,\"w\":17,\"h\":19,\"i\":\"f470af29-165f-405f-b7d7-645daa139a33\"},\"panelIndex\":\"f470af29-165f-405f-b7d7-645daa139a33\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":36,\"y\":33,\"w\":12,\"h\":19,\"i\":\"a98fe06a-c49c-47ee-a696-555df58f7fbb\"},\"panelIndex\":\"a98fe06a-c49c-47ee-a696-555df58f7fbb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":13,\"h\":19,\"i\":\"daf32d2d-164d-418a-b1f1-1f329ce71ff0\"},\"panelIndex\":\"daf32d2d-164d-418a-b1f1-1f329ce71ff0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":13,\"y\":52,\"w\":16,\"h\":19,\"i\":\"140856ec-a808-4b4d-b576-083f94388bf5\"},\"panelIndex\":\"140856ec-a808-4b4d-b576-083f94388bf5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":29,\"y\":52,\"w\":19,\"h\":19,\"i\":\"15fb5c1b-0f41-42fc-9bb5-06402e78e215\"},\"panelIndex\":\"15fb5c1b-0f41-42fc-9bb5-06402e78e215\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"2.18.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":29,\"i\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\"},\"panelIndex\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]",
+        "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"93a55ef0-2531-4e0f-b541-007b15675877\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"93a55ef0-2531-4e0f-b541-007b15675877\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":33,\"i\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\",\"w\":10,\"x\":8,\"y\":0},\"panelIndex\":\"1feca6e6-3466-4ff7-bcbf-267e3e78df54\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":14,\"i\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\",\"w\":30,\"x\":18,\"y\":0},\"panelIndex\":\"cfb1f39f-52c9-4e69-938a-8ea3a7d98449\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"sortColumn\":{\"colIndex\":2,\"direction\":\"desc\"}}},\"gridData\":{\"h\":19,\"i\":\"8af980bf-56dd-4d6e-b7bf-8edf0d2fb319\",\"w\":30,\"x\":18,\"y\":14},\"panelIndex\":\"8af980bf-56dd-4d6e-b7bf-8edf0d2fb319\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\",\"w\":9,\"x\":0,\"y\":33},\"panelIndex\":\"438627ba-9c90-4820-a50d-afe9a7bb2d6d\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\",\"w\":10,\"x\":9,\"y\":33},\"panelIndex\":\"4924e5a6-8301-4eb0-897a-fe4f434a423a\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"f470af29-165f-405f-b7d7-645daa139a33\",\"w\":17,\"x\":19,\"y\":33},\"panelIndex\":\"f470af29-165f-405f-b7d7-645daa139a33\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"a98fe06a-c49c-47ee-a696-555df58f7fbb\",\"w\":12,\"x\":36,\"y\":33},\"panelIndex\":\"a98fe06a-c49c-47ee-a696-555df58f7fbb\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"daf32d2d-164d-418a-b1f1-1f329ce71ff0\",\"w\":13,\"x\":0,\"y\":52},\"panelIndex\":\"daf32d2d-164d-418a-b1f1-1f329ce71ff0\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"140856ec-a808-4b4d-b576-083f94388bf5\",\"w\":16,\"x\":13,\"y\":52},\"panelIndex\":\"140856ec-a808-4b4d-b576-083f94388bf5\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"15fb5c1b-0f41-42fc-9bb5-06402e78e215\",\"w\":19,\"x\":29,\"y\":52},\"panelIndex\":\"15fb5c1b-0f41-42fc-9bb5-06402e78e215\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":29,\"i\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\",\"w\":48,\"x\":0,\"y\":71},\"panelIndex\":\"d8e534f2-e1e2-4a4d-a5a9-d086db6116af\",\"version\":\"2.18.0\",\"panelRefName\":\"panel_11\"}]",
         "timeRestore": false,
         "title": "Omron FINS",
         "version": 1
@@ -83,8 +83,8 @@
         }
       ],
       "type": "dashboard",
-      "updated_at": "2025-01-15T22:37:50.583Z",
-      "version": "WzEwOTQsMV0="
+      "updated_at": "2025-01-16T15:46:51.481Z",
+      "version": "WzEwODcsMV0="
     },
     {
       "attributes": {
@@ -106,8 +106,8 @@
       ],
       "references": [],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:49:43.578Z",
-      "version": "WzEwNzAsMV0="
+      "updated_at": "2025-01-16T14:55:17.645Z",
+      "version": "WzEwNzUsMV0="
     },
     {
       "attributes": {
@@ -136,7 +136,7 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:49:15.240Z",
+      "updated_at": "2025-01-16T14:54:49.054Z",
       "version": "Wzc2NiwxXQ=="
     },
     {
@@ -166,7 +166,7 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:49:15.240Z",
+      "updated_at": "2025-01-16T14:54:49.054Z",
       "version": "Wzc2NywxXQ=="
     },
     {
@@ -196,8 +196,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:55:57.482Z",
-      "version": "WzEwODEsMV0="
+      "updated_at": "2025-01-16T14:54:49.054Z",
+      "version": "Wzc2OCwxXQ=="
     },
     {
       "attributes": {
@@ -226,7 +226,7 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:49:15.240Z",
+      "updated_at": "2025-01-16T14:54:49.054Z",
       "version": "Wzc2OSwxXQ=="
     },
     {
@@ -256,7 +256,7 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:49:15.240Z",
+      "updated_at": "2025-01-16T14:54:49.054Z",
       "version": "Wzc3MCwxXQ=="
     },
     {
@@ -286,8 +286,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T22:09:12.731Z",
-      "version": "WzEwODMsMV0="
+      "updated_at": "2025-01-16T14:54:49.054Z",
+      "version": "Wzc3MSwxXQ=="
     },
     {
       "attributes": {
@@ -316,8 +316,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T22:23:30.148Z",
-      "version": "WzEwOTAsMV0="
+      "updated_at": "2025-01-16T14:54:49.054Z",
+      "version": "Wzc3MiwxXQ=="
     },
     {
       "attributes": {
@@ -346,8 +346,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T21:49:15.240Z",
-      "version": "Wzc2OCwxXQ=="
+      "updated_at": "2025-01-16T14:54:49.054Z",
+      "version": "Wzc3MywxXQ=="
     },
     {
       "attributes": {
@@ -376,8 +376,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T22:12:38.367Z",
-      "version": "WzEwODUsMV0="
+      "updated_at": "2025-01-16T14:54:49.054Z",
+      "version": "Wzc3NCwxXQ=="
     },
     {
       "attributes": {
@@ -387,9 +387,9 @@
         },
         "savedSearchRefName": "search_0",
         "title": "Omron FINS - Address, Node, and Unit",
-        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":6,\"direction\":\"desc\"}}}",
+        "uiStateJSON": "{\"vis\":{\"sortColumn\":{\"colIndex\":7,\"direction\":\"desc\"}}}",
         "version": 1,
-        "visState": "{\"title\":\"Omron FINS - Address, Node, and Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_network_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Net Addr\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_node_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Node Num\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_unit_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Unit Addr\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_network_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Net Addr\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_node_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Node Num\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_unit_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Unit Addr\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
+        "visState": "{\"title\":\"Omron FINS - Address, Node, and Unit\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_network_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Net Addr\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_node_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Node Num\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.source_unit_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Src Unit Addr\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_network_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Net Addr\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_node_number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Node Num\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.destination_unit_address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dst Unit Addr\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"zeek.omron_fins.service_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Service ID\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"
       },
       "id": "27315d80-d391-11ef-8ae2-0dd19e7f01ed",
       "migrationVersion": {
@@ -406,8 +406,8 @@
         }
       ],
       "type": "visualization",
-      "updated_at": "2025-01-15T22:36:25.304Z",
-      "version": "WzEwOTMsMV0="
+      "updated_at": "2025-01-16T15:46:38.688Z",
+      "version": "WzEwODYsMV0="
     },
     {
       "attributes": {
@@ -424,7 +424,7 @@
         "description": "",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:omron*\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:omron*\",\"language\":\"lucene\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "sort": [],
         "title": "Omron FINS - All Logs",
@@ -445,8 +445,8 @@
         }
       ],
       "type": "search",
-      "updated_at": "2025-01-15T21:49:15.240Z",
-      "version": "Wzc3MSwxXQ=="
+      "updated_at": "2025-01-16T14:54:49.054Z",
+      "version": "Wzc3NiwxXQ=="
     }
   ],
   "version": "2.18.0"
diff --git a/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json b/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
index 2759b8f14..3bce1ed36 100644
--- a/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
+++ b/dashboards/dashboards/f2c0da10-d2c5-11ef-8864-d58a560dc292.json
@@ -357,7 +357,7 @@
         "description": "",
         "hits": 0,
         "kibanaSavedObjectMeta": {
-          "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:postgresql\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"time_zone\":\"America/Denver\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
+          "searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:postgresql\",\"language\":\"kuery\"},\"highlightAll\":false,\"version\":true,\"aggs\":{\"2\":{\"date_histogram\":{\"field\":\"MALCOLM_NETWORK_INDEX_TIME_FIELD_REPLACER\",\"fixed_interval\":\"30d\",\"min_doc_count\":1}}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
         },
         "sort": [],
         "title": "PostgreSQL - Logs",

From 61eab8bda409e13876a747dfe50012bbb0aac382 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 16 Jan 2025 09:07:46 -0700
Subject: [PATCH 50/53] fix links for hh redirect download

---
 nginx/nginx.conf          | 23 ++++++-----------------
 nginx/nginx_readonly.conf | 23 ++++++-----------------
 2 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index d31c82556..7b66f8c1c 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -180,19 +180,6 @@ http {
       proxy_set_header Host file-monitor.malcolm.local;
     }
 
-    # extracted file download hedgehog redirect
-    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
-      include /etc/nginx/nginx_auth_rt.conf;
-      include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
-      proxy_pass https://$upstream;
-      proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
-    }
-
     # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it)
     location ~* ^/dashboards/app/extracted-files/(.*) {
       set $forwarded_scheme $scheme;
@@ -205,12 +192,14 @@ http {
       proxy_redirect off;
       proxy_set_header Host file-monitor.malcolm.local;
     }
-    location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+
+    # extracted file download hedgehog redirect
+    location ~* ^/(dashboards/app/)?hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
       include /etc/nginx/nginx_auth_rt.conf;
       include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      set $upstream $2:8006;
+      set $filereq $3;
+      rewrite ^/(dashboards/app/)?hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
       proxy_pass https://$upstream;
       proxy_ssl_verify off;
       proxy_set_header Host $1;
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index d642d55ce..3b490ac73 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -141,19 +141,6 @@ http {
       proxy_set_header Host file-monitor.malcolm.local;
     }
 
-    # extracted file download hedgehog redirect
-    location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
-      include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      # TODO: check, do i need is_args/args here?
-      rewrite ^/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
-      proxy_pass https://$upstream;
-      proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
-    }
-
     # extracted files from dashboards link (because Dashboards is prepending its own prefix, we have to handle it)
     location ~* ^/dashboards/app/extracted-files/(.*) {
       set $forwarded_scheme $scheme;
@@ -166,12 +153,14 @@ http {
       proxy_redirect off;
       proxy_set_header Host file-monitor.malcolm.local;
     }
-    location ~* ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
+
+    # extracted file download hedgehog redirect
+    location ~* ^/(dashboards/app/)?hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
       include /etc/nginx/nginx_auth_rt.conf;
       include /etc/nginx/nginx_system_resolver.conf;
-      set $upstream $1:8006;
-      set $filereq $2;
-      rewrite ^/dashboards/app/hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
+      set $upstream $2:8006;
+      set $filereq $3;
+      rewrite ^/(dashboards/app/)?hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
       proxy_pass https://$upstream;
       proxy_ssl_verify off;
       proxy_set_header Host $1;

From a950f6ca5013ee4a353f0b388a5af98283424754 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 16 Jan 2025 13:54:10 -0700
Subject: [PATCH 51/53] fix issue with nginx proxy

---
 nginx/nginx.conf          | 4 ++--
 nginx/nginx_readonly.conf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 7b66f8c1c..b261dd25f 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -202,8 +202,8 @@ http {
       rewrite ^/(dashboards/app/)?hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
       proxy_pass https://$upstream;
       proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+      proxy_set_header Host $2;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$2";
     }
 
     # Arkime -> Dashboards shortcut
diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf
index 3b490ac73..081c97780 100644
--- a/nginx/nginx_readonly.conf
+++ b/nginx/nginx_readonly.conf
@@ -163,8 +163,8 @@ http {
       rewrite ^/(dashboards/app/)?hh-extracted-files/([a-zA-Z0-9-\.]+)(.*)$ $filereq break;
       proxy_pass https://$upstream;
       proxy_ssl_verify off;
-      proxy_set_header Host $1;
-      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$1";
+      proxy_set_header Host $2;
+      proxy_set_header X-Malcolm-Forward "/hh-extracted-files/$2";
     }
 
     # Dashboards -> Arkime shortcut

From 811577105dcf4a441216a81252672fdafc17679a Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Thu, 16 Jan 2025 15:31:34 -0700
Subject: [PATCH 52/53] html formatting

---
 nginx/landingpage/404.html   | 3 +--
 nginx/landingpage/502.html   | 3 +--
 nginx/landingpage/index.html | 3 +--
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/nginx/landingpage/404.html b/nginx/landingpage/404.html
index 05ce1e608..3b005c91e 100644
--- a/nginx/landingpage/404.html
+++ b/nginx/landingpage/404.html
@@ -42,8 +42,7 @@ <h2 class="mb-3">This page does not exist</h2>
                 <div class="row">
                     <div class="col-lg-6 h-100 text-center text-lg-start my-auto">
                         <p class="text-muted small mb-4 mb-lg-0">
-                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
-                        Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
+                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
                     </div>
                     <div class="col-lg-6 h-100 text-center text-lg-end my-auto">
                         <ul class="list-inline mb-0">
diff --git a/nginx/landingpage/502.html b/nginx/landingpage/502.html
index d9b482646..589d6c501 100644
--- a/nginx/landingpage/502.html
+++ b/nginx/landingpage/502.html
@@ -43,8 +43,7 @@ <h2 class="mb-3">Malcolm has encountered an error</h2>
                 <div class="row">
                     <div class="col-lg-6 h-100 text-center text-lg-start my-auto">
                         <p class="text-muted small mb-4 mb-lg-0">
-                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
-                        Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
+                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
                     </div>
                     <div class="col-lg-6 h-100 text-center text-lg-end my-auto">
                         <ul class="list-inline mb-0">
diff --git a/nginx/landingpage/index.html b/nginx/landingpage/index.html
index c741dc678..5e7e31367 100644
--- a/nginx/landingpage/index.html
+++ b/nginx/landingpage/index.html
@@ -97,8 +97,7 @@ <h3>Extracted Files</h3></a>
                 <div class="row">
                     <div class="col-lg-6 h-100 text-center text-lg-start my-auto">
                         <p class="text-muted small mb-4 mb-lg-0">
-                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the
-                        Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
+                        <a href="https://github.com/idaholab/Malcolm/releases">Malcolm MALCOLM_VERSION_REPLACER</a> &copy; 2025 Battelle Energy Alliance, LLC; developed at INL and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.</p>
                     </div>
                     <div class="col-lg-6 h-100 text-center text-lg-end my-auto">
                         <ul class="list-inline mb-0">

From b92528b13396a001eb32fa5ce22371dfd50cd0b9 Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Fri, 17 Jan 2025 09:45:46 -0700
Subject: [PATCH 53/53] documentation for workaround for UFW software firewall
 for Malcolm ISO should automatically open ports for syslog
 cisagov/Malcolm#560)

---
 docs/malcolm-config.md                   |  1 +
 docs/malcolm-hedgehog-e2e-iso-install.md |  1 +
 docs/third-party-logs.md                 | 13 +++++++++++++
 3 files changed, 15 insertions(+)

diff --git a/docs/malcolm-config.md b/docs/malcolm-config.md
index e967e0194..aec109cd2 100644
--- a/docs/malcolm-config.md
+++ b/docs/malcolm-config.md
@@ -43,6 +43,7 @@ Although the configuration script automates many of the following configuration
     - The following variables configure Malcolm's ability to [accept syslog](https://www.elastic.co/guide/en/beats/filebeat/current/syslog.html) messages:
         + `FILEBEAT_SYSLOG_TCP_LISTEN` and `FILEBEAT_SYSLOG_UDP_LISTEN` - if set to `true`, Malcolm will accept syslog messages over TCP and/or UDP, respectively
         + `FILEBEAT_SYSLOG_TCP_PORT` and `FILEBEAT_SYSLOG_UDP_PORT` - the port on which Malcolm will accept syslog messages over TCP and/or UDP, respectively
+            * If Malcolm is running in an instance installed via the [Malcolm installer ISO](malcolm-iso.md#ISO), please see also [ISO-installed Desktop Environment Firewall](third-party-logs.md#SyslogISOFirewall).
         + `FILEBEAT_SYSLOG_TCP_FORMAT` and `FILEBEAT_SYSLOG_UDP_FORMAT` - one of `auto`, `rfc3164`, or `rfc5424`, to specify the allowed format for syslog messages over TCP and/or UDP, respectively (default `auto`)
         + `FILEBEAT_SYSLOG_TCP_MAX_MESSAGE_SIZE` and `FILEBEAT_SYSLOG_UDP_MAX_MESSAGE_SIZE` - defines the maximum message size of the message received over TCP and/or UDP, respectively (default: `10KiB` for UDP, `20MiB` for TCP)
         + `FILEBEAT_SYSLOG_TCP_MAX_CONNECTIONS` - specifies the maximum current number of TCP connections for syslog messages
diff --git a/docs/malcolm-hedgehog-e2e-iso-install.md b/docs/malcolm-hedgehog-e2e-iso-install.md
index 8bd9e0e5e..99154858e 100644
--- a/docs/malcolm-hedgehog-e2e-iso-install.md
+++ b/docs/malcolm-hedgehog-e2e-iso-install.md
@@ -241,6 +241,7 @@ The [configuration and tuning](malcolm-config.md#ConfigAndTuning) wizard's quest
         + Answer **Y** for Malcolm to accept syslog messages according to the RFC3164 and RFC5424 standards over TCP or UDP.
             * **Enter port for syslog over TCP (e.g., 514) or 0 to disable** and **Enter port for syslog over UDP (e.g., 514) or 0 to disable**
                 - Specify the port numbers on which to accept syslog messages for TCP or UDP, respectively. Other options for configuring how Malcolm accepts and processes syslog messages can be configured via environment variables in [`filebeat.env`](malcolm-config.md#MalcolmConfigEnvVars).
+                - If Malcolm is running in an instance installed via the [Malcolm installer ISO](malcolm-iso.md#ISO), please see also [ISO-installed Desktop Environment Firewall](third-party-logs.md#SyslogISOFirewall).
 * **Enable file extraction with Zeek?**
     - Answer **Y** to indicate that Zeek should [extract files](file-scanning.md#ZeekFileExtraction) transfered in observed network traffic.
     - **Select file extraction behavior**
diff --git a/docs/third-party-logs.md b/docs/third-party-logs.md
index f04a15567..86a125584 100644
--- a/docs/third-party-logs.md
+++ b/docs/third-party-logs.md
@@ -23,6 +23,7 @@ The types of third-party logs and metrics discussed in this document are *not* t
     - [Convenience Script for Windows](#FluentBitPowerShell)
 * [Beats](#Beats)
 * [Syslog](#Syslog)
+    - [ISO-installed Desktop Environment Firewall](#SyslogISOFirewall)
 * [Uploading Third-Party Logs](#ThirdPartyUpload)
 * [Data Format and Visualization](#Data)
 * [Document Indices](#Indices)
@@ -324,6 +325,18 @@ Malcolm can accept [syslog](https://en.wikipedia.org/wiki/Syslog) messages direc
 
 Other options for configuring how Malcolm accepts and processes syslog messages can be configured via environment variables in [`filebeat.env`](malcolm-config.md#MalcolmConfigEnvVars).
 
+
+### <a name="SyslogISOFirewall"></a>ISO-installed Desktop Environment Firewall
+
+If Malcolm is running in an instance installed via the [Malcolm installer ISO](malcolm-iso.md#ISO), the system's software firewall needs to be manually updated to open the port(s) for Syslog messages. This can be performed via the command line inside a terminal on the Malcolm system, using the port(s) specified during the configuration mentioned above. For example:
+
+```bash
+$ sudo ufw allow 514/tcp
+Rule added
+$ sudo ufw allow 514/udp
+Rule added
+```
+
 ## <a name="ThirdPartyUpload"></a>Uploading Third-Party Logs
 
 ### Microsoft Windows Event Logs