kibana.ndjson

{"attributes":{"fieldAttrs":"{\"host\":{\"count\":2},\"levelname\":{\"count\":1},\"message\":{\"count\":1},\"src_ip\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"httpd*","typeMeta":"{}"},"coreMigrationVersion":"8.0.0","id":"d39dab80-6888-11ed-9ac5-e55109066f67","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1670399938195,157],"type":"index-pattern","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk2MiwxOV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP Request PATH","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP Request PATH\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.0.0","id":"14aca360-6889-11ed-9ac5-e55109066f67","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670399938195,142],"type":"visualization","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk1NSwxOV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP Host\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.0.0","id":"4d61d9a0-6889-11ed-9ac5-e55109066f67","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670399938195,144],"type":"visualization","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk1NiwxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"812407c4-9f88-4035-b93b-4ca479d2a8ed","key":"src_ip","negate":true,"params":{"query":"172.24.0.4"},"type":"phrase"},"query":{"match_phrase":{"src_ip":"172.24.0.4"}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"db00a188-627a-4d2b-9b9d-8d2e60616d38","key":"src_ip","negate":true,"params":{"query":"172.24.0.1"},"type":"phrase"},"query":{"match_phrase":{"src_ip":"172.24.0.1"}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"f2b30b31-e2f1-4907-8770-fcf9cd91e7e7","key":"method.keyword","negate":true,"params":{"query":"CONNECT"},"type":"phrase"},"query":{"match_phrase":{"method.keyword":"CONNECT"}}}],"query":{"language":"kuery","query":""},"title":"直接接続"},"coreMigrationVersion":"8.0.0","id":"543a4d60-6984-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"812407c4-9f88-4035-b93b-4ca479d2a8ed","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"db00a188-627a-4d2b-9b9d-8d2e60616d38","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"f2b30b31-e2f1-4907-8770-fcf9cd91e7e7","type":"index-pattern"}],"sort":[1670399938195,148],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk1NywxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"de0df7f2-e05f-4ad9-aad2-bb73b9be3c51","key":"dst_port","negate":true,"params":{"query":80},"type":"phrase"},"query":{"match_phrase":{"dst_port":80}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"4e32f64d-7c9e-4f06-ba11-d34e73f9336e","key":"dst_port","negate":true,"params":{"query":443},"type":"phrase"},"query":{"match_phrase":{"dst_port":443}}}],"query":{"language":"kuery","query":""},"title":"特徴的なポート"},"coreMigrationVersion":"8.0.0","id":"56c9ee60-6983-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"de0df7f2-e05f-4ad9-aad2-bb73b9be3c51","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"4e32f64d-7c9e-4f06-ba11-d34e73f9336e","type":"index-pattern"}],"sort":[1670399938195,151],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk1OCwxOV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP UserAgent","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP UserAgent\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"UserAgent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.0.0","id":"615e6d60-6889-11ed-9ac5-e55109066f67","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670399938195,153],"type":"visualization","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk1OSwxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"d5f44e32-7490-4f73-bc92-98905c88a8e6","key":"dst_port","negate":false,"params":["80","443"],"type":"phrases"},"query":{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"dst_port":"80"}},{"match_phrase":{"dst_port":"443"}}]}}}],"query":{"language":"kuery","query":""},"title":"HTTP/HTTPS"},"coreMigrationVersion":"8.0.0","id":"7c0f4080-6983-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"d5f44e32-7490-4f73-bc92-98905c88a8e6","type":"index-pattern"}],"sort":[1670399938195,155],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzk2MCwxOV0="}
{"attributes":{"buildNum":49192,"defaultIndex":"d39dab80-6888-11ed-9ac5-e55109066f67"},"coreMigrationVersion":"8.0.0","id":"8.0.0","migrationVersion":{"config":"8.0.0"},"references":[],"sort":[1670399961333,158],"type":"config","updated_at":"2022-12-07T07:59:21.333Z","version":"Wzk2MywxOV0="}
{"attributes":{"columns":["src_ip","message","levelname"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"HTTP Log"},"coreMigrationVersion":"8.0.0","id":"a00788d0-6889-11ed-9ac5-e55109066f67","migrationVersion":{"search":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670399938195,1760],"type":"search","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3MSwxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"d0be5813-9b32-41b4-8d2e-426551853ee0","key":"tags.keyword","negate":false,"params":{"query":"spam"},"type":"phrase"},"query":{"match_phrase":{"tags.keyword":"spam"}}}],"query":{"language":"kuery","query":""},"title":"スパム"},"coreMigrationVersion":"8.0.0","id":"a23aa580-6986-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"d0be5813-9b32-41b4-8d2e-426551853ee0","type":"index-pattern"}],"sort":[1670399938195,1762],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3MiwxOV0="}
{"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"agent.keyword :python* or agent.keyword :Python*"},"title":"Python"},"coreMigrationVersion":"8.0.0","id":"a67fdb30-6984-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[],"sort":[1670399938195,1763],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3MywxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"55a00762-0f9b-4f0c-8c67-04aad8892d71","key":"agent.keyword","negate":false,"params":{"query":""},"type":"phrase"},"query":{"match_phrase":{"agent.keyword":""}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"3afdbf5c-602e-43f2-9183-900e731dee95","key":"path","negate":true,"params":{"query":""},"type":"phrase"},"query":{"match_phrase":{"path":""}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"974b946c-d3a6-47d1-9504-42658636076a","key":"host.keyword","negate":true,"params":{"query":""},"type":"phrase"},"query":{"match_phrase":{"host.keyword":""}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"dca78e3f-e2c8-46f9-8c59-9c6ac96c97f2","key":"method.keyword","negate":true,"params":{"query":"CONNECT"},"type":"phrase"},"query":{"match_phrase":{"method.keyword":"CONNECT"}}}],"query":{"language":"kuery","query":""},"title":"ユーザーエージェント無し"},"coreMigrationVersion":"8.0.0","id":"a9f0f0a0-6985-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"55a00762-0f9b-4f0c-8c67-04aad8892d71","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"3afdbf5c-602e-43f2-9183-900e731dee95","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"974b946c-d3a6-47d1-9504-42658636076a","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"dca78e3f-e2c8-46f9-8c59-9c6ac96c97f2","type":"index-pattern"}],"sort":[1670399938195,1768],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3NCwxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"b2b01a5b-e552-463f-bc3f-1cb51aa5d791","key":"size","negate":true,"params":{"query":0},"type":"phrase"},"query":{"match_phrase":{"size":0}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"12fdc219-d0d3-4d02-8cf8-788828a0654e","key":"levelname.keyword","negate":false,"params":{"query":"INFO"},"type":"phrase"},"query":{"match_phrase":{"levelname.keyword":"INFO"}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"728234c3-f5ef-472f-a02f-23c131d590bf","key":"size","negate":false,"type":"exists","value":"exists"},"query":{"exists":{"field":"size"}}}],"query":{"language":"kuery","query":""},"title":"ペイロードあり"},"coreMigrationVersion":"8.0.0","id":"b66b8630-6d98-11ed-98e3-cd44e3a30b20","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"b2b01a5b-e552-463f-bc3f-1cb51aa5d791","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"12fdc219-d0d3-4d02-8cf8-788828a0654e","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"728234c3-f5ef-472f-a02f-23c131d590bf","type":"index-pattern"}],"sort":[1670399938195,1772],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3NSwxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"da8c39da-cfa3-427f-aa73-24f865a25574","key":"dst_port","negate":false,"params":["25","587","465","2525","995","993","110"],"type":"phrases"},"query":{"bool":{"minimum_should_match":1,"should":[{"match_phrase":{"dst_port":"25"}},{"match_phrase":{"dst_port":"587"}},{"match_phrase":{"dst_port":"465"}},{"match_phrase":{"dst_port":"2525"}},{"match_phrase":{"dst_port":"995"}},{"match_phrase":{"dst_port":"993"}},{"match_phrase":{"dst_port":"110"}}]}}}],"query":{"language":"kuery","query":""},"title":"メール"},"coreMigrationVersion":"8.0.0","id":"bdb7e050-6983-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"da8c39da-cfa3-427f-aa73-24f865a25574","type":"index-pattern"}],"sort":[1670399938195,1774],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3NiwxOV0="}
{"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":""},"title":"全てのログ"},"coreMigrationVersion":"8.0.0","id":"cc089460-6983-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[],"sort":[1670399938195,1775],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3NywxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"8ac4f618-b8fb-488f-8afb-7ba6566d8ab9","key":"dst_ip","negate":false,"params":{"query":"127.0.0.1"},"type":"phrase"},"query":{"match_phrase":{"dst_ip":"127.0.0.1"}}}],"query":{"language":"kuery","query":""},"title":"ローカルホストに接続"},"coreMigrationVersion":"8.0.0","id":"d00e3220-6a07-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"8ac4f618-b8fb-488f-8afb-7ba6566d8ab9","type":"index-pattern"}],"sort":[1670399938195,1777],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3OCwxOV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP method","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"HTTP method\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"distinctColors\":false,\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"labels\":{\"show\":true,\"last_level\":false,\"values\":true,\"valuesFormat\":\"percent\",\"percentDecimals\":2,\"truncate\":100,\"position\":\"default\"}}}"},"coreMigrationVersion":"8.0.0","id":"f22279a0-6888-11ed-9ac5-e55109066f67","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670399938195,1779],"type":"visualization","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc3OSwxOV0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":9,\"i\":\"da57a312-3bc8-4fe0-8c63-f0b62511c40d\"},\"panelIndex\":\"da57a312-3bc8-4fe0-8c63-f0b62511c40d\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Sensors\",\"description\":\"\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sensor.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sensor name\"},\"schema\":\"bucket\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":12,\"h\":9,\"i\":\"d58fe4c8-3d06-4eff-9079-5db4ec13f243\"},\"panelIndex\":\"d58fe4c8-3d06-4eff-9079-5db4ec13f243\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Session Count\",\"description\":\"\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"session.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"session uuid\"},\"schema\":\"bucket\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"table\":null,\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":0,\"w\":12,\"h\":9,\"i\":\"ef4a5a80-0082-4222-b846-ec9c3e339e46\"},\"panelIndex\":\"ef4a5a80-0082-4222-b846-ec9c3e339e46\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Request unique IP Address\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"src_ip.keyword\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":15,\"i\":\"9095f830-c449-4720-8a1a-91316375a4f2\"},\"panelIndex\":\"9095f830-c449-4720-8a1a-91316375a4f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9095f830-c449-4720-8a1a-91316375a4f2\"},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":15,\"i\":\"64ec03c2-cd1e-4985-b218-d8dfa0440f83\"},\"panelIndex\":\"64ec03c2-cd1e-4985-b218-d8dfa0440f83\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Destination Port\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"distinctColors\":false,\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"labels\":{\"show\":true,\"last_level\":false,\"values\":true,\"valuesFormat\":\"percent\",\"percentDecimals\":2,\"truncate\":100,\"position\":\"default\"}},\"uiState\":{\"vis\":{\"legendOpen\":false}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dst_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"key\":\"dst_port\",\"negate\":true,\"params\":{\"query\":0},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"dst_port\":0}}}]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":15,\"i\":\"5eda22cc-39d3-4903-8034-f01d37da53f9\"},\"panelIndex\":\"5eda22cc-39d3-4903-8034-f01d37da53f9\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"colWidth\":[{\"colIndex\":0,\"width\":273}]}}},\"panelRefName\":\"panel_5eda22cc-39d3-4903-8034-f01d37da53f9\"},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":15,\"i\":\"df081b5e-d40f-4a69-8160-7add9c8ebaaf\"},\"panelIndex\":\"df081b5e-d40f-4a69-8160-7add9c8ebaaf\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Source AS organization\",\"description\":\"\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"src_geo.as.organization.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"org name\"},\"schema\":\"bucket\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":24,\"w\":12,\"h\":15,\"i\":\"89736a10-2ccd-4b0c-893e-0b9748cdd8cd\"},\"panelIndex\":\"89736a10-2ccd-4b0c-893e-0b9748cdd8cd\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Request IP Country\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"distinctColors\":false,\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"labels\":{\"show\":true,\"last_level\":false,\"values\":true,\"valuesFormat\":\"percent\",\"percentDecimals\":2,\"truncate\":100,\"position\":\"default\"}},\"uiState\":{\"vis\":{\"legendOpen\":false}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"src_geo.geo.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":24,\"w\":12,\"h\":15,\"i\":\"87421502-d869-4b8b-81bf-cbdb9e039452\"},\"panelIndex\":\"87421502-d869-4b8b-81bf-cbdb9e039452\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Header Language\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":false,\"legendPosition\":\"right\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"distinctColors\":false,\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"labels\":{\"show\":true,\"last_level\":false,\"values\":true,\"valuesFormat\":\"percent\",\"percentDecimals\":2,\"truncate\":100,\"position\":\"default\"}},\"uiState\":{\"vis\":{\"legendOpen\":false}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"AcceptLanguage.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":24,\"w\":12,\"h\":15,\"i\":\"bc8967e4-792d-47d9-8c39-aa3d715a1a4b\"},\"panelIndex\":\"bc8967e4-792d-47d9-8c39-aa3d715a1a4b\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Source IP Info\",\"description\":\"\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"src_ip_info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"info\"},\"schema\":\"bucket\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":24,\"w\":12,\"h\":15,\"i\":\"226fb66a-af40-4543-9198-9b75ef212eef\"},\"panelIndex\":\"226fb66a-af40-4543-9198-9b75ef212eef\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Destination IP Info\",\"description\":\"\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"autoFitRowToContent\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dst_ip_info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"info\"},\"schema\":\"bucket\"}],\"searchSource\":{\"index\":\"d39dab80-6888-11ed-9ac5-e55109066f67\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":39,\"w\":48,\"h\":10,\"i\":\"1bf7117d-e28b-4f62-8e31-14e623014286\"},\"panelIndex\":\"1bf7117d-e28b-4f62-8e31-14e623014286\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"HTTP Source IP Info Timeline\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"8999ef27-9208-432f-93af-378c6c935c58\",\"type\":\"timeseries\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"5dcbf222-fd7a-4cc2-9543-9136d0695f38\",\"color\":\"#68BC00\",\"split_mode\":\"terms\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"id\":\"931d913d-306d-4075-8390-4a99b2619a34\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"info\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"terms_field\":\"src_ip_info.keyword\",\"split_color_mode\":null}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"log\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"annotations\":[],\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"background_color\":\"rgba(0,0,0,1)\",\"bar_color_rules\":[{\"id\":\"8473c970-6e16-11ed-b274-6f8e6564edb3\"}],\"max_bars\":50},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"8.0.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":29,\"i\":\"82dc3712-68a0-4e63-866e-abb86d046bd4\"},\"panelIndex\":\"82dc3712-68a0-4e63-866e-abb86d046bd4\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"src_ip\",\"method\",\"message\",\"levelname\",\"src_geo.as.organization.name\",\"body\",\"size\"]},\"panelRefName\":\"panel_82dc3712-68a0-4e63-866e-abb86d046bd4\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"now-7d/d","timeRestore":true,"timeTo":"now","title":"HTTP","version":1},"coreMigrationVersion":"8.0.0","id":"d16db6b0-6889-11ed-9ac5-e55109066f67","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"da57a312-3bc8-4fe0-8c63-f0b62511c40d:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"d58fe4c8-3d06-4eff-9079-5db4ec13f243:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"ef4a5a80-0082-4222-b846-ec9c3e339e46:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"f22279a0-6888-11ed-9ac5-e55109066f67","name":"9095f830-c449-4720-8a1a-91316375a4f2:panel_9095f830-c449-4720-8a1a-91316375a4f2","type":"visualization"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"64ec03c2-cd1e-4985-b218-d8dfa0440f83:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"64ec03c2-cd1e-4985-b218-d8dfa0440f83:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"615e6d60-6889-11ed-9ac5-e55109066f67","name":"5eda22cc-39d3-4903-8034-f01d37da53f9:panel_5eda22cc-39d3-4903-8034-f01d37da53f9","type":"visualization"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"df081b5e-d40f-4a69-8160-7add9c8ebaaf:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"89736a10-2ccd-4b0c-893e-0b9748cdd8cd:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"87421502-d869-4b8b-81bf-cbdb9e039452:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"bc8967e4-792d-47d9-8c39-aa3d715a1a4b:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"226fb66a-af40-4543-9198-9b75ef212eef:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"a00788d0-6889-11ed-9ac5-e55109066f67","name":"82dc3712-68a0-4e63-866e-abb86d046bd4:panel_82dc3712-68a0-4e63-866e-abb86d046bd4","type":"search"}],"sort":[1670399938195,1793],"type":"dashboard","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc4MCwxOV0="}
{"attributes":{"description":"","filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"index":"a93d63ed-9341-4ead-81ed-48bc0e1e8312","key":"src_geo.geo.country_name.keyword","negate":false,"params":{"query":"Japan"},"type":"phrase"},"query":{"match_phrase":{"src_geo.geo.country_name.keyword":"Japan"}}}],"query":{"language":"kuery","query":""},"title":"国内からの接続"},"coreMigrationVersion":"8.0.0","id":"dc1042a0-6a04-11ed-995b-23301604ad7b","migrationVersion":{"query":"8.0.0"},"references":[{"id":"d39dab80-6888-11ed-9ac5-e55109066f67","name":"a93d63ed-9341-4ead-81ed-48bc0e1e8312","type":"index-pattern"}],"sort":[1670399938195,1795],"type":"query","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc4MSwxOV0="}
{"attributes":{"allowNoIndex":true,"timeFieldName":"@timestamp","title":"metrics-*"},"coreMigrationVersion":"8.0.0","id":"metrics-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1670478486400,193],"type":"index-pattern","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjAsMTld"}
{"attributes":{"description":"Total events processed by the output (including retries). (From beat.stats.libbeat.output.events.total)","state":{"datasourceStates":{"indexpattern":{"layers":{"ad65be36-0be3-4937-8f41-ec9e48adfce6":{"columnOrder":["2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a","49cd060d-6f21-4d81-ad6b-1c8462c97353","e201a210-6e89-4d72-9d9c-a00b036fb0eb","f5cbe487-2a43-425b-9cd1-40283e5e596c"],"columns":{"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a":{"dataType":"string","isBucketed":true,"label":"Top values of beat.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"beat.type"},"49cd060d-6f21-4d81-ad6b-1c8462c97353":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"e201a210-6e89-4d72-9d9c-a00b036fb0eb":{"customLabel":true,"dataType":"number","filter":{"language":"kuery","query":"data_stream.dataset : \"elastic_agent.*\" "},"isBucketed":false,"label":"Events Rate /s","operationType":"counter_rate","references":["f5cbe487-2a43-425b-9cd1-40283e5e596c"],"scale":"ratio","timeScale":"s"},"f5cbe487-2a43-425b-9cd1-40283e5e596c":{"dataType":"number","isBucketed":false,"label":"Maximum of beat.stats.libbeat.output.events.total","operationType":"max","scale":"ratio","sourceField":"beat.stats.libbeat.output.events.total"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["e201a210-6e89-4d72-9d9c-a00b036fb0eb"],"layerId":"ad65be36-0be3-4937-8f41-ec9e48adfce6","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a","xAccessor":"49cd060d-6f21-4d81-ad6b-1c8462c97353"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"[Elastic Agent] Total events rate /s","visualizationType":"lnsXY"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73","migrationVersion":{"lens":"8.0.0"},"references":[{"id":"metrics-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"}],"sort":[1670478486260,640],"type":"lens","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTMsMTld"}
{"attributes":{"description":"Events acknowledged by the output (includes events dropped by the output). (From beat.stats.libbeat.output.events.acked)","state":{"datasourceStates":{"indexpattern":{"layers":{"ad65be36-0be3-4937-8f41-ec9e48adfce6":{"columnOrder":["2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a","49cd060d-6f21-4d81-ad6b-1c8462c97353","e201a210-6e89-4d72-9d9c-a00b036fb0eb","f5cbe487-2a43-425b-9cd1-40283e5e596c"],"columns":{"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a":{"dataType":"string","isBucketed":true,"label":"Top values of beat.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"beat.type"},"49cd060d-6f21-4d81-ad6b-1c8462c97353":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"e201a210-6e89-4d72-9d9c-a00b036fb0eb":{"customLabel":true,"dataType":"number","filter":{"language":"kuery","query":"data_stream.dataset : \"elastic_agent.*\" "},"isBucketed":false,"label":"Events Rate /s","operationType":"counter_rate","references":["f5cbe487-2a43-425b-9cd1-40283e5e596c"],"scale":"ratio","timeScale":"s"},"f5cbe487-2a43-425b-9cd1-40283e5e596c":{"dataType":"number","isBucketed":false,"label":"Maximum of beat.stats.libbeat.output.events.acked","operationType":"max","scale":"ratio","sourceField":"beat.stats.libbeat.output.events.acked"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["e201a210-6e89-4d72-9d9c-a00b036fb0eb"],"layerId":"ad65be36-0be3-4937-8f41-ec9e48adfce6","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"2e112c50-5bc4-4c0b-a69b-8c17e0f9fc0a","xAccessor":"49cd060d-6f21-4d81-ad6b-1c8462c97353"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"[Elastic Agent] Events acknowledged rate /s","visualizationType":"lnsXY"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73","migrationVersion":{"lens":"8.0.0"},"references":[{"id":"metrics-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"}],"sort":[1670478486260,643],"type":"lens","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTQsMTld"}
{"attributes":{"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"[Elastic Agent] Open Handles","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Open Handles\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.fd.open\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"[Elastic Agent] Open Handles\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486260,628],"type":"visualization","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMDQsMTld"}
{"attributes":{"description":"Errors in writing the response from the output. (From beat.stats.libbeat.output.write.errors)","state":{"datasourceStates":{"indexpattern":{"layers":{"ad65be36-0be3-4937-8f41-ec9e48adfce6":{"columnOrder":["cb2f461c-587a-4f6a-8ad4-e4b0f61c9541","49cd060d-6f21-4d81-ad6b-1c8462c97353","e201a210-6e89-4d72-9d9c-a00b036fb0eb","f5cbe487-2a43-425b-9cd1-40283e5e596c"],"columns":{"49cd060d-6f21-4d81-ad6b-1c8462c97353":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Beat types","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"beat.type"},"e201a210-6e89-4d72-9d9c-a00b036fb0eb":{"customLabel":true,"dataType":"number","filter":{"language":"kuery","query":"data_stream.dataset : \"elastic_agent.*\" "},"isBucketed":false,"label":"Output Errors","operationType":"counter_rate","references":["f5cbe487-2a43-425b-9cd1-40283e5e596c"],"scale":"ratio","timeScale":"s"},"f5cbe487-2a43-425b-9cd1-40283e5e596c":{"dataType":"number","isBucketed":false,"label":"Maximum of beat.stats.libbeat.output.write.errors","operationType":"max","scale":"ratio","sourceField":"beat.stats.libbeat.output.write.errors"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["e201a210-6e89-4d72-9d9c-a00b036fb0eb"],"layerId":"ad65be36-0be3-4937-8f41-ec9e48adfce6","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"cb2f461c-587a-4f6a-8ad4-e4b0f61c9541","xAccessor":"49cd060d-6f21-4d81-ad6b-1c8462c97353"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"[Elastic Agent] Output write errors","visualizationType":"lnsXY"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73","migrationVersion":{"lens":"8.0.0"},"references":[{"id":"metrics-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"indexpattern-datasource-layer-ad65be36-0be3-4937-8f41-ec9e48adfce6","type":"index-pattern"}],"sort":[1670478486260,646],"type":"lens","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"[Elastic Agent] Memory usage (copy)","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.5\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\"    \"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CGroup Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.memory.mem.usage.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"override_index_pattern\":0,\"point_size\":1,\"separate_axis\":0,\"series_index_pattern\":\"metrics-*\",\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(211,96,134,1)\",\"fill\":\"0\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"bytes\",\"id\":\"0a454d00-febd-11eb-9943-cf1fa8e46928\",\"label\":\"Container memory limit\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.memory.mem.limit.bytes\",\"id\":\"0a454d01-febd-11eb-9943-cf1fa8e46928\",\"type\":\"max\"},{\"id\":\"53b0dac0-febf-11eb-9943-cf1fa8e46928\",\"script\":\"if (params.memory_limit  < 999999999999999999L) {\\n return params.memory_limit;\\n}\\n\",\"type\":\"calculation\",\"variables\":[{\"field\":\"0a454d01-febd-11eb-9943-cf1fa8e46928\",\"id\":\"7426ca80-febf-11eb-9943-cf1fa8e46928\",\"name\":\"memory_limit\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"series_index_pattern\":\"\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"[Elastic Agent] Memory usage (copy)\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486260,629],"type":"visualization","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMDUsMTld"}
{"attributes":{"description":"Bytes written to the output (consists of size of network headers and compressed payload)","state":{"datasourceStates":{"indexpattern":{"layers":{"47363713-6910-43c5-9f85-328b9ee18f0d":{"columnOrder":["009f999d-bdb4-4b3f-a031-06d2a7173a57","754d7a35-095e-4905-ad7d-23d89edaf74f","c601246c-06f3-4f94-9d2a-a950eb4d499e","672c59a5-1ad7-4f2b-89a5-cb3920d94e4b"],"columns":{"009f999d-bdb4-4b3f-a031-06d2a7173a57":{"dataType":"string","isBucketed":true,"label":"Top values of beat.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"beat.type"},"672c59a5-1ad7-4f2b-89a5-cb3920d94e4b":{"dataType":"number","isBucketed":false,"label":"Maximum of beat.stats.libbeat.output.write.bytes","operationType":"max","scale":"ratio","sourceField":"beat.stats.libbeat.output.write.bytes"},"754d7a35-095e-4905-ad7d-23d89edaf74f":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"c601246c-06f3-4f94-9d2a-a950eb4d499e":{"customLabel":true,"dataType":"number","filter":{"language":"kuery","query":"data_stream.dataset : \"elastic_agent.*\" "},"isBucketed":false,"label":"Bytes sent/s","operationType":"counter_rate","params":{"format":{"id":"bytes","params":{"decimals":2}}},"references":["672c59a5-1ad7-4f2b-89a5-cb3920d94e4b"],"scale":"ratio","timeScale":"s"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["c601246c-06f3-4f94-9d2a-a950eb4d499e"],"layerId":"47363713-6910-43c5-9f85-328b9ee18f0d","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"009f999d-bdb4-4b3f-a031-06d2a7173a57","xAccessor":"754d7a35-095e-4905-ad7d-23d89edaf74f"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"[Elastic Agent] Output write throughput","visualizationType":"lnsXY"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73","migrationVersion":{"lens":"8.0.0"},"references":[{"id":"metrics-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"metrics-*","name":"indexpattern-datasource-layer-47363713-6910-43c5-9f85-328b9ee18f0d","type":"index-pattern"}],"sort":[1670478486260,649],"type":"lens","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"[Elastic Agent] CGroup CPU Usage","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"\"},\"id\":\"f0383b91-4a09-4b03-a013-f5938add6bfa\",\"index_pattern_ref_name\":\"metrics_0_index_pattern\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\"   \"},\"formatter\":\"number\",\"id\":\"a35c4256-5cee-4b6a-ae21-bdd0f0f6d4a2\",\"label\":\"Cgroup CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cgroup.cpuacct.total.ns\",\"id\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"type\":\"max\"},{\"field\":\"system.process.cgroup.cpu.cfs.quota.us\",\"id\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"min\"},{\"field\":\"458710e3-e78d-4ebf-b9c7-3b1ca8bfc55a\",\"id\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"system.process.cgroup.cpu.stats.periods\",\"id\":\"90f31960-fc31-11eb-9d3e-9d72967e3395\",\"type\":\"max\"},{\"id\":\"5c737680-fc31-11eb-9d3e-9d72967e3395\",\"script\":\"\\n      if (params.deltaUsageDerivNormalizedValue > 0 && params.periodsDerivNormalizedValue >0  && params.quota > 0) {\\n        // if throttling is configured\\n        double  factor = params.deltaUsageDerivNormalizedValue / (params.periodsDerivNormalizedValue * params.quota * 1000); \\n\\n        return factor * 100; \\n      }\\n\\n      return null;\",\"type\":\"calculation\",\"variables\":[{\"field\":\"391dc9f0-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"60300950-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"deltaUsageDerivNormalizedValue\"},{\"field\":\"4661f000-fc32-11eb-9d3e-9d72967e3395\",\"id\":\"d6060d50-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"periodsDerivNormalizedValue\"},{\"field\":\"5a08b810-fc31-11eb-9d3e-9d72967e3395\",\"id\":\"e3368450-fc31-11eb-9d3e-9d72967e3395\",\"name\":\"quota\"}]}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"},\"point_size\":1,\"separate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\",\"value_template\":\"{{value}}%\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":true},\"title\":\"[Elastic Agent] CGroup CPU Usage\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"metrics-*","name":"metrics_0_index_pattern","type":"index-pattern"}],"sort":[1670478486260,635],"type":"visualization","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"[Elastic Agent] Memory usage","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"0.5\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"bytes\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.memory.size\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"[Elastic Agent] Memory usage\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486260,636],"type":"visualization","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"[Elastic Agent] CPU Usage","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"drop_last_bucket\":0,\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"metrics-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"elastic_agent.elastic_agent\\\" \"},\"formatter\":\"percent\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"CPU usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cpu.total.value\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\"},{\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"id\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"type\":\"derivative\",\"unit\":\"\"},{\"id\":\"48fd6190-3da7-11eb-a63c-0f13e40aab83\",\"script\":\"if (params.cpu_total > 0) {\\n  return params.cpu_total / params._interval  \\n}\\n\\n\",\"type\":\"calculation\",\"variables\":[{\"field\":\"42fea6f0-3da7-11eb-a63c-0f13e40aab83\",\"id\":\"4b81c280-3da7-11eb-a63c-0f13e40aab83\",\"name\":\"cpu_total\"}]}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"elastic_agent.process\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"timeseries\",\"use_kibana_indexes\":false},\"title\":\"[Elastic Agent] CPU Usage\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"elastic_agent-a11c250a-865f-4eb2-9441-882d229313be","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486260,637],"type":"visualization","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMTIsMTld"}
{"attributes":{"description":"Elastic Agent metrics dashboard","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.0.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"8e715e81-4077-4e7d-9c67-af1d1c98af00\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"8e715e81-4077-4e7d-9c67-af1d1c98af00\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false,\"savedVis\":{\"data\":{\"aggs\":[],\"searchSource\":{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}},\"description\":\"\",\"params\":{\"controls\":[{\"fieldName\":\"host.name\",\"id\":\"1628695092511\",\"indexPatternRefName\":\"control_8e715e81-4077-4e7d-9c67-af1d1c98af00_0_index_pattern\",\"label\":\"Host name\",\"options\":{\"dynamicOptions\":true,\"multiselect\":false,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false},\"title\":\"\",\"type\":\"input_control_vis\",\"uiState\":{}},\"type\":\"visualization\"},\"title\":\"Host name\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"aff03363-b1bf-4d47-9325-3dff44b5e758\",\"w\":24,\"x\":0,\"y\":6},\"panelIndex\":\"aff03363-b1bf-4d47-9325-3dff44b5e758\",\"panelRefName\":\"panel_aff03363-b1bf-4d47-9325-3dff44b5e758\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"5f518ab9-9366-40e5-837b-1b5080d29da3\",\"w\":24,\"x\":0,\"y\":15},\"panelIndex\":\"5f518ab9-9366-40e5-837b-1b5080d29da3\",\"panelRefName\":\"panel_5f518ab9-9366-40e5-837b-1b5080d29da3\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"8597b0ac-485c-4749-a2d9-7b8263429ee0\",\"w\":24,\"x\":24,\"y\":15},\"panelIndex\":\"8597b0ac-485c-4749-a2d9-7b8263429ee0\",\"panelRefName\":\"panel_8597b0ac-485c-4749-a2d9-7b8263429ee0\",\"title\":\"[Elastic Agent] CGroup Memory usage \",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"9ce78b52-e345-4cfd-b2ad-9819e55aaa7a\",\"w\":24,\"x\":0,\"y\":24},\"panelIndex\":\"9ce78b52-e345-4cfd-b2ad-9819e55aaa7a\",\"panelRefName\":\"panel_9ce78b52-e345-4cfd-b2ad-9819e55aaa7a\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"e58a6da2-e479-4895-a61b-74c3b673c4d9\",\"w\":24,\"x\":0,\"y\":33},\"panelIndex\":\"e58a6da2-e479-4895-a61b-74c3b673c4d9\",\"panelRefName\":\"panel_e58a6da2-e479-4895-a61b-74c3b673c4d9\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"89fea7c1-0908-4710-8b65-1f727f5cab24\",\"w\":24,\"x\":24,\"y\":33},\"panelIndex\":\"89fea7c1-0908-4710-8b65-1f727f5cab24\",\"panelRefName\":\"panel_89fea7c1-0908-4710-8b65-1f727f5cab24\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"b26d8fac-812f-44bf-ad83-acee853b0476\",\"w\":24,\"x\":0,\"y\":42},\"panelIndex\":\"b26d8fac-812f-44bf-ad83-acee853b0476\",\"panelRefName\":\"panel_b26d8fac-812f-44bf-ad83-acee853b0476\",\"title\":\"[Elastic Agent] Errors in writing the response from the output\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"gridData\":{\"h\":9,\"i\":\"6e45d7b4-8857-448f-8f26-1a63a49d3a78\",\"w\":24,\"x\":24,\"y\":24},\"panelIndex\":\"6e45d7b4-8857-448f-8f26-1a63a49d3a78\",\"panelRefName\":\"panel_6e45d7b4-8857-448f-8f26-1a63a49d3a78\",\"type\":\"lens\",\"version\":\"7.15.0-SNAPSHOT\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":9,\"i\":\"39247b7d-eb88-4015-b11f-a1105b9fae71\",\"w\":24,\"x\":24,\"y\":6},\"panelIndex\":\"39247b7d-eb88-4015-b11f-a1105b9fae71\",\"panelRefName\":\"panel_39247b7d-eb88-4015-b11f-a1105b9fae71\",\"type\":\"visualization\",\"version\":\"7.15.0-SNAPSHOT\"}]","timeRestore":false,"title":"[Elastic Agent] Agent metrics","version":1},"coreMigrationVersion":"8.0.0","id":"elastic_agent-f47f18cc-9c7d-4278-b2ea-a6dee816d395","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"metrics-*","name":"8e715e81-4077-4e7d-9c67-af1d1c98af00:control_8e715e81-4077-4e7d-9c67-af1d1c98af00_0_index_pattern","type":"index-pattern"},{"id":"elastic_agent-a11c250a-865f-4eb2-9441-882d229313be","name":"aff03363-b1bf-4d47-9325-3dff44b5e758:panel_aff03363-b1bf-4d47-9325-3dff44b5e758","type":"visualization"},{"id":"elastic_agent-93a8a11d-b2da-4ef3-81dc-c7040560ffde","name":"5f518ab9-9366-40e5-837b-1b5080d29da3:panel_5f518ab9-9366-40e5-837b-1b5080d29da3","type":"visualization"},{"id":"elastic_agent-69219f50-febc-11eb-9a5b-19cc90b68e55","name":"8597b0ac-485c-4749-a2d9-7b8263429ee0:panel_8597b0ac-485c-4749-a2d9-7b8263429ee0","type":"visualization"},{"id":"elastic_agent-47d87552-8421-4cfc-bc5d-4a7205f5b007","name":"9ce78b52-e345-4cfd-b2ad-9819e55aaa7a:panel_9ce78b52-e345-4cfd-b2ad-9819e55aaa7a","type":"visualization"},{"id":"elastic_agent-27798780-0037-11ec-af6c-1740f74b2d73","name":"e58a6da2-e479-4895-a61b-74c3b673c4d9:panel_e58a6da2-e479-4895-a61b-74c3b673c4d9","type":"lens"},{"id":"elastic_agent-409f5d70-0037-11ec-af6c-1740f74b2d73","name":"89fea7c1-0908-4710-8b65-1f727f5cab24:panel_89fea7c1-0908-4710-8b65-1f727f5cab24","type":"lens"},{"id":"elastic_agent-58677820-0037-11ec-af6c-1740f74b2d73","name":"b26d8fac-812f-44bf-ad83-acee853b0476:panel_b26d8fac-812f-44bf-ad83-acee853b0476","type":"lens"},{"id":"elastic_agent-6e88c0a0-0037-11ec-af6c-1740f74b2d73","name":"6e45d7b4-8857-448f-8f26-1a63a49d3a78:panel_6e45d7b4-8857-448f-8f26-1a63a49d3a78","type":"lens"},{"id":"elastic_agent-819241d0-0037-11ec-af6c-1740f74b2d73","name":"39247b7d-eb88-4015-b11f-a1105b9fae71:panel_39247b7d-eb88-4015-b11f-a1105b9fae71","type":"visualization"}],"sort":[1670478486260,627],"type":"dashboard","updated_at":"2022-12-08T05:48:06.260Z","version":"WzEwMDMsMTld"}
{"attributes":{"allowNoIndex":true,"timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.0.0","id":"logs-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1670478486400,192],"type":"index-pattern","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMTksMTld"}
{"attributes":{"allowNoIndex":true,"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":".alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.0.0","id":"security-solution-default","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1670399938195,137],"type":"index-pattern","updated_at":"2022-12-07T07:58:58.195Z","version":"Wzc5NCwxOV0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4624\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Types  [Windows System Security]","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"winlog.logon.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"winlog.logon.type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"label\":\"user.name: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Unique count of winlog.logon.id\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Logon Types  [Windows System Security]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-006d75f0-9c03-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,416],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Group Management Events - Description [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"# **Group Management Events**\\n\\n#### This dashboard shows information about Group Management Events collected by winlogbeat\\n\",\"openLinksInNewTab\":false},\"title\":\"Group Management Events - Description [Windows System Security]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-6f0f2ea0-f414-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,530],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4727\",\"4754\",\"4744\",\"4759\",\"4779\",\"4790\",\"4783\"],\"type\":\"phrases\",\"value\":\"4731, 4727, 4754, 4744, 4759, 4779, 4790, 4783\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4779\"}},{\"match_phrase\":{\"event.code\":\"4790\"}},{\"match_phrase\":{\"event.code\":\"4783\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Groups Created - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Group\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Domain\",\"field\":\"group.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Performer LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":4,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":5,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Groups Created - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-98884120-f49d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,565],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4735\",\"4737\",\"4755\",\"4750\",\"4760\",\"4745\",\"4791\",\"4784\",\"4764\"],\"type\":\"phrases\",\"value\":\"4735, 4737, 4755, 4750, 4760, 4745, 4791, 4784, 4764\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4791\"}},{\"match_phrase\":{\"event.code\":\"4784\"}},{\"match_phrase\":{\"event.code\":\"4764\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Group Changes - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Group\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Domain\",\"field\":\"group.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Performer LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":4,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":5,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Group Changes - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-9e534190-f49d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,570],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4734\",\"4730\",\"4758\",\"4748\",\"4763\",\"4753\",\"4792\",\"4789\"],\"type\":\"phrases\",\"value\":\"4734, 4730, 4758, 4748, 4763, 4753, 4792, 4789\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4748\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4792\"}},{\"match_phrase\":{\"event.code\":\"4789\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Groups Deleted - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Group\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Domain\",\"field\":\"group.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Performer LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":4,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":5,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Groups Deleted - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-bb9cf7a0-f49d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,612],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4732\",\"4728\",\"4756\",\"4751\",\"4761\",\"4746\",\"4785\",\"4787\"],\"type\":\"phrases\",\"value\":\"4732, 4728, 4756, 4751, 4761, 4746, 4785, 4787\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4785\"}},{\"match_phrase\":{\"event.code\":\"4787\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Added - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"winlog.event_data.MemberName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Group\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Domain\",\"field\":\"group.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Performed by Logon ID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":5,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":5,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Added - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-ce867840-f49e-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,670],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4733\",\"4729\",\"4757\",\"4786\",\"4788\",\"4752\",\"4762\",\"4747\"],\"type\":\"phrases\",\"value\":\"4733, 4729, 4757, 4786, 4788, 4752, 4762, 4747\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4786\"}},{\"match_phrase\":{\"event.code\":\"4788\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4747\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Removed from Group - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"winlog.event_data.MemberName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Group\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Domain\",\"field\":\"group.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Performed by Logon ID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":5,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":5,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Removed from Group - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-fee83900-f49f-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,711],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4799\"],\"type\":\"phrases\",\"value\":\"4799\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4799\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Group Enumeration - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Group\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Domain\",\"field\":\"group.domain\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Creator\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Creator LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":4,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":5,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Group Enumeration - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-bc165210-f4b8-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,615],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzQsMTld"}
{"attributes":{"columns":["user.name","source.domain","source.ip","winlog.logon.id","winlog.logon.type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4624\"],\"type\":\"phrases\",\"value\":\"4624\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Logon Details [Windows System Security]","version":1},"coreMigrationVersion":"8.0.0","id":"system-7e178c80-fee1-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,731],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4732\",\"4728\",\"4756\",\"4751\",\"4761\",\"4746\",\"4785\",\"4787\"],\"type\":\"phrases\",\"value\":\"4732, 4728, 4756, 4751, 4761, 4746, 4785, 4787\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4785\"}},{\"match_phrase\":{\"event.code\":\"4787\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Added - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Users Added to Groups\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Reds\",\"colorsRange\":[{\"from\":0,\"to\":1,\"type\":\"range\"},{\"from\":1,\"to\":5},{\"from\":5,\"to\":10},{\"from\":10,\"to\":15},{\"from\":15,\"to\":20},{\"from\":20,\"to\":9999}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"Labels\",\"percentageMode\":false,\"style\":{\"bgColor\":true,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Added - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-a13bf640-fee8-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,588],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4734\",\"4730\",\"4758\",\"4748\",\"4763\",\"4753\",\"4792\",\"4789\"],\"type\":\"phrases\",\"value\":\"4734, 4730, 4758, 4748, 4763, 4753, 4792, 4789\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4748\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4792\"}},{\"match_phrase\":{\"event.code\":\"4789\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"lucene\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Groups Deleted- Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Groups Deleted\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Greens\",\"colorsRange\":[{\"from\":0,\"to\":1,\"type\":\"range\"},{\"from\":1,\"to\":5},{\"from\":5,\"to\":10},{\"from\":10,\"to\":15},{\"from\":15,\"to\":20},{\"from\":20,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"Labels\",\"percentageMode\":false,\"style\":{\"bgColor\":true,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Groups Deleted- Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-5eeaafd0-fee7-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,527],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4727\",\"4754\",\"4744\",\"4759\",\"4779\",\"4790\",\"4783\"],\"type\":\"phrases\",\"value\":\"4731, 4727, 4754, 4744, 4759, 4779, 4790, 4783\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4779\"}},{\"match_phrase\":{\"event.code\":\"4790\"}},{\"match_phrase\":{\"event.code\":\"4783\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Groups Created - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Groups Created\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Reds\",\"colorsRange\":[{\"from\":0,\"to\":1,\"type\":\"range\"},{\"from\":1,\"to\":10},{\"from\":10,\"to\":20},{\"from\":20,\"to\":9999}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"Labels\",\"percentageMode\":false,\"style\":{\"bgColor\":true,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Groups Created - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-f42f3b20-fee6-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,704],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4735\",\"4737\",\"4755\",\"4750\",\"4760\",\"4745\",\"4791\",\"4784\",\"4764\"],\"type\":\"phrases\",\"value\":\"4735, 4737, 4755, 4750, 4760, 4745, 4791, 4784, 4764\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4791\"}},{\"match_phrase\":{\"event.code\":\"4784\"}},{\"match_phrase\":{\"event.code\":\"4764\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Groups Changes - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Groups Changed\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Yellow to Red\",\"colorsRange\":[{\"from\":0,\"to\":1,\"type\":\"range\"},{\"from\":1,\"to\":5},{\"from\":5,\"to\":10},{\"from\":10,\"to\":15},{\"from\":15,\"to\":20},{\"from\":20,\"to\":100000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"Labels\",\"percentageMode\":false,\"style\":{\"bgColor\":true,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Groups Changes - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-b5f38780-fee6-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,607],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4733\",\"4729\",\"4757\",\"4786\",\"4788\",\"4752\",\"4762\",\"4747\"],\"type\":\"phrases\",\"value\":\"4733, 4729, 4757, 4786, 4788, 4752, 4762, 4747\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4786\"}},{\"match_phrase\":{\"event.code\":\"4788\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4747\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Removed from Group  - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Users Removed from  Groups\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Greens\",\"colorsRange\":[{\"from\":0,\"to\":1,\"type\":\"range\"},{\"from\":1,\"to\":5},{\"from\":5,\"to\":9},{\"from\":9,\"to\":13},{\"from\":13,\"to\":17},{\"from\":17,\"to\":20000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"Labels\",\"percentageMode\":false,\"style\":{\"bgColor\":true,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Removed from Group  - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-1b5f17d0-feea-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,446],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4799\"},\"type\":\"phrase\",\"value\":\"4799\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4799\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Group Membership Enumeration  - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Group Membership Enumerated\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Blues\",\"colorsRange\":[{\"from\":0,\"to\":500,\"type\":\"range\"},{\"from\":500,\"to\":20000},{\"from\":20000,\"to\":30000},{\"from\":30000,\"to\":40000}],\"invertColors\":true,\"labels\":{\"show\":true},\"metricColorMode\":\"Labels\",\"percentageMode\":false,\"style\":{\"bgColor\":true,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Group Membership Enumeration  - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-0f2f5280-feeb-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,427],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDEsMTld"}
{"attributes":{"columns":["event.action","group.name","group.domain","user.name","user.domain","host.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4731\",\"4732\",\"4733\",\"4734\",\"4735\",\"4737\",\"4764\",\"4727\",\"4728\",\"4729\",\"4730\",\"4754\",\"4755\",\"4756\",\"4757\",\"4758\",\"4799\",\"4749\",\"4750\",\"4751\",\"4752\",\"4753\",\"4759\",\"4760\",\"4761\",\"4762\",\"4763\",\"4744\",\"4745\",\"4746\",\"4748\"],\"type\":\"phrases\",\"value\":\"4731, 4732, 4733, 4734, 4735, 4737, 4764, 4727, 4728, 4729, 4730, 4754, 4755, 4756, 4757, 4758, 4799, 4749, 4750, 4751, 4752, 4753, 4759, 4760, 4761, 4762, 4763, 4744, 4745, 4746, 4748\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4731\"}},{\"match_phrase\":{\"event.code\":\"4732\"}},{\"match_phrase\":{\"event.code\":\"4733\"}},{\"match_phrase\":{\"event.code\":\"4734\"}},{\"match_phrase\":{\"event.code\":\"4735\"}},{\"match_phrase\":{\"event.code\":\"4737\"}},{\"match_phrase\":{\"event.code\":\"4764\"}},{\"match_phrase\":{\"event.code\":\"4727\"}},{\"match_phrase\":{\"event.code\":\"4728\"}},{\"match_phrase\":{\"event.code\":\"4729\"}},{\"match_phrase\":{\"event.code\":\"4730\"}},{\"match_phrase\":{\"event.code\":\"4754\"}},{\"match_phrase\":{\"event.code\":\"4755\"}},{\"match_phrase\":{\"event.code\":\"4756\"}},{\"match_phrase\":{\"event.code\":\"4757\"}},{\"match_phrase\":{\"event.code\":\"4758\"}},{\"match_phrase\":{\"event.code\":\"4799\"}},{\"match_phrase\":{\"event.code\":\"4749\"}},{\"match_phrase\":{\"event.code\":\"4750\"}},{\"match_phrase\":{\"event.code\":\"4751\"}},{\"match_phrase\":{\"event.code\":\"4752\"}},{\"match_phrase\":{\"event.code\":\"4753\"}},{\"match_phrase\":{\"event.code\":\"4759\"}},{\"match_phrase\":{\"event.code\":\"4760\"}},{\"match_phrase\":{\"event.code\":\"4761\"}},{\"match_phrase\":{\"event.code\":\"4762\"}},{\"match_phrase\":{\"event.code\":\"4763\"}},{\"match_phrase\":{\"event.code\":\"4744\"}},{\"match_phrase\":{\"event.code\":\"4745\"}},{\"match_phrase\":{\"event.code\":\"4746\"}},{\"match_phrase\":{\"event.code\":\"4748\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Group Management Details - Search View [Windows System Security]","version":1},"coreMigrationVersion":"8.0.0","id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,736],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR data_stream.dataset:system.application OR data_stream.dataset:system.security OR data_stream.dataset:system.system)\"}}"},"title":"Dashboard links  - Simple [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) |  [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  - Simple [Windows System Security]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-d770b040-9b35-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,678],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Group Management Events - Event Actions - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"event.action\",\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"event.code\",\"field\":\"event.code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Group Management Events - Event Actions - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-33462600-9b47-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,468],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Group Management Events - Target Groups - Tag Cloud  [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"maxFontSize\":58,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"Group Management Events - Target Groups - Tag Cloud  [Windows System Security]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-58fb9480-9b46-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,501],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Group Management Events - Groups vs Actions - Heatmap [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Target Groups\",\"field\":\"group.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Actions\",\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"colorSchema\":\"Blues\",\"colorsNumber\":4,\"colorsRange\":[],\"enableHover\":false,\"invertColors\":false,\"legendPosition\":\"right\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"black\",\"overwriteColor\":false,\"rotate\":0,\"show\":true},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}]},\"title\":\"Group Management Events - Groups vs Actions - Heatmap [Windows System Security]\",\"type\":\"heatmap\"}"},"coreMigrationVersion":"8.0.0","id":"system-e20c02d0-9b48-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,691],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Group Management Action Distribution over Time [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-30d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":25},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"valueAxis\":\"\"},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"title\":\"Group Management Action Distribution over Time [Windows System Security]\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-7de2e3f0-9b4d-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,543],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Group Management Events - Event Actions [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Group Management Events - Event Actions [Windows System Security]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-b89b0c90-9b41-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,609],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzIsMTld"}
{"attributes":{"description":"Group management activity with TSVB metrics.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"22\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_22\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"36\",\"w\":9,\"x\":0,\"y\":59},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Creation Summary [Windows System Security]\",\"panelRefName\":\"panel_36\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"37\",\"w\":9,\"x\":9,\"y\":59},\"panelIndex\":\"37\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Changes Summary [Windows System Security]\",\"panelRefName\":\"panel_37\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"38\",\"w\":9,\"x\":18,\"y\":59},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Deletion Summary [Windows System Security]\",\"panelRefName\":\"panel_38\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"39\",\"w\":16,\"x\":0,\"y\":81},\"panelIndex\":\"39\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users Added to Group Summary [Windows System Security]\",\"panelRefName\":\"panel_39\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"40\",\"w\":17,\"x\":16,\"y\":81},\"panelIndex\":\"40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users Removed From Group Summary [Windows System Security]\",\"panelRefName\":\"panel_40\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"42\",\"w\":15,\"x\":33,\"y\":81},\"panelIndex\":\"42\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Membership Enumeration Summary [Windows System Security]\",\"panelRefName\":\"panel_42\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":22,\"i\":\"43\",\"w\":21,\"x\":27,\"y\":50},\"panelIndex\":\"43\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Details  [Windows System Security]\",\"panelRefName\":\"panel_43\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"44\",\"w\":16,\"x\":0,\"y\":72},\"panelIndex\":\"44\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_44\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"45\",\"w\":9,\"x\":18,\"y\":50},\"panelIndex\":\"45\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_45\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"46\",\"w\":9,\"x\":0,\"y\":50},\"panelIndex\":\"46\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_46\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"47\",\"w\":9,\"x\":9,\"y\":50},\"panelIndex\":\"47\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_47\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"48\",\"w\":17,\"x\":16,\"y\":72},\"panelIndex\":\"48\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_48\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"49\",\"w\":15,\"x\":33,\"y\":72},\"panelIndex\":\"49\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_49\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":21,\"i\":\"51\",\"w\":48,\"x\":0,\"y\":95},\"panelIndex\":\"51\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_51\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"45614e1c-b2bb-4243-9a74-a4bdd0124c87\",\"w\":31,\"x\":17,\"y\":0},\"panelIndex\":\"45614e1c-b2bb-4243-9a74-a4bdd0124c87\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_45614e1c-b2bb-4243-9a74-a4bdd0124c87\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"88e75800-8125-4c9e-96b8-5c36f6e91664\",\"w\":9,\"x\":21,\"y\":8},\"panelIndex\":\"88e75800-8125-4c9e-96b8-5c36f6e91664\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88e75800-8125-4c9e-96b8-5c36f6e91664\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"4b793b8e-72d4-42a2-b377-1c70f0307414\",\"w\":18,\"x\":30,\"y\":8},\"panelIndex\":\"4b793b8e-72d4-42a2-b377-1c70f0307414\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4b793b8e-72d4-42a2-b377-1c70f0307414\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"82d229f9-44f4-4c4b-baf7-f9673a14c87f\",\"w\":26,\"x\":0,\"y\":29},\"panelIndex\":\"82d229f9-44f4-4c4b-baf7-f9673a14c87f\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"panelRefName\":\"panel_82d229f9-44f4-4c4b-baf7-f9673a14c87f\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"f44255b0-d9a8-479f-be3f-829c1f6ed794\",\"w\":22,\"x\":26,\"y\":29},\"panelIndex\":\"f44255b0-d9a8-479f-be3f-829c1f6ed794\",\"embeddableConfig\":{\"colors\":{\"added-group-account\":\"#1F78C1\",\"added-member-to-group\":\"#0A437C\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#0A50A1\",\"type-changed-group-account\":\"#82B5D8\",\"user-member-enumerated\":\"#2F575E\"},\"vis\":{\"colors\":{\"added-group-account\":\"#1F78C1\",\"added-member-to-group\":\"#0A437C\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#0A50A1\",\"removed-member-from-group\":\"#82B5D8\",\"type-changed-group-account\":\"#82B5D8\",\"user-member-enumerated\":\"#2F575E\"}},\"enhancements\":{}},\"panelRefName\":\"panel_f44255b0-d9a8-479f-be3f-829c1f6ed794\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"9c42bff2-b295-4617-8d8c-455bd5948b66\",\"w\":21,\"x\":0,\"y\":8},\"panelIndex\":\"9c42bff2-b295-4617-8d8c-455bd5948b66\",\"embeddableConfig\":{\"colors\":{\"added-group-account\":\"#0A50A1\",\"added-member-to-group\":\"#1F78C1\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#0A437C\",\"user-member-enumerated\":\"#052B51\"},\"vis\":{\"colors\":{\"added-group-account\":\"#0A50A1\",\"added-member-to-group\":\"#1F78C1\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#0A437C\",\"user-member-enumerated\":\"#2F575E\"}},\"enhancements\":{}},\"panelRefName\":\"panel_9c42bff2-b295-4617-8d8c-455bd5948b66\"}]","timeRestore":false,"title":"[System Windows Security] Group Management Events - Simple Metrics","version":1},"coreMigrationVersion":"8.0.0","id":"system-01c54730-fee6-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-6f0f2ea0-f414-11e9-8405-516218e3d268","name":"22:panel_22","type":"visualization"},{"id":"system-98884120-f49d-11e9-8405-516218e3d268","name":"36:panel_36","type":"visualization"},{"id":"system-9e534190-f49d-11e9-8405-516218e3d268","name":"37:panel_37","type":"visualization"},{"id":"system-bb9cf7a0-f49d-11e9-8405-516218e3d268","name":"38:panel_38","type":"visualization"},{"id":"system-ce867840-f49e-11e9-8405-516218e3d268","name":"39:panel_39","type":"visualization"},{"id":"system-fee83900-f49f-11e9-8405-516218e3d268","name":"40:panel_40","type":"visualization"},{"id":"system-bc165210-f4b8-11e9-8405-516218e3d268","name":"42:panel_42","type":"visualization"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"43:panel_43","type":"search"},{"id":"system-a13bf640-fee8-11e9-8405-516218e3d268","name":"44:panel_44","type":"visualization"},{"id":"system-5eeaafd0-fee7-11e9-8405-516218e3d268","name":"45:panel_45","type":"visualization"},{"id":"system-f42f3b20-fee6-11e9-8405-516218e3d268","name":"46:panel_46","type":"visualization"},{"id":"system-b5f38780-fee6-11e9-8405-516218e3d268","name":"47:panel_47","type":"visualization"},{"id":"system-1b5f17d0-feea-11e9-8405-516218e3d268","name":"48:panel_48","type":"visualization"},{"id":"system-0f2f5280-feeb-11e9-8405-516218e3d268","name":"49:panel_49","type":"visualization"},{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"51:panel_51","type":"search"},{"id":"system-d770b040-9b35-11ea-87e4-49f31ec44891","name":"45614e1c-b2bb-4243-9a74-a4bdd0124c87:panel_45614e1c-b2bb-4243-9a74-a4bdd0124c87","type":"visualization"},{"id":"system-33462600-9b47-11ea-87e4-49f31ec44891","name":"88e75800-8125-4c9e-96b8-5c36f6e91664:panel_88e75800-8125-4c9e-96b8-5c36f6e91664","type":"visualization"},{"id":"system-58fb9480-9b46-11ea-87e4-49f31ec44891","name":"4b793b8e-72d4-42a2-b377-1c70f0307414:panel_4b793b8e-72d4-42a2-b377-1c70f0307414","type":"visualization"},{"id":"system-e20c02d0-9b48-11ea-87e4-49f31ec44891","name":"82d229f9-44f4-4c4b-baf7-f9673a14c87f:panel_82d229f9-44f4-4c4b-baf7-f9673a14c87f","type":"visualization"},{"id":"system-7de2e3f0-9b4d-11ea-87e4-49f31ec44891","name":"f44255b0-d9a8-479f-be3f-829c1f6ed794:panel_f44255b0-d9a8-479f-be3f-829c1f6ed794","type":"visualization"},{"id":"system-b89b0c90-9b41-11ea-87e4-49f31ec44891","name":"9c42bff2-b295-4617-8d8c-455bd5948b66:panel_9c42bff2-b295-4617-8d8c-455bd5948b66","type":"visualization"}],"sort":[1670478486400,215],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4672\"],\"type\":\"phrases\",\"value\":\"4672\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4672\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logged on Administrators [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Date\",\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"2020-05-20T07:35:27.496Z\",\"to\":\"2020-05-22T00:01:10.239Z\"},\"useNormalizedEsInterval\":true},\"schema\":\"bucket\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"user.name\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"customLabel\":\"# Thread\",\"field\":\"winlog.process.thread.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"9\",\"params\":{\"customLabel\":\"LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"label\":\"Fecha - Hora \",\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"label\":\"Usuario\",\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"label\":\"# Thread\",\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"label\":\"winlog.logon.id: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":4,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Cantidad Eventos \",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Logged on Administrators [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-804dd400-a248-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,546],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4672\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4672\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Admin Logons Simple [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Admin Logons\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Admin Logons Simple [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-5bb93ed0-a249-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,506],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4672\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4672\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Administrator Users [Windows System Security]","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"field\":\"winlog.logon.id\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"label\":\"user.name: Descending\",\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"label\":\"Unique count of winlog.logon.id\",\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"bottom\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Administrator Users [Windows System Security]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-e2516c10-a249-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,695],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"User Logon Dashboard [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"## **Logon Information Dashboard**\",\"openLinksInNewTab\":false},\"title\":\"User Logon Dashboard [Windows System Security]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-18348f30-a24d-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,441],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDcsMTld"}
{"attributes":{"columns":["user.name","winlog.logon.type","source.domain","source.ip","winlog.logon.id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4624\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User Logons [Windows System Security]","version":1},"coreMigrationVersion":"8.0.0","id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,743],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4624\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4624\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logons Simple [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Logons\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"aggType\":\"cardinality\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Logons Simple [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-2c71e0f0-9c0d-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,463],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4624\",\"4672\"],\"type\":\"phrases\",\"value\":\"4624, 4672\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4672\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Events in Time - Simple [Windows System Security]","uiStateJSON":"{\"vis\":{\"colors\":{\"Admin Logons\":\"#E24D42\",\"Logon Events\":\"#447EBC\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"2020-05-20T07:35:27.496Z\",\"to\":\"2020-05-22T00:01:10.239Z\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"filters\":[{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4624\\\" \"},\"label\":\"Logon Events\"},{\"input\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4672\\\" \"},\"label\":\"Admin Logons\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"title\":\"Logon Events in Time - Simple [Windows System Security]\",\"type\":\"line\"}"},"coreMigrationVersion":"8.0.0","id":"system-abd44840-9c0f-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,601],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"}}"},"savedSearchRefName":"search_0","title":"Logon Sources [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"Logon Sources [Windows System Security]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-21aadac0-9c0b-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,454],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTQsMTld"}
{"attributes":{"columns":["user.name","source.domain","source.ip","winlog.logon.id","event.action"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4778\",\"4779\"],\"type\":\"phrases\",\"value\":\"4778, 4779\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4778\"}},{\"match_phrase\":{\"event.code\":\"4779\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"Remote Interactive Connections and Disconnections [Windows System Security]","version":1},"coreMigrationVersion":"8.0.0","id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,724],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4648\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4648\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon with Explicit Credentials [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"user.name\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":200},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"subjectUserName\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"source.ip\",\"field\":\"source.ip\",\"json\":\"{\\\"missing\\\": \\\"::\\\"}\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Logon with Explicit Credentials [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-25f31ee0-9c23-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,457],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTUsMTld"}
{"attributes":{"columns":["user.name","user.domain","winlog.logon.id","event.action","winlog.logon.type","winlog.event_data.SubjectUserName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4625\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User Logouts [Windows System Security]","version":1},"coreMigrationVersion":"8.0.0","id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"sort":[1670478486400,716],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjYsMTld"}
{"attributes":{"description":"User logon activity dashboard with TSVB metrics.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":18,\"x\":0,\"y\":38},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sesiones Usuarios Admin\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"2\",\"w\":9,\"x\":0,\"y\":6},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"3\",\"w\":18,\"x\":0,\"y\":19},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Usuarios Adm\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":27,\"i\":\"10\",\"w\":22,\"x\":0,\"y\":66},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Logon Details\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"08245e0c-6afe-43ea-ba5f-76c3b17301fd\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"08245e0c-6afe-43ea-ba5f-76c3b17301fd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_08245e0c-6afe-43ea-ba5f-76c3b17301fd\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"f403fdcc-6588-4573-a949-9e661783a2b8\",\"w\":9,\"x\":9,\"y\":6},\"panelIndex\":\"f403fdcc-6588-4573-a949-9e661783a2b8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_f403fdcc-6588-4573-a949-9e661783a2b8\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"51a9affa-8e96-42bd-98e9-80531bdefc53\",\"w\":30,\"x\":18,\"y\":6},\"panelIndex\":\"51a9affa-8e96-42bd-98e9-80531bdefc53\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Events Timeline\",\"panelRefName\":\"panel_51a9affa-8e96-42bd-98e9-80531bdefc53\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"bbdca4de-11c5-4957-a74c-73769416a562\",\"w\":12,\"x\":18,\"y\":19},\"panelIndex\":\"bbdca4de-11c5-4957-a74c-73769416a562\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Types\",\"panelRefName\":\"panel_bbdca4de-11c5-4957-a74c-73769416a562\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"4df66ae6-e047-47c7-b1a9-b15221eb9d90\",\"w\":18,\"x\":30,\"y\":19},\"panelIndex\":\"4df66ae6-e047-47c7-b1a9-b15221eb9d90\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4df66ae6-e047-47c7-b1a9-b15221eb9d90\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":28,\"i\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"w\":19,\"x\":18,\"y\":38},\"panelIndex\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RDP Reconnections and Desconnections\",\"panelRefName\":\"panel_454bb008-9720-455e-8ab9-b2f47d25aa4f\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":28,\"i\":\"baec73e7-7166-4577-9483-1252bdd8773c\",\"w\":11,\"x\":37,\"y\":38},\"panelIndex\":\"baec73e7-7166-4577-9483-1252bdd8773c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_baec73e7-7166-4577-9483-1252bdd8773c\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":27,\"i\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"w\":26,\"x\":22,\"y\":66},\"panelIndex\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logout Details\",\"panelRefName\":\"panel_28115147-8399-4fcd-95ce-ed0a4f4239e3\"}]","timeRestore":false,"title":"[System Windows Security] User Logons - Simple Metrics","version":1},"coreMigrationVersion":"8.0.0","id":"system-035846a0-a249-11e9-a422-d144027429da","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-804dd400-a248-11e9-a422-d144027429da","name":"1:panel_1","type":"visualization"},{"id":"system-5bb93ed0-a249-11e9-a422-d144027429da","name":"2:panel_2","type":"visualization"},{"id":"system-e2516c10-a249-11e9-a422-d144027429da","name":"3:panel_3","type":"visualization"},{"id":"system-18348f30-a24d-11e9-a422-d144027429da","name":"4:panel_4","type":"visualization"},{"id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","name":"10:panel_10","type":"search"},{"id":"system-d770b040-9b35-11ea-87e4-49f31ec44891","name":"08245e0c-6afe-43ea-ba5f-76c3b17301fd:panel_08245e0c-6afe-43ea-ba5f-76c3b17301fd","type":"visualization"},{"id":"system-2c71e0f0-9c0d-11ea-87e4-49f31ec44891","name":"f403fdcc-6588-4573-a949-9e661783a2b8:panel_f403fdcc-6588-4573-a949-9e661783a2b8","type":"visualization"},{"id":"system-abd44840-9c0f-11ea-87e4-49f31ec44891","name":"51a9affa-8e96-42bd-98e9-80531bdefc53:panel_51a9affa-8e96-42bd-98e9-80531bdefc53","type":"visualization"},{"id":"system-006d75f0-9c03-11ea-87e4-49f31ec44891","name":"bbdca4de-11c5-4957-a74c-73769416a562:panel_bbdca4de-11c5-4957-a74c-73769416a562","type":"visualization"},{"id":"system-21aadac0-9c0b-11ea-87e4-49f31ec44891","name":"4df66ae6-e047-47c7-b1a9-b15221eb9d90:panel_4df66ae6-e047-47c7-b1a9-b15221eb9d90","type":"visualization"},{"id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","name":"454bb008-9720-455e-8ab9-b2f47d25aa4f:panel_454bb008-9720-455e-8ab9-b2f47d25aa4f","type":"search"},{"id":"system-25f31ee0-9c23-11ea-87e4-49f31ec44891","name":"baec73e7-7166-4577-9483-1252bdd8773c:panel_baec73e7-7166-4577-9483-1252bdd8773c","type":"visualization"},{"id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","name":"28115147-8399-4fcd-95ce-ed0a4f4239e3:panel_28115147-8399-4fcd-95ce-ed0a4f4239e3","type":"search"}],"sort":[1670478486400,229],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4722\"},\"type\":\"phrase\",\"value\":\"4722\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4722\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"}}"},"title":"Users Enabled - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Enabled User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Enabled - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,419],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Administrator Logons [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"d5bcde50-9bfc-11ea-aaa3-618beeff2d9c\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(181,49,0,1)\",\"id\":\"16018150-9bfd-11ea-aaa3-618beeff2d9c\",\"operator\":\"gte\",\"value\":0},{\"background_color\":\"rgba(181,49,0,1)\",\"id\":\"3570d55f-4dea-4769-bfa5-d29e4688f42e\",\"operator\":\"empty\",\"value\":null}],\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4672\\\")\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Administrator Logons\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Administrator Logons [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-0622da40-9bfd-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,420],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Network Traffic (Bytes) [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"listeners\":{},\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Inbound \",\"line_width\":\"0\",\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"a87398e0-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"2d533df0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(250,40,255,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Outbound \",\"line_width\":\"0\",\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"script\":\"params.rate != null && params.rate > 0 ? params.rate * -1 : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\"}]},{\"function\":\"sum\",\"id\":\"533da9b0-2c2d-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Mericbeat: Network Traffic (Bytes)\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-089b85d0-1b16-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,421],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4725\"},\"type\":\"phrase\",\"value\":\"4725\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4725\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Disabled - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Disabled Users\",\"field\":\"user.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Disabled - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-0cb2d940-bcde-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,424],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDAsMTld"}
{"attributes":{"columns":["user.name","user.id","group.id","system.auth.useradd.home","system.auth.useradd.shell"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.useradd:*\"}}"},"sort":[["@timestamp","desc"]],"title":"useradd logs [Logs System]","version":1},"coreMigrationVersion":"8.0.0","id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,733],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"New users [Logs System]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Host\",\"field\":\"host.hostname\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"User\",\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"UID\",\"field\":\"user.id\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"GID\",\"field\":\"group.id\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Home\",\"field\":\"system.auth.useradd.home\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"Shell\",\"field\":\"system.auth.useradd.shell\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"New users\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-f398d2f0-fa77-11e6-ae9b-81e5311e8cab","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"search_0","type":"search"}],"sort":[1670478486400,701],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"New users over time [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"bottom\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"New users over time\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-5dd15c00-fa78-11e6-ae9b-81e5311e8cab","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"search_0","type":"search"}],"sort":[1670478486400,518],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"New users by shell [Logs System]","uiStateJSON":"{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.useradd.shell\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"isDonut\":false,\"legendPosition\":\"right\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"New users by shell\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-e121b140-fa78-11e6-a1df-a78bd7504d38","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"search_0","type":"search"}],"sort":[1670478486400,689],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"New users by home directory [Logs System]","uiStateJSON":"{\"vis\":{\"colors\":{\"/bin/bash\":\"#E24D42\",\"/bin/false\":\"#508642\",\"/nonexistent\":\"#629E51\",\"/sbin/nologin\":\"#7EB26D\"},\"legendOpen\":true}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.useradd.home\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"legendPosition\":\"right\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"New users by home directory\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-d56ee420-fa79-11e6-a1df-a78bd7504d38","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-8030c1b0-fa77-11e6-ae9b-81e5311e8cab","name":"search_0","type":"search"}],"sort":[1670478486400,677],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDgsMTld"}
{"attributes":{"columns":["group.name","group.id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.groupadd:*\"}}"},"sort":[["@timestamp","desc"]],"title":"groupadd logs [Logs System]","version":1},"coreMigrationVersion":"8.0.0","id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,745],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"New groups [Logs System]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"group.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"group.id\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"New groups\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-12667040-fa80-11e6-a1df-a78bd7504d38","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","name":"search_0","type":"search"}],"sort":[1670478486400,434],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"New groups over time [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"group.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"bottom\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"New groups over time\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-346bb290-fa80-11e6-a1df-a78bd7504d38","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-eb0039f0-fa7f-11e6-a1df-a78bd7504d38","name":"search_0","type":"search"}],"sort":[1670478486400,472],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Dashboards [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)\"},\"title\":\"Dashboards [Logs System]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-327417e0-8462-11e7-bab8-bd2f0fb42c54","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,466],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjEsMTld"}
{"attributes":{"description":"New users and groups dashboard for the System integration in Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":4},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":4},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":16},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":16},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"7\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"[Logs System] New users and groups","version":1},"coreMigrationVersion":"8.0.0","id":"system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-f398d2f0-fa77-11e6-ae9b-81e5311e8cab","name":"1:panel_1","type":"visualization"},{"id":"system-5dd15c00-fa78-11e6-ae9b-81e5311e8cab","name":"2:panel_2","type":"visualization"},{"id":"system-e121b140-fa78-11e6-a1df-a78bd7504d38","name":"3:panel_3","type":"visualization"},{"id":"system-d56ee420-fa79-11e6-a1df-a78bd7504d38","name":"4:panel_4","type":"visualization"},{"id":"system-12667040-fa80-11e6-a1df-a78bd7504d38","name":"5:panel_5","type":"visualization"},{"id":"system-346bb290-fa80-11e6-a1df-a78bd7504d38","name":"6:panel_6","type":"visualization"},{"id":"system-327417e0-8462-11e7-bab8-bd2f0fb42c54","name":"7:panel_7","type":"visualization"}],"sort":[1670478486400,237],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4720\"},\"type\":\"phrase\",\"value\":\"4720\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4720\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Created - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Users Created\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Created - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-102efd20-bcdd-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,430],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDIsMTld"}
{"attributes":{"columns":["event.action","winlog.event_data.TargetUserName","user.domain","user.name","winlog.event_data.SubjectDomainName","winlog.logon.id","related.user"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4720\",\"4722\",\"4723\",\"4724\",\"4725\",\"4726\",\"4738\",\"4740\",\"4767\",\"4781\",\"4798\"],\"type\":\"phrases\",\"value\":\"4720, 4722, 4723, 4724, 4725, 4726, 4738, 4740, 4767, 4781, 4798\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4720\"}},{\"match_phrase\":{\"event.code\":\"4722\"}},{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}},{\"match_phrase\":{\"event.code\":\"4725\"}},{\"match_phrase\":{\"event.code\":\"4726\"}},{\"match_phrase\":{\"event.code\":\"4738\"}},{\"match_phrase\":{\"event.code\":\"4740\"}},{\"match_phrase\":{\"event.code\":\"4767\"}},{\"match_phrase\":{\"event.code\":\"4781\"}},{\"match_phrase\":{\"event.code\":\"4798\"}}]}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"User management Details - Search [Windows System Security]","version":1},"coreMigrationVersion":"8.0.0","id":"system-324686c0-fefb-11e9-8405-516218e3d268","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,719],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Target Users [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"Target Users [Windows System Security]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-117f5a30-9b71-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,432],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Successful - Logon Failed Timeline [Windows System Security]","uiStateJSON":"{\"vis\":{\"colors\":{\"Login Failed\":\"#F9934E\",\"Login OK\":\"#9AC48A\",\"Logon Failed\":\"#EF843C\",\"Logon Successful\":\"#9AC48A\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"2020-05-17T09:37:55.995Z\",\"to\":\"2020-05-22T03:09:27.260Z\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4624\"},\"label\":\"Logon Successful\"},{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4625\"},\"label\":\"Logon Failed\"}]},\"schema\":\"group\",\"type\":\"filters\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"filters\",\"format\":{},\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"bounds\":{\"max\":\"2019-07-16T14:30:11.515Z\",\"min\":\"2019-07-16T12:30:11.514Z\"},\"date\":true,\"format\":\"HH:mm\",\"interval\":\"PT1M\"}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"bottom\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"title\":\"Logon Successful - Logon Failed Timeline [Windows System Security]\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-162d7ab0-a7d6-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,437],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Successful vs Failed [Windows System Security]","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed Logins\":\"#EF843C\",\"Failed Logons\":\"#EA6460\",\"Successful Login\":\"#B7DBAB\",\"Successful Logon\":\"#B7DBAB\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"filters\":[{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4624\"},\"label\":\"Successful Logon\"},{\"input\":{\"language\":\"lucene\",\"query\":\"event.code: 4625\"},\"label\":\"Failed Logons\"}]},\"schema\":\"segment\",\"type\":\"filters\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"filters\",\"format\":{},\"params\":{}}],\"metric\":{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"bottom\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Logon Successful vs Failed [Windows System Security]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-175a5760-a7d5-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,440],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Swap usage [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"d17c1e90-4d59-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(251,158,0,1)\",\"id\":\"fc1d3490-4d59-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(211,49,21,1)\",\"id\":\"0e204240-4d5a-11e7-aee5-fdc812cc3bec\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"0be7e024-e729-4d3d-868c-29500bd97e23\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"\",\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"cee2fd20-4d59-11e7-aee5-fdc812cc3bec\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"cee2fd21-4d59-11e7-aee5-fdc812cc3bec\",\"label\":\"Swap usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.swap.used.pct\",\"id\":\"cee2fd22-4d59-11e7-aee5-fdc812cc3bec\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"gauge\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Swap usage [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-19e123b0-4d5a-11e7-aee5-fdc812cc3bec","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,442],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Outbound Traffic [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Outbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"a1737470-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Outbound Traffic [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-1aae9140-1b93-11e7-8ada-3df93aab833e","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,443],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNDksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Unlocks - TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(116,167,167,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"e5649483-ba7e-4af8-8167-a97ea140c066\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4767\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Unlocks\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Unlocks - TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-1b6725f0-ff1d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,447],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Renamed TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(110,139,162,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"ef471702-518a-40e0-9889-d15ec336fd6d\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4781\\\"  \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Renamed\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Renamed TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-1f271bc0-231a-11ea-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,448],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4625\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Failed Source IP [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"source.ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":38,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":10,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"Logon Failed Source IP [Windows System Security]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-2084e300-a884-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"sort":[1670478486400,452],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Load Gauge [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"feefabd0-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.load\\\" \"},\"gauge_color_rules\":[{\"id\":\"ffd94880-1b90-11e7-bec4-a5e9ec5cab8b\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"fdcc6180-1b90-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"fdcc6181-1b90-11e7-bec4-a5e9ec5cab8b\",\"label\":\"5m Load\",\"line_width\":1,\"metrics\":[{\"field\":\"system.load.5\",\"id\":\"fdcc6182-1b90-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"gauge\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Load Gauge [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-26732e20-1b91-11e7-bec4-a5e9ec5cab8b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,458],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"User Management Actions [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"User Management Actions [Windows System Security]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-26877510-9b72-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,460],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTcsMTld"}
{"attributes":{"columns":["user.name","system.auth.sudo.user","system.auth.sudo.pwd","system.auth.sudo.command"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.sudo:*\"}}"},"sort":[["@timestamp","desc"]],"title":"Sudo commands [Logs System]","version":1},"coreMigrationVersion":"8.0.0","id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,740],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sudo commands by user [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"Sudo commands by user\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-5c7af030-fa2a-11e6-bbd3-29c986c96e5a","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","name":"search_0","type":"search"}],"sort":[1670478486400,508],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.sudo.error:*\"}}"},"title":"Sudo errors [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.sudo.error\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"Sudo errors\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-51164310-fa2b-11e6-bbd3-29c986c96e5a","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,494],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Top sudo commands [Logs System]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"system.auth.sudo.command\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.auth\\\"\"},\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Top sudo commands\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-dc589770-fa2b-11e6-bbd3-29c986c96e5a","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-b6f321e0-fa25-11e6-bbd3-29c986c96e5a","name":"search_0","type":"search"}],"sort":[1670478486400,686],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTIsMTld"}
{"attributes":{"description":"Sudo commands dashboard from the Logs System integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"1\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":12,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":36},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"[Logs System] Sudo commands","version":1},"coreMigrationVersion":"8.0.0","id":"system-277876d0-fa2c-11e6-bbd3-29c986c96e5a","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-5c7af030-fa2a-11e6-bbd3-29c986c96e5a","name":"1:panel_1","type":"visualization"},{"id":"system-51164310-fa2b-11e6-bbd3-29c986c96e5a","name":"2:panel_2","type":"visualization"},{"id":"system-dc589770-fa2b-11e6-bbd3-29c986c96e5a","name":"3:panel_3","type":"visualization"},{"id":"system-327417e0-8462-11e7-bab8-bd2f0fb42c54","name":"4:panel_4","type":"visualization"}],"sort":[1670478486400,242],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"User  Management Events - Description [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"# **User Management Events**\\n\\n#### This dashboard shows information about User Management Events collected by winlogbeat\\n\",\"openLinksInNewTab\":false},\"title\":\"User  Management Events - Description [Windows System Security]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,464],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNTksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Processes By Memory [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"efb9b660-1b18-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(254,146,0,1)\",\"id\":\"17fcb820-1b19-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"1dd61070-1b19-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"7c75b34c-e192-43f9-b8b0-12ddb4458732\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.process\\\" \"},\"id\":\"edfceb30-1b18-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"edfceb31-1b18-11e7-b09e-037021c4f8df\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.memory.rss.pct\",\"id\":\"edfceb32-1b18-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"process.name\",\"terms_order_by\":\"edfceb32-1b18-11e7-b09e-037021c4f8df\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Processes By Memory [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-2e224660-1b19-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,465],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\"}}"},"title":"SSH users of failed login attempts [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"scale\":\"linear\"},\"title\":\"SSH users of failed login attempts\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-341ffe70-f9ce-11e6-8115-a7c18106d86a","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,470],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Disk Usage [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"bar_color_rules\":[{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"bf525310-1b95-11e7-8ada-3df93aab833e\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(254,146,0,1)\",\"id\":\"125fc4c0-1b96-11e7-8ada-3df93aab833e\",\"operator\":\"gte\",\"value\":0.7},{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"1a5c7240-1b96-11e7-8ada-3df93aab833e\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"2e46df8d-ffbe-45ec-9c5f-b54f27780f19\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"\",\"filter\":{\"language\":\"lucene\",\"query\":\"-system.filesystem.mount_point:\\\\/run* AND -system.filesystem.mount_point:\\\\/sys* AND -system.filesystem.mount_point:\\\\/dev* AND -system.filesystem.mount_point:\\\\/proc* AND -system.filesystem.mount_point:\\\\/var* AND -system.filesystem.mount_point:\\\\/boot\"},\"id\":\"9f7e48a0-1b95-11e7-8ada-3df93aab833e\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f7e48a1-1b95-11e7-8ada-3df93aab833e\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.filesystem.used.pct\",\"id\":\"9f7e48a2-1b95-11e7-8ada-3df93aab833e\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.filesystem.mount_point\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Disk Usage [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-34f97ee0-1b96-11e7-8ada-3df93aab833e","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,473],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Tip [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"**TIP:** To select another host, go to the [System Overview](#/dashboard/system-Metrics-system-overview) dashboard and double-click a host name.\"},\"title\":\"Tip [Metrics System]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-3d65d450-a9c3-11e7-af20-67db8aecb295","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,474],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Groups Changed TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(200,201,197,1)\",\"id\":\"bfcaced0-f419-11e9-928e-8f5fd2b6c66e\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(221,186,64,1)\",\"id\":\"a7d935e0-f497-11e9-928e-8f5fd2b6c66e\",\"operator\":\"gt\",\"value\":0},{\"background_color\":\"rgba(200,201,197,1)\",\"id\":\"35291e2f-49ae-4651-93e4-09d2fff75af9\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4735 OR event.code:4737 OR event.code:\\\"4755\\\" OR event.code:\\\"4764\\\"  OR event.code:\\\"4750\\\" OR event.code:\\\"4760\\\" OR event.code:\\\"4745\\\" OR event.code:\\\"4784\\\" OR event.code:\\\"4791\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"60d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Groups Changed\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Groups Changed TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-400b63e0-f49a-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,475],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4625\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Failed Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Time Bucket\",\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"h\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"2020-05-17T09:37:55.995Z\",\"to\":\"2020-05-22T03:09:27.260Z\"},\"useNormalizedEsInterval\":true},\"schema\":\"bucket\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"user.name\",\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":1000},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"source workstation\",\"field\":\"source.domain\",\"json\":\"{\\\"missing\\\": \\\"N/A\\\"}\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"source.ip\",\"field\":\"source.ip\",\"json\":\"{\\\"missing\\\": \\\"::\\\"}\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"event.action\",\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"7\",\"params\":{\"customLabel\":\"winlog.logon.type\",\"field\":\"winlog.logon.type\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"8\",\"params\":{\"customLabel\":\"winlog.event_data.SubjectUserName\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":5,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":15,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Logon Failed Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-421f0610-af98-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"sort":[1670478486400,479],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\",\"value\":\"4740\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4740\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Locked Out - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Locked  User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Locked Out - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,482],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNjksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\"],\"type\":\"phrases\",\"value\":\"4625\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Failed Logon HeatMap [Windows System Security]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 4\":\"rgb(255,255,204)\",\"12 - 16\":\"rgb(252,91,46)\",\"16 - 20\":\"rgb(212,16,32)\",\"4 - 8\":\"rgb(254,225,135)\",\"8 - 12\":\"rgb(254,171,73)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"drop_partials\":true,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"h\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"2020-05-17T09:37:55.995Z\",\"to\":\"2020-05-22T03:09:27.260Z\"},\"useNormalizedEsInterval\":true},\"schema\":\"group\",\"type\":\"date_histogram\"}],\"params\":{\"addLegend\":true,\"addTooltip\":false,\"colorSchema\":\"Yellow to Red\",\"colorsNumber\":5,\"colorsRange\":[],\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"label\":\"@timestamp per hour\",\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"label\":\"user.name: Descending\",\"params\":{}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"enableHover\":true,\"invertColors\":false,\"legendPosition\":\"bottom\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"black\",\"overwriteColor\":false,\"rotate\":0,\"show\":true},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}]},\"title\":\"Failed Logon HeatMap [Windows System Security]\",\"type\":\"heatmap\"}"},"coreMigrationVersion":"8.0.0","id":"system-4b683ac0-a7d7-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"sort":[1670478486400,486],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4625\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4625\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":" Failed Logons  [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Failed Logons\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\" Failed Logons  [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-4bedf650-9ffd-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"sort":[1670478486400,490],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"System Load [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.load\\\"\"},\"id\":\"f6264ad0-1b14-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(115,216,255,1)\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"f62671e0-1b14-11e7-b09e-037021c4f8df\",\"label\":\"1m\",\"line_width\":\"3\",\"metrics\":[{\"field\":\"system.load.1\",\"id\":\"f62671e1-1b14-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"1c324850-1b15-11e7-b09e-037021c4f8df\",\"label\":\"5m\",\"line_width\":\"3\",\"metrics\":[{\"field\":\"system.load.5\",\"id\":\"1c324851-1b15-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,98,177,1)\",\"fill\":\"0\",\"formatter\":\"number\",\"id\":\"3287e740-1b15-11e7-b09e-037021c4f8df\",\"label\":\"15m\",\"line_width\":\"3\",\"metrics\":[{\"field\":\"system.load.15\",\"id\":\"32880e50-1b15-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"System Load [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-4d546850-1b15-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,491],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Disk IO (Bytes) [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.diskio\\\"\"},\"id\":\"d3c67db0-1b1a-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(22,165,165,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"d3c67db1-1b1a-11e7-b09e-037021c4f8df\",\"label\":\"reads\",\"line_width\":1,\"metrics\":[{\"field\":\"system.diskio.read.bytes\",\"id\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"max\"},{\"field\":\"d3c67db2-1b1a-11e7-b09e-037021c4f8df\",\"id\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f55b9910-1b1a-11e7-b09e-037021c4f8df\",\"id\":\"dcbbb100-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(251,158,0,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"144124d0-1b1b-11e7-b09e-037021c4f8df\",\"label\":\"writes\",\"line_width\":1,\"metrics\":[{\"field\":\"system.diskio.write.bytes\",\"id\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"max\"},{\"field\":\"144124d1-1b1b-11e7-b09e-037021c4f8df\",\"id\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"144124d4-1b1b-11e7-b09e-037021c4f8df\",\"script\":\"params.rate > 0 ? params.rate * -1 : 0\",\"type\":\"calculation\",\"variables\":[{\"field\":\"144124d2-1b1b-11e7-b09e-037021c4f8df\",\"id\":\"144124d3-1b1b-11e7-b09e-037021c4f8df\",\"name\":\"rate\"}]}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Disk IO (Bytes) [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-4e4bb1e0-1b1b-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,492],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Inbound Traffic [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"0e346760-1b92-11e7-bec4-a5e9ec5cab8b\"}],\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"0c761590-1b92-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"0c761591-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Inbound Traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"0c761592-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"1d659060-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f2074f70-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"c40e18f0-2c55-11e7-a0ad-277ce466684d\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"37f70440-1b92-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Total Transferred\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"max\"},{\"field\":\"37f72b50-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"type\":\"derivative\",\"unit\":\"\"},{\"field\":\"37f72b51-1b92-11e7-bec4-a5e9ec5cab8b\",\"id\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"type\":\"positive_only\",\"unit\":\"\"},{\"field\":\"f9da2dd0-1b92-11e7-a416-41f5ccdba2e6\",\"function\":\"overall_sum\",\"id\":\"3e63c2f0-1b92-11e7-bec4-a5e9ec5cab8b\",\"sigma\":\"\",\"type\":\"series_agg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Inbound Traffic [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-522ee670-1b92-11e7-bec4-a5e9ec5cab8b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,495],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Groups Enumeration - TSVB  Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(128,128,128,1)\",\"color\":\"rgba(179,179,179,1)\",\"id\":\"bfcaced0-f419-11e9-928e-8f5fd2b6c66e\",\"operator\":\"gt\",\"value\":0},{\"background_color\":\"rgba(179,179,179,1)\",\"id\":\"8d3f3ed0-9b51-11ea-99a1-e5b989979a59\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(179,179,179,1)\",\"id\":\"376bc86a-11ee-4c3b-8f50-0ed2890ecdad\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4799\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Group Membership Enumeration\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Groups Enumeration - TSVB  Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-546febc0-f49b-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,496],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"system.auth.ssh.event:Accepted\"}}"},"title":"Successful SSH logins [Logs System]","uiStateJSON":"{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\",\"password\":\"#BF1B00\",\"publickey\":\"#629E51\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.method\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"Successful SSH logins\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-d16bb400-f9cc-11e6-8115-a7c18106d86a","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,672],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSH login attempts [Logs System]","uiStateJSON":"{\"vis\":{\"colors\":{\"Accepted\":\"#3F6833\",\"Failed\":\"#F9934E\",\"Invalid\":\"#447EBC\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"system.auth.ssh.event\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"times\":[]},\"title\":\"SSH login attempts\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-78b74f30-f9cd-11e6-8115-a7c18106d86a","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,536],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTQsMTld"}
{"attributes":{"columns":["system.auth.ssh.event","system.auth.ssh.method","user.name","source.ip","source.geo.country_iso_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:system.auth AND system.auth.ssh.event:*\"}}"},"sort":[["@timestamp","desc"]],"title":"SSH login attempts [Logs System]","version":1},"coreMigrationVersion":"8.0.0","id":"system-62439dc0-f9c9-11e6-a747-6121780e0414","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,721],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjgsMTld"}
{"attributes":{"description":"SSH dashboard for the System integration in Logs","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":12,\"i\":\"1\",\"w\":48,\"x\":0,\"y\":16},\"panelIndex\":\"1\",\"panelRefName\":\"panel_1\",\"type\":\"visualization\",\"version\":\"8.0.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":12,\"i\":\"2\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"2\",\"panelRefName\":\"panel_2\",\"type\":\"visualization\",\"version\":\"8.0.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":24,\"x\":0,\"y\":28},\"panelIndex\":\"3\",\"panelRefName\":\"panel_3\",\"type\":\"visualization\",\"version\":\"8.0.0\"},{\"embeddableConfig\":{\"columns\":[\"system.auth.ssh.event\",\"system.auth.ssh.method\",\"user.name\",\"source.ip\",\"source.geo.country_iso_code\"],\"enhancements\":{},\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":12,\"i\":\"5\",\"w\":48,\"x\":0,\"y\":44},\"panelIndex\":\"5\",\"panelRefName\":\"panel_5\",\"type\":\"search\",\"version\":\"8.0.0\"},{\"embeddableConfig\":{\"enhancements\":{}},\"gridData\":{\"h\":4,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"6\",\"panelRefName\":\"panel_6\",\"type\":\"visualization\",\"version\":\"8.0.0\"},{\"embeddableConfig\":{\"attributes\":{\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated\\\"},\\\"id\\\":\\\"985e7399-20df-464b-b6d5-880922106ffe\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"alpha\\\":0.75,\\\"id\\\":\\\"05b729fa-80a9-4215-aaed-4a8d9476e87d\\\",\\\"includeInFitToBounds\\\":true,\\\"joins\\\":[],\\\"label\\\":\\\"SSH failed login attempts source locations [Logs System]\\\",\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"sourceDescriptor\\\":{\\\"applyForceRefresh\\\":true,\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"80bac1cc-d19d-415d-93ad-f776fd099f24\\\",\\\"indexPatternId\\\":\\\"logs-*\\\",\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"requestType\\\":\\\"point\\\",\\\"resolution\\\":\\\"MOST_FINE\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\"},\\\"style\\\":{\\\"isTimeAware\\\":true,\\\"properties\\\":{\\\"fillColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"Yellow to Red\\\",\\\"colorCategory\\\":\\\"palette_0\\\",\\\"field\\\":{\\\"name\\\":\\\"doc_count\\\",\\\"origin\\\":\\\"source\\\"},\\\"fieldMetaOptions\\\":{\\\"isEnabled\\\":false,\\\"sigma\\\":3},\\\"type\\\":\\\"ORDINAL\\\"},\\\"type\\\":\\\"DYNAMIC\\\"},\\\"icon\\\":{\\\"options\\\":{\\\"value\\\":\\\"marker\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"iconOrientation\\\":{\\\"options\\\":{\\\"orientation\\\":0},\\\"type\\\":\\\"STATIC\\\"},\\\"iconSize\\\":{\\\"options\\\":{\\\"size\\\":6},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"labelSize\\\":{\\\"options\\\":{\\\"size\\\":14},\\\"type\\\":\\\"STATIC\\\"},\\\"labelText\\\":{\\\"options\\\":{\\\"value\\\":\\\"\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineColor\\\":{\\\"options\\\":{\\\"color\\\":\\\"#3d3d3d\\\"},\\\"type\\\":\\\"STATIC\\\"},\\\"lineWidth\\\":{\\\"options\\\":{\\\"size\\\":1},\\\"type\\\":\\\"STATIC\\\"},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}}},\\\"type\\\":\\\"VECTOR\\\"},\\\"type\\\":\\\"VECTOR\\\",\\\"visible\\\":true}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.58,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15m\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"system.auth.ssh.event:Failed OR system.auth.ssh.event:Invalid\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"references\":[],\"title\":\"SSH failed login attempts source locations [Logs System]\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"enhancements\":{},\"hiddenLayers\":[],\"isLayerTOCOpen\":true,\"mapBuffer\":{\"maxLat\":66.51326,\"maxLon\":180,\"minLat\":-66.51326,\"minLon\":-180},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.58},\"openTOCDetails\":[]},\"gridData\":{\"h\":16,\"i\":\"9cef48b8-7995-45f6-9420-1d0b3dbbefe5\",\"w\":24,\"x\":24,\"y\":28},\"panelIndex\":\"9cef48b8-7995-45f6-9420-1d0b3dbbefe5\",\"type\":\"map\",\"version\":\"8.0.0\"}]","timeRestore":false,"title":"[Logs System] SSH login attempts","version":1},"coreMigrationVersion":"8.0.0","id":"system-5517a150-f9ce-11e6-8115-a7c18106d86a","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-d16bb400-f9cc-11e6-8115-a7c18106d86a","name":"1:panel_1","type":"visualization"},{"id":"system-78b74f30-f9cd-11e6-8115-a7c18106d86a","name":"2:panel_2","type":"visualization"},{"id":"system-341ffe70-f9ce-11e6-8115-a7c18106d86a","name":"3:panel_3","type":"visualization"},{"id":"system-62439dc0-f9c9-11e6-a747-6121780e0414","name":"5:panel_5","type":"search"},{"id":"system-327417e0-8462-11e7-bab8-bd2f0fb42c54","name":"6:panel_6","type":"visualization"},{"id":"logs-*","name":"9cef48b8-7995-45f6-9420-1d0b3dbbefe5:layer_1_source_index_pattern","type":"index-pattern"}],"sort":[1670478486400,249],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4723\",\"4724\"],\"type\":\"phrases\",\"value\":\"4723, 4724\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Password Reset / Changes [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Password Changes\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Password Reset / Changes [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-568a8130-bcde-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,499],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Number of processes [Metrics System]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Processes\",\"field\":\"process.pid\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"listeners\":{},\"params\":{\"addLegend\":false,\"addTooltip\":true,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.process\\\"\"},\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"title\":\"Number of processes\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-590a60f0-5d87-11e7-8884-1bb4c3b890e4","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,503],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwNzksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"User Event Actions - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"event.action\",\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":25},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"event.code\",\"field\":\"event.code\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"User Event Actions - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-5c9ee410-9b74-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,510],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.code\":\"4740\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Blocked Accounts  [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Blocked Accounts\",\"field\":\"user.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Blocked Accounts  [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-5d117970-9ffd-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,513],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4738\"],\"type\":\"phrases\",\"value\":\"4738\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4738\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Changes - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Changes in Users\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Changes - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-5d92b100-bce8-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,516],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4781\"],\"type\":\"phrases\",\"value\":\"4781\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4781\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Renamed - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Renamed Users\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Renamed - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-5e19ff80-231c-11ea-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,521],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4720\"},\"type\":\"phrase\",\"value\":\"4720\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4720\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Created - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Created User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonID\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Created - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,524],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Password Changes - TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(154,196,198,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"aa7b3f6d-7bd8-4048-a354-03ebf34c9732\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4723\\\"  OR event.code: \\\"4724\\\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Password Changes/Reset\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Password Changes - TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-60301890-ff1d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,528],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwODksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Network Traffic (Packets) [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"listeners\":{},\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"lucene\",\"query\":\"-system.network.name:l*\"},\"id\":\"da1046f0-faa0-11e6-86b1-cd7735ff7e23\",\"index_pattern\":\"*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"formatter\":\"0.[00]a\",\"id\":\"da1046f1-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Inbound\",\"line_width\":\"0\",\"metrics\":[{\"field\":\"system.network.in.packets\",\"id\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"da1046f2-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"field\":\"f41f9280-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"c0da3d80-1b93-11e7-8ada-3df93aab833e\",\"type\":\"positive_only\",\"unit\":\"\"},{\"function\":\"sum\",\"id\":\"ecaad010-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(250,40,255,1)\",\"fill\":\"1\",\"formatter\":\"0.[00]a\",\"id\":\"fbbd5720-faa0-11e6-86b1-cd7735ff7e23\",\"label\":\"Outbound\",\"line_width\":\"0\",\"metrics\":[{\"field\":\"system.network.out.packets\",\"id\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"max\"},{\"field\":\"fbbd7e30-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"type\":\"derivative\",\"unit\":\"1s\"},{\"id\":\"17e597a0-faa1-11e6-86b1-cd7735ff7e23\",\"script\":\"params.rate != null && params.rate > 0 ? params.rate * -1 : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"fbbd7e31-faa0-11e6-86b1-cd7735ff7e23\",\"id\":\"1940bad0-faa1-11e6-86b1-cd7735ff7e23\",\"name\":\"rate\"}]},{\"function\":\"sum\",\"id\":\"fe5fbdc0-2c2c-11e7-be71-3162da85303f\",\"type\":\"series_agg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"value_template\":\"{{value}}/s\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Mericbeat: Network Traffic (Packets)\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-6b7b9a40-faa1-11e6-86b1-cd7735ff7e23","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,529],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4725\"},\"type\":\"phrase\",\"value\":\"4725\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4725\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Disabled - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Disabled User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Disabled - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-8f20c950-bcd4-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,560],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4726\"},\"type\":\"phrase\",\"value\":\"4726\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4726\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Deleted - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Deleted User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performed LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Deleted - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,698],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4723\",\"4724\"],\"type\":\"phrases\",\"value\":\"4723, 4724\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4723\"}},{\"match_phrase\":{\"event.code\":\"4724\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Password Changes - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Password Change to\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Password Changes - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,684],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4767\"},\"type\":\"phrase\",\"value\":\"4767\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4767\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Unlocked Users - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Unlocked User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer Logonid\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Unlocked Users - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-da2110c0-bcea-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,681],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4738\"},\"type\":\"phrase\",\"value\":\"4738\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4738\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Changes  Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Changed  User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Changes  Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-abf96c10-bcea-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,604],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Disabled - TSVB  Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(79,147,150,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"041b6bf2-6958-47aa-a9fc-121c7955fb01\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4725\\\")\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Disabled\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Disabled - TSVB  Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-97c70300-ff1c-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,562],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Enabled - TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(203,142,136,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8b28c7ac-657a-4f02-b844-b4c0517810c5\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4722\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Enabled\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Enabled - TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-bf45dc50-ff1a-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,656],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Deleted - TSVB  Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(228,155,75,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"22c88710-ace5-4434-99d8-c1db4dd50702\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4726\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Deleted\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Deleted - TSVB  Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-7322f9f0-ff1c-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,534],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Created - TSVB  Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(181,99,93,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"ad8e594a-a3dc-4350-b955-57c9a51d83bd\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4720\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Created\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Created - TSVB  Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-d3a5fec0-ff18-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,675],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users locked Out - TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(102,102,102,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"859222d6-5a8e-4a1c-82ce-c8db92d199b6\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4740\\\")\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Locked Out\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users locked Out - TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-9dd22440-ff1d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,567],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Changes TS VB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(221,186,64,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"82ba3b23-5e93-4983-9940-72e38fa1dc78\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4738\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Changes\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Changes TS VB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-c9d959f0-ff1d-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,665],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4781\"},\"type\":\"phrase\",\"value\":\"4781\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4781\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Renamed - Table [Windows System Security]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Old User Name\",\"field\":\"winlog.event_data.OldTargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Performed by\",\"field\":\"winlog.event_data.SubjectUserName\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Performer LogonId\",\"field\":\"winlog.logon.id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":3,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Users Renamed - Table [Windows System Security]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-fa876300-231a-11ea-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,707],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Dashboard links  [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) |  [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)\",\"openLinksInNewTab\":false},\"title\":\"Dashboard links  [Windows System Security]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-a3c3f350-9b6d-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,589],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"User Management Events - Affected Users vs Actions - Heatmap [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Target User\",\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"colorSchema\":\"Blues\",\"colorsNumber\":4,\"colorsRange\":[],\"enableHover\":false,\"invertColors\":false,\"legendPosition\":\"right\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"black\",\"overwriteColor\":false,\"rotate\":0,\"show\":true},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}]},\"title\":\"User Management Events - Affected Users vs Actions - Heatmap [Windows System Security]\",\"type\":\"heatmap\"}"},"coreMigrationVersion":"8.0.0","id":"system-aa31c9d0-9b75-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,594],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"savedSearchRefName":"search_0","title":"Event Distribution in time [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"scaleMetricValues\":false,\"timeRange\":{\"from\":\"now-7d\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"event.action\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":15},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false},\"labels\":{\"show\":false},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"thresholdLine\":{\"color\":\"#E7664C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"title\":\"Event Distribution in time [Windows System Security]\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-caf4d2b0-9b76-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"search_0","type":"search"}],"sort":[1670478486400,667],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDIsMTld"}
{"attributes":{"description":"User management activity.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"1\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":9,\"x\":0,\"y\":56},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Created Users [Windows System Security]\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"5\",\"w\":9,\"x\":9,\"y\":56},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Enabled Users [Windows System Security]\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"6\",\"w\":9,\"x\":0,\"y\":79},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Disabled Users [Windows System Security]\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"7\",\"w\":9,\"x\":18,\"y\":56},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Deleted Users [Windows System Security]\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"9\",\"w\":9,\"x\":18,\"y\":79},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Passwords Changes [Windows System Security]\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"15\",\"w\":9,\"x\":9,\"y\":79},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unlocked Users [Windows System Security]\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"16\",\"w\":9,\"x\":18,\"y\":102},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users Changes [Windows System Security]\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"20\",\"w\":9,\"x\":0,\"y\":102},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Locked-out Users [Windows System Security]\",\"panelRefName\":\"panel_20\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":46,\"i\":\"22\",\"w\":21,\"x\":27,\"y\":72},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_22\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":19,\"i\":\"23\",\"w\":48,\"x\":0,\"y\":118},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_23\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"24\",\"w\":9,\"x\":0,\"y\":72},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_24\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"25\",\"w\":9,\"x\":9,\"y\":49},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_25\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"26\",\"w\":9,\"x\":18,\"y\":49},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_26\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"27\",\"w\":9,\"x\":0,\"y\":49},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_27\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"28\",\"w\":9,\"x\":9,\"y\":72},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_28\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"29\",\"w\":9,\"x\":18,\"y\":72},\"panelIndex\":\"29\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_29\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"30\",\"w\":9,\"x\":0,\"y\":95},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_30\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"31\",\"w\":9,\"x\":18,\"y\":95},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_31\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"32\",\"w\":9,\"x\":9,\"y\":95},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_32\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"33\",\"w\":9,\"x\":9,\"y\":102},\"panelIndex\":\"33\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_33\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"cf0adfac-7cf2-479d-8ddb-1edeee62d37c\",\"w\":31,\"x\":17,\"y\":0},\"panelIndex\":\"cf0adfac-7cf2-479d-8ddb-1edeee62d37c\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_cf0adfac-7cf2-479d-8ddb-1edeee62d37c\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"a2871661-98a8-489b-b615-e66ebe3b971a\",\"w\":17,\"x\":0,\"y\":8},\"panelIndex\":\"a2871661-98a8-489b-b615-e66ebe3b971a\",\"embeddableConfig\":{\"colors\":{\"added-user-account\":\"#447EBC\",\"deleted-user-account\":\"#82B5D8\",\"disabled-user-account\":\"#82B5D8\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#2F575E\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\"},\"vis\":{\"colors\":{\"added-user-account\":\"#447EBC\",\"deleted-user-account\":\"#82B5D8\",\"disabled-user-account\":\"#82B5D8\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#2F575E\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\",\"unlocked-user-account\":\"#64B0C8\"}},\"enhancements\":{}},\"panelRefName\":\"panel_a2871661-98a8-489b-b615-e66ebe3b971a\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"e80fae4a-6087-41e1-b4b9-31802cb1e4bf\",\"w\":18,\"x\":30,\"y\":8},\"panelIndex\":\"e80fae4a-6087-41e1-b4b9-31802cb1e4bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e80fae4a-6087-41e1-b4b9-31802cb1e4bf\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\",\"w\":13,\"x\":17,\"y\":8},\"panelIndex\":\"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":25,\"i\":\"29f54335-78db-4c49-a3e0-a641fd0099f6\",\"w\":48,\"x\":0,\"y\":24},\"panelIndex\":\"29f54335-78db-4c49-a3e0-a641fd0099f6\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"title\":\"Actions performed over Users [Windows System Security]\",\"panelRefName\":\"panel_29f54335-78db-4c49-a3e0-a641fd0099f6\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\",\"w\":21,\"x\":27,\"y\":49},\"panelIndex\":\"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\",\"embeddableConfig\":{\"colors\":{\"added-user-account\":\"#0A437C\",\"deleted-user-account\":\"#5195CE\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#052B51\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\"},\"vis\":{\"colors\":{\"added-user-account\":\"#0A437C\",\"deleted-user-account\":\"#5195CE\",\"disabled-user-account\":\"#82B5D8\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#052B51\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\"}},\"enhancements\":{}},\"panelRefName\":\"panel_1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa\"}]","timeRestore":false,"title":"[System Windows Security] User Management Events","version":1},"coreMigrationVersion":"8.0.0","id":"system-71f720f0-ff18-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf","name":"1:panel_1","type":"visualization"},{"id":"system-5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf","name":"3:panel_3","type":"visualization"},{"id":"system-0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf","name":"5:panel_5","type":"visualization"},{"id":"system-8f20c950-bcd4-11e9-b6a2-c9b4015c4baf","name":"6:panel_6","type":"visualization"},{"id":"system-ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf","name":"7:panel_7","type":"visualization"},{"id":"system-da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf","name":"9:panel_9","type":"visualization"},{"id":"system-da2110c0-bcea-11e9-b6a2-c9b4015c4baf","name":"15:panel_15","type":"visualization"},{"id":"system-abf96c10-bcea-11e9-b6a2-c9b4015c4baf","name":"16:panel_16","type":"visualization"},{"id":"system-4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf","name":"20:panel_20","type":"visualization"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"22:panel_22","type":"search"},{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"23:panel_23","type":"search"},{"id":"system-97c70300-ff1c-11e9-8405-516218e3d268","name":"24:panel_24","type":"visualization"},{"id":"system-bf45dc50-ff1a-11e9-8405-516218e3d268","name":"25:panel_25","type":"visualization"},{"id":"system-7322f9f0-ff1c-11e9-8405-516218e3d268","name":"26:panel_26","type":"visualization"},{"id":"system-d3a5fec0-ff18-11e9-8405-516218e3d268","name":"27:panel_27","type":"visualization"},{"id":"system-1b6725f0-ff1d-11e9-8405-516218e3d268","name":"28:panel_28","type":"visualization"},{"id":"system-60301890-ff1d-11e9-8405-516218e3d268","name":"29:panel_29","type":"visualization"},{"id":"system-9dd22440-ff1d-11e9-8405-516218e3d268","name":"30:panel_30","type":"visualization"},{"id":"system-c9d959f0-ff1d-11e9-8405-516218e3d268","name":"31:panel_31","type":"visualization"},{"id":"system-1f271bc0-231a-11ea-8405-516218e3d268","name":"32:panel_32","type":"visualization"},{"id":"system-fa876300-231a-11ea-8405-516218e3d268","name":"33:panel_33","type":"visualization"},{"id":"system-a3c3f350-9b6d-11ea-87e4-49f31ec44891","name":"cf0adfac-7cf2-479d-8ddb-1edeee62d37c:panel_cf0adfac-7cf2-479d-8ddb-1edeee62d37c","type":"visualization"},{"id":"system-26877510-9b72-11ea-87e4-49f31ec44891","name":"a2871661-98a8-489b-b615-e66ebe3b971a:panel_a2871661-98a8-489b-b615-e66ebe3b971a","type":"visualization"},{"id":"system-117f5a30-9b71-11ea-87e4-49f31ec44891","name":"e80fae4a-6087-41e1-b4b9-31802cb1e4bf:panel_e80fae4a-6087-41e1-b4b9-31802cb1e4bf","type":"visualization"},{"id":"system-5c9ee410-9b74-11ea-87e4-49f31ec44891","name":"dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6:panel_dd3e12e6-0d3c-448e-b0c4-91f7dc8742b6","type":"visualization"},{"id":"system-aa31c9d0-9b75-11ea-87e4-49f31ec44891","name":"29f54335-78db-4c49-a3e0-a641fd0099f6:panel_29f54335-78db-4c49-a3e0-a641fd0099f6","type":"visualization"},{"id":"system-caf4d2b0-9b76-11ea-87e4-49f31ec44891","name":"1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa:panel_1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa","type":"visualization"}],"sort":[1670478486400,277],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\",\"4771\"],\"type\":\"phrases\",\"value\":\"4625, 4771\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}},{\"match_phrase\":{\"event.code\":\"4771\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Logon Failed Acconts [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"user.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":37,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":15,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"Logon Failed Acconts [Windows System Security]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-729443b0-a7d6-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,533],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTIsMTld"}
{"attributes":{"columns":["event.action","user.name","related.user","user.domain","source.domain","source.ip","winlog.event_data.SubjectUserName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4625\",\"4740\"],\"type\":\"phrases\",\"value\":\"4625, 4740\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4625\"}},{\"match_phrase\":{\"event.code\":\"4740\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\",\"key\":\"winlog.provider_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Security-Auditing\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"winlog.provider_name\":\"Microsoft-Windows-Security-Auditing\"}}}],\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"},\"version\":true}"},"sort":[["@timestamp","desc"]],"title":"3. Login Failed Details","version":1},"coreMigrationVersion":"8.0.0","id":"system-757510b0-a87f-11e9-a422-d144027429da","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"sort":[1670478486400,728],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Memory Usage [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"id\":\"32f46f40-1b16-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(211,49,21,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"4ff61fd0-1b16-11e7-b09e-037021c4f8df\",\"label\":\"Used\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.bytes\",\"id\":\"4ff61fd1-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"753a6080-1b16-11e7-b09e-037021c4f8df\",\"label\":\"Cache\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.bytes\",\"id\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\"},{\"field\":\"system.memory.used.bytes\",\"id\":\"7c9d3f00-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\"},{\"id\":\"869cc160-1b16-11e7-b09e-037021c4f8df\",\"script\":\"params.actual != null && params.used != null ? params.used - params.actual : null\",\"type\":\"calculation\",\"variables\":[{\"field\":\"753a6081-1b16-11e7-b09e-037021c4f8df\",\"id\":\"890f9620-1b16-11e7-b09e-037021c4f8df\",\"name\":\"actual\"},{\"field\":\"7c9d3f00-1b16-11e7-b09e-037021c4f8df\",\"id\":\"8f3ab7f0-1b16-11e7-b09e-037021c4f8df\",\"name\":\"used\"}]}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"1\",\"formatter\":\"bytes\",\"id\":\"32f46f41-1b16-11e7-b09e-037021c4f8df\",\"label\":\"Free\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.free\",\"id\":\"32f46f42-1b16-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Memory Usage [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-bfa5e400-1b16-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,657],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Top Processes By CPU [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"60e11be0-1b18-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"c96ae31f-dc92-4a92-850a-a5d083029055\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.process\\\"\"},\"id\":\"5f5b8d50-1b18-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"5f5b8d51-1b18-11e7-b09e-037021c4f8df\",\"line_width\":1,\"metrics\":[{\"field\":\"system.process.cpu.total.pct\",\"id\":\"5f5b8d52-1b18-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"process.name\",\"terms_order_by\":\"5f5b8d52-1b18-11e7-b09e-037021c4f8df\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Top Processes By CPU [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-e0f001c0-1b18-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,687],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"CPU Usage [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.cpu\\\"\"},\"id\":\"80a04950-1b19-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"80a04951-1b19-11e7-b09e-037021c4f8df\",\"label\":\"user\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.user.norm.pct\",\"id\":\"80a04952-1b19-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(211,49,21,1)\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"993acf30-1b19-11e7-b09e-037021c4f8df\",\"label\":\"system\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.system.norm.pct\",\"id\":\"993acf31-1b19-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(123,100,255,1)\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"65ca35e0-1b1a-11e7-b09e-037021c4f8df\",\"label\":\"nice\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.nice.norm.pct\",\"id\":\"65ca5cf0-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(226,115,0,1)\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"741b5f20-1b1a-11e7-b09e-037021c4f8df\",\"label\":\"irq\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.irq.norm.pct\",\"id\":\"741b5f21-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(176,188,0,1)\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"2efc5d40-1b1a-11e7-b09e-037021c4f8df\",\"label\":\"softirq\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.softirq.norm.pct\",\"id\":\"2efc5d41-1b1a-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(15,20,25,1)\",\"fill\":\"1\",\"formatter\":\"percent\",\"id\":\"ae644a30-1b19-11e7-b09e-037021c4f8df\",\"label\":\"iowait\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.iowait.norm.pct\",\"id\":\"ae644a31-1b19-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":\"0\",\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"stacked\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"CPU Usage [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-ab2d1e90-1b1a-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,595],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"CPU Usage Gauge [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.cpu\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"4ef2c3b0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(254,146,0,1)\",\"id\":\"e6561ae0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(211,49,21,1)\",\"id\":\"ec655040-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"e4f30527-41e2-4fbb-a2a4-66ef6a9ff1af\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"4c9e2550-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4c9e2551-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"CPU Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.total.norm.pct\",\"id\":\"4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"gauge\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"CPU Usage Gauge [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-83e12df0-1b91-11e7-bec4-a5e9ec5cab8b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,548],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Memory Usage Gauge [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"a0d522e0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(254,146,0,1)\",\"id\":\"b45ad8f0-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(211,49,21,1)\",\"id\":\"c06e9550-1b91-11e7-bec4-a5e9ec5cab8b\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"d76a8c01-8b4f-47dd-b458-61113441c940\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"9f51b730-1b91-11e7-bec4-a5e9ec5cab8b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"9f51b731-1b91-11e7-bec4-a5e9ec5cab8b\",\"label\":\"Memory Usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"9f51b732-1b91-11e7-bec4-a5e9ec5cab8b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"gauge\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Memory Usage Gauge [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-d3166e80-1b91-11e7-bec4-a5e9ec5cab8b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,674],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"System Navigation [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[System Overview](#/dashboard/system-Metrics-system-overview)  | [Host Overview](#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8)\"},\"title\":\"System Navigation [Metrics System]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-Navigation","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,573],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Memory usage vs total [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"listeners\":{},\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"6f7618b0-4d5c-11e7-aa29-87a97a796de6\"}],\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"id\":\"6bc65720-4d5c-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"6bc65721-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Memory usage\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.bytes\",\"id\":\"6bc65722-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"b8fe6820-4d5c-11e7-aa29-87a97a796de6\",\"label\":\"Total Memory\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.total\",\"id\":\"b8fe6821-4d5c-11e7-aa29-87a97a796de6\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Memory usage vs total\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-d2e80340-4d5c-11e7-aa29-87a97a796de6","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,673],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Disk Used [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.fsstat\\\"\"},\"gauge_color_rules\":[{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"51921d10-4d1d-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0},{\"gauge\":\"rgba(251,158,0,1)\",\"id\":\"f26de750-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.7},{\"gauge\":\"rgba(211,49,21,1)\",\"id\":\"fa31d190-4d54-11e7-b5f2-2b7c1895bf32\",\"operator\":\"gte\",\"value\":0.85},{\"gauge\":\"rgba(104,188,0,1)\",\"id\":\"9f4b045f-e6ae-431f-925b-b943a295de93\",\"operator\":\"empty\",\"value\":null}],\"gauge_inner_width\":10,\"gauge_max\":\"1\",\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"4e4dc780-4d1d-11e7-b5f2-2b7c1895bf32\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"4e4dee90-4d1d-11e7-b5f2-2b7c1895bf32\",\"label\":\"Disk used\",\"line_width\":1,\"metrics\":[{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.used\",\"id\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"agg_with\":\"avg\",\"field\":\"system.fsstat.total_size.total\",\"id\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"order\":\"desc\",\"order_by\":\"@timestamp\",\"size\":1,\"type\":\"top_hit\"},{\"id\":\"6304cca0-4d54-11e7-b5f2-2b7c1895bf32\",\"script\":\"params.used/params.total \",\"type\":\"math\",\"variables\":[{\"field\":\"4e4dee91-4d1d-11e7-b5f2-2b7c1895bf32\",\"id\":\"6da10430-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"used\"},{\"field\":\"57c96ee0-4d54-11e7-b5f2-2b7c1895bf32\",\"id\":\"73b8c510-4d54-11e7-b5f2-2b7c1895bf32\",\"name\":\"total\"}]}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"gauge\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Disk used [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-825fdb80-4d1d-11e7-b5f2-2b7c1895bf32","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,547],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Packetloss [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color_rules\":[{\"id\":\"6ba9b1f0-4d5d-11e7-aa29-87a97a796de6\"}],\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"id\":\"6984af10-4d5d-11e7-aa29-87a97a796de6\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"6984af11-4d5d-11e7-aa29-87a97a796de6\",\"label\":\"In Packetloss\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.dropped\",\"id\":\"6984af12-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"},{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"ac2e6b30-4d5d-11e7-aa29-87a97a796de6\",\"label\":\"Out Packetloss\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.dropped\",\"id\":\"ac2e6b31-4d5d-11e7-aa29-87a97a796de6\",\"type\":\"max\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Packetloss [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-96976150-4d5d-11e7-aa29-87a97a796de6","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,561],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Interfaces by Incoming traffic [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"id\":\"44596d40-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"id\":\"42ceae90-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"42ced5a0-4d60-11e7-9a4c-ed99bbcaa42b\",\"label\":\"Interfaces by Incoming traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.in.bytes\",\"id\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"terms_order_by\":\"42ced5a1-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Interfaces by Incoming traffic [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-99381c80-4d60-11e7-9a4c-ed99bbcaa42b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,566],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Interfaces by Outgoing traffic [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"id\":\"9db20be0-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.network\\\"\"},\"id\":\"9cdba910-4d60-11e7-9a4c-ed99bbcaa42b\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"9cdba911-4d60-11e7-9a4c-ed99bbcaa42b\",\"label\":\"Interfaces by Outgoing traffic\",\"line_width\":1,\"metrics\":[{\"field\":\"system.network.out.bytes\",\"id\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"system.network.name\",\"terms_order_by\":\"9cdba912-4d60-11e7-9a4c-ed99bbcaa42b\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Interfaces by Outgoing traffic [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,662],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzksMTld"}
{"attributes":{"description":"Overview of host metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"1\",\"w\":24,\"x\":0,\"y\":55},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"2\",\"w\":24,\"x\":24,\"y\":25},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"3\",\"w\":24,\"x\":24,\"y\":55},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"4\",\"w\":24,\"x\":0,\"y\":40},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"5\",\"w\":24,\"x\":24,\"y\":70},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"6\",\"w\":24,\"x\":0,\"y\":70},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":25},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":40},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"9\",\"w\":8,\"x\":16,\"y\":5},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"10\",\"w\":8,\"x\":0,\"y\":5},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"11\",\"w\":8,\"x\":8,\"y\":5},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"12\",\"w\":8,\"x\":24,\"y\":5},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"13\",\"w\":8,\"x\":32,\"y\":5},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"14\",\"w\":16,\"x\":32,\"y\":15},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"16\",\"w\":24,\"x\":0,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":8,\"x\":0,\"y\":15},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_21\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"22\",\"w\":8,\"x\":8,\"y\":15},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_22\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"23\",\"w\":8,\"x\":24,\"y\":15},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_23\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"25\",\"w\":8,\"x\":40,\"y\":5},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_25\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"27\",\"w\":24,\"x\":0,\"y\":85},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_27\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"28\",\"w\":24,\"x\":24,\"y\":85},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_28\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"29\",\"w\":8,\"x\":16,\"y\":15},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_29\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"30\",\"w\":24,\"x\":24,\"y\":0},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_30\"}]","timeRestore":false,"title":"[Metrics System] Host overview","version":1},"coreMigrationVersion":"8.0.0","id":"system-79ffd6e0-faa0-11e6-947f-177f697178b8","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-6b7b9a40-faa1-11e6-86b1-cd7735ff7e23","name":"1:panel_1","type":"visualization"},{"id":"system-4d546850-1b15-11e7-b09e-037021c4f8df","name":"2:panel_2","type":"visualization"},{"id":"system-089b85d0-1b16-11e7-b09e-037021c4f8df","name":"3:panel_3","type":"visualization"},{"id":"system-bfa5e400-1b16-11e7-b09e-037021c4f8df","name":"4:panel_4","type":"visualization"},{"id":"system-e0f001c0-1b18-11e7-b09e-037021c4f8df","name":"5:panel_5","type":"visualization"},{"id":"system-2e224660-1b19-11e7-b09e-037021c4f8df","name":"6:panel_6","type":"visualization"},{"id":"system-ab2d1e90-1b1a-11e7-b09e-037021c4f8df","name":"7:panel_7","type":"visualization"},{"id":"system-4e4bb1e0-1b1b-11e7-b09e-037021c4f8df","name":"8:panel_8","type":"visualization"},{"id":"system-26732e20-1b91-11e7-bec4-a5e9ec5cab8b","name":"9:panel_9","type":"visualization"},{"id":"system-83e12df0-1b91-11e7-bec4-a5e9ec5cab8b","name":"10:panel_10","type":"visualization"},{"id":"system-d3166e80-1b91-11e7-bec4-a5e9ec5cab8b","name":"11:panel_11","type":"visualization"},{"id":"system-522ee670-1b92-11e7-bec4-a5e9ec5cab8b","name":"12:panel_12","type":"visualization"},{"id":"system-1aae9140-1b93-11e7-8ada-3df93aab833e","name":"13:panel_13","type":"visualization"},{"id":"system-34f97ee0-1b96-11e7-8ada-3df93aab833e","name":"14:panel_14","type":"visualization"},{"id":"system-Navigation","name":"16:panel_16","type":"visualization"},{"id":"system-19e123b0-4d5a-11e7-aee5-fdc812cc3bec","name":"21:panel_21","type":"visualization"},{"id":"system-d2e80340-4d5c-11e7-aa29-87a97a796de6","name":"22:panel_22","type":"visualization"},{"id":"system-825fdb80-4d1d-11e7-b5f2-2b7c1895bf32","name":"23:panel_23","type":"visualization"},{"id":"system-96976150-4d5d-11e7-aa29-87a97a796de6","name":"25:panel_25","type":"visualization"},{"id":"system-99381c80-4d60-11e7-9a4c-ed99bbcaa42b","name":"27:panel_27","type":"visualization"},{"id":"system-c5e3cf90-4d60-11e7-9a4c-ed99bbcaa42b","name":"28:panel_28","type":"visualization"},{"id":"system-590a60f0-5d87-11e7-8884-1bb4c3b890e4","name":"29:panel_29","type":"visualization"},{"id":"system-3d65d450-a9c3-11e7-af20-67db8aecb295","name":"30:panel_30","type":"visualization"}],"sort":[1670478486400,301],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4740\"},\"type\":\"phrase\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4740\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security \"}}"},"title":"Blocked Accounts Tag [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"bucket\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/s/siem\",\"origin\":\"https://192.168.1.72:5601\",\"pathname\":\"/s/siem/app/kibana\"}}},\"type\":\"vis_dimension\"},\"maxFontSize\":53,\"metric\":{\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}},\"type\":\"vis_dimension\"},\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"title\":\"Blocked Accounts Tag [Windows System Security]\",\"type\":\"tagcloud\"}"},"coreMigrationVersion":"8.0.0","id":"system-7a329a00-a7d5-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,539],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Hosts histogram by CPU usage [Metrics System]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0% - 5%\":\"rgb(247,252,245)\",\"10% - 15%\":\"rgb(116,196,118)\",\"15% - 20%\":\"rgb(35,139,69)\",\"5% - 10%\":\"rgb(199,233,192)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"CPU usage\",\"field\":\"system.cpu.user.norm.pct\"},\"schema\":\"metric\",\"type\":\"avg\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Hosts\",\"field\":\"host.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"colorSchema\":\"Greens\",\"colorsNumber\":4,\"colorsRange\":[],\"enableHover\":false,\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.cpu\\\" \"},\"invertColors\":false,\"legendPosition\":\"right\",\"percentageMode\":false,\"setColorRange\":false,\"times\":[],\"type\":\"heatmap\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"color\":\"#555\",\"rotate\":0,\"show\":false},\"scale\":{\"defaultYExtents\":false,\"type\":\"linear\"},\"show\":false,\"type\":\"value\"}]},\"title\":\"Hosts histogram by CPU usage [Metrics System]\",\"type\":\"heatmap\"}"},"coreMigrationVersion":"8.0.0","id":"system-7cdb1330-4d1a-11e7-a196-69b9a7a020a9","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,541],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwOTYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4722\"},\"type\":\"phrase\",\"value\":\"4722\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4722\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Enabled - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Users Enabled\",\"field\":\"user.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Enabled - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-855957d0-bcdd-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,555],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":{\"query\":\"4726\"},\"type\":\"phrase\",\"value\":\"4726\"},\"query\":{\"match\":{\"event.code\":{\"query\":\"4726\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Deleted - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Deleted Users\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Deleted - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-c359b020-bcdd-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,661],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4740\"],\"type\":\"phrases\",\"value\":\"4740\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4740\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Users Unlocks - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Users Locked Out\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Users Unlocks - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-84502430-bce8-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,551],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\",\"key\":\"event.code\",\"negate\":false,\"params\":[\"4767\"],\"type\":\"phrases\",\"value\":\"4767\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.code\":\"4767\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Unlocked Users - Simple Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Users Unlocks\"},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}},\"type\":\"vis_dimension\"}]},\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000,\"type\":\"range\"}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Unlocked Users - Simple Metric [Windows System Security]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-ab6f8d80-bce8-11e9-b6a2-c9b4015c4baf","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1670478486400,598],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjgsMTld"}
{"attributes":{"description":"User management activity with TSVB metrics.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":17,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"3\",\"w\":9,\"x\":0,\"y\":55},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Created Users [Windows System Security]\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"5\",\"w\":9,\"x\":9,\"y\":55},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Enabled Users [Windows System Security]\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"6\",\"w\":9,\"x\":0,\"y\":80},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Disabled Users [Windows System Security]\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"7\",\"w\":9,\"x\":18,\"y\":55},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Deleted Users [Windows System Security]\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"9\",\"w\":9,\"x\":18,\"y\":80},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Passwords Changes [Windows System Security]\",\"panelRefName\":\"panel_9\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"10\",\"w\":9,\"x\":0,\"y\":46},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"11\",\"w\":9,\"x\":9,\"y\":46},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"12\",\"w\":9,\"x\":18,\"y\":46},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_12\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"13\",\"w\":9,\"x\":0,\"y\":71},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_13\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"14\",\"w\":9,\"x\":18,\"y\":71},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_14\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"15\",\"w\":9,\"x\":9,\"y\":80},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unlocked Users [Windows System Security]\",\"panelRefName\":\"panel_15\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"16\",\"w\":9,\"x\":18,\"y\":105},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users Changes [Windows System Security]\",\"panelRefName\":\"panel_16\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"17\",\"w\":9,\"x\":0,\"y\":96},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_17\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"18\",\"w\":9,\"x\":9,\"y\":71},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_18\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"19\",\"w\":9,\"x\":18,\"y\":96},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_19\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"20\",\"w\":9,\"x\":0,\"y\":105},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Locked-out Users [Windows System Security]\",\"panelRefName\":\"panel_20\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":48,\"i\":\"22\",\"w\":21,\"x\":27,\"y\":73},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_22\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":19,\"i\":\"23\",\"w\":48,\"x\":0,\"y\":121},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_23\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"24\",\"w\":9,\"x\":9,\"y\":96},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_24\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"25\",\"w\":9,\"x\":9,\"y\":105},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_25\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"20adcb1b-cebf-4a75-9bc4-eaeeee626c5e\",\"w\":31,\"x\":17,\"y\":0},\"panelIndex\":\"20adcb1b-cebf-4a75-9bc4-eaeeee626c5e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_20adcb1b-cebf-4a75-9bc4-eaeeee626c5e\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"8aad73ff-37b1-487a-a3f1-b80b93618ac4\",\"w\":18,\"x\":0,\"y\":7},\"panelIndex\":\"8aad73ff-37b1-487a-a3f1-b80b93618ac4\",\"embeddableConfig\":{\"colors\":{\"added-user-account\":\"#0A437C\",\"deleted-user-account\":\"#82B5D8\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#052B51\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\"},\"vis\":{\"colors\":{\"added-user-account\":\"#0A437C\",\"deleted-user-account\":\"#82B5D8\",\"disabled-user-account\":\"#BADFF4\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#052B51\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8aad73ff-37b1-487a-a3f1-b80b93618ac4\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"18cc78ac-3f77-4f54-b351-cb94873cae3f\",\"w\":14,\"x\":18,\"y\":7},\"panelIndex\":\"18cc78ac-3f77-4f54-b351-cb94873cae3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18cc78ac-3f77-4f54-b351-cb94873cae3f\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"75f5f1fc-bc7c-4f8f-8e5b-0a52d525aa7d\",\"w\":16,\"x\":32,\"y\":7},\"panelIndex\":\"75f5f1fc-bc7c-4f8f-8e5b-0a52d525aa7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_75f5f1fc-bc7c-4f8f-8e5b-0a52d525aa7d\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"f443b5b0-ada7-426f-ae2f-46573f94f24f\",\"w\":48,\"x\":0,\"y\":26},\"panelIndex\":\"f443b5b0-ada7-426f-ae2f-46573f94f24f\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"title\":\"Actions performed over Users [Windows System Security]\",\"panelRefName\":\"panel_f443b5b0-ada7-426f-ae2f-46573f94f24f\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":27,\"i\":\"820c0311-d378-49dc-a614-e0fed2254603\",\"w\":21,\"x\":27,\"y\":46},\"panelIndex\":\"820c0311-d378-49dc-a614-e0fed2254603\",\"embeddableConfig\":{\"colors\":{\"added-user-account\":\"#0A437C\",\"deleted-user-account\":\"#82B5D8\",\"disabled-user-account\":\"#BADFF4\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#2F575E\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\"},\"vis\":{\"colors\":{\"added-user-account\":\"#0A437C\",\"deleted-user-account\":\"#82B5D8\",\"disabled-user-account\":\"#BADFF4\",\"enabled-user-account\":\"#0A50A1\",\"modified-user-account\":\"#2F575E\",\"renamed-user-account\":\"#1F78C1\",\"reset-password\":\"#5195CE\",\"unlocked-user-account\":\"#0A437C\"}},\"enhancements\":{}},\"panelRefName\":\"panel_820c0311-d378-49dc-a614-e0fed2254603\"}]","timeRestore":false,"title":"[System Windows Security] User Management Events - Simple Metric","version":1},"coreMigrationVersion":"8.0.0","id":"system-8223bed0-b9e9-11e9-b6a2-c9b4015c4baf","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-2dc6b820-b9e8-11e9-b6a2-c9b4015c4baf","name":"1:panel_1","type":"visualization"},{"id":"system-5e7f0ed0-bcd2-11e9-b6a2-c9b4015c4baf","name":"3:panel_3","type":"visualization"},{"id":"system-0620c3d0-bcd4-11e9-b6a2-c9b4015c4baf","name":"5:panel_5","type":"visualization"},{"id":"system-8f20c950-bcd4-11e9-b6a2-c9b4015c4baf","name":"6:panel_6","type":"visualization"},{"id":"system-ee0319a0-bcd4-11e9-b6a2-c9b4015c4baf","name":"7:panel_7","type":"visualization"},{"id":"system-da5ffe40-bcd9-11e9-b6a2-c9b4015c4baf","name":"9:panel_9","type":"visualization"},{"id":"system-102efd20-bcdd-11e9-b6a2-c9b4015c4baf","name":"10:panel_10","type":"visualization"},{"id":"system-855957d0-bcdd-11e9-b6a2-c9b4015c4baf","name":"11:panel_11","type":"visualization"},{"id":"system-c359b020-bcdd-11e9-b6a2-c9b4015c4baf","name":"12:panel_12","type":"visualization"},{"id":"system-0cb2d940-bcde-11e9-b6a2-c9b4015c4baf","name":"13:panel_13","type":"visualization"},{"id":"system-568a8130-bcde-11e9-b6a2-c9b4015c4baf","name":"14:panel_14","type":"visualization"},{"id":"system-da2110c0-bcea-11e9-b6a2-c9b4015c4baf","name":"15:panel_15","type":"visualization"},{"id":"system-abf96c10-bcea-11e9-b6a2-c9b4015c4baf","name":"16:panel_16","type":"visualization"},{"id":"system-84502430-bce8-11e9-b6a2-c9b4015c4baf","name":"17:panel_17","type":"visualization"},{"id":"system-ab6f8d80-bce8-11e9-b6a2-c9b4015c4baf","name":"18:panel_18","type":"visualization"},{"id":"system-5d92b100-bce8-11e9-b6a2-c9b4015c4baf","name":"19:panel_19","type":"visualization"},{"id":"system-4ac8f5f0-bcfe-11e9-b6a2-c9b4015c4baf","name":"20:panel_20","type":"visualization"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"22:panel_22","type":"search"},{"id":"system-324686c0-fefb-11e9-8405-516218e3d268","name":"23:panel_23","type":"search"},{"id":"system-5e19ff80-231c-11ea-8405-516218e3d268","name":"24:panel_24","type":"visualization"},{"id":"system-fa876300-231a-11ea-8405-516218e3d268","name":"25:panel_25","type":"visualization"},{"id":"system-d770b040-9b35-11ea-87e4-49f31ec44891","name":"20adcb1b-cebf-4a75-9bc4-eaeeee626c5e:panel_20adcb1b-cebf-4a75-9bc4-eaeeee626c5e","type":"visualization"},{"id":"system-26877510-9b72-11ea-87e4-49f31ec44891","name":"8aad73ff-37b1-487a-a3f1-b80b93618ac4:panel_8aad73ff-37b1-487a-a3f1-b80b93618ac4","type":"visualization"},{"id":"system-5c9ee410-9b74-11ea-87e4-49f31ec44891","name":"18cc78ac-3f77-4f54-b351-cb94873cae3f:panel_18cc78ac-3f77-4f54-b351-cb94873cae3f","type":"visualization"},{"id":"system-117f5a30-9b71-11ea-87e4-49f31ec44891","name":"75f5f1fc-bc7c-4f8f-8e5b-0a52d525aa7d:panel_75f5f1fc-bc7c-4f8f-8e5b-0a52d525aa7d","type":"visualization"},{"id":"system-aa31c9d0-9b75-11ea-87e4-49f31ec44891","name":"f443b5b0-ada7-426f-ae2f-46573f94f24f:panel_f443b5b0-ada7-426f-ae2f-46573f94f24f","type":"visualization"},{"id":"system-caf4d2b0-9b76-11ea-87e4-49f31ec44891","name":"820c0311-d378-49dc-a614-e0fed2254603:panel_820c0311-d378-49dc-a614-e0fed2254603","type":"visualization"}],"sort":[1670478486400,329],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Top Hosts By CPU (Realtime) [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(254,146,0,1)\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0.6},{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"ae55bb4a-6452-4277-8222-ed2f33c330da\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"../app/kibana#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.cpu\\\"\"},\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"line_width\":1,\"metrics\":[{\"field\":\"system.cpu.user.norm.pct\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"host.name\",\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"terms_size\":\"10\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Top Hosts By CPU (Realtime) [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-855899e0-1b1c-11e7-b09e-037021c4f8df","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,552],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"User Logons [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"d5bcde50-9bfc-11ea-aaa3-618beeff2d9c\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(7,139,141,1)\",\"id\":\"16018150-9bfd-11ea-aaa3-618beeff2d9c\",\"operator\":\"gte\",\"value\":0},{\"background_color\":\"rgba(7,139,141,1)\",\"id\":\"01e747b8-04de-4e6e-ab94-783b48a03132\",\"operator\":\"empty\",\"value\":null}],\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4624\\\")\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Logons \",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"User Logons [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-860706a0-9bfd-11ea-87e4-49f31ec44891","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,556],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Failed Logons TSVB  [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(181,99,93,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"80824144-4df3-4d81-bdca-c6a9b1b313ae\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"((data_stream.dataset:windows.security OR data_stream.dataset:system.security) AND event.code: \\\"4625\\\")\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Failed Logon\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Failed Logons TSVB  [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-8ef59f90-6ab8-11ea-896f-0d70f7ec3956","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,557],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMDUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR data_stream.dataset:system.application OR data_stream.dataset:system.security OR data_stream.dataset:system.system)\"}}"},"title":"Event Levels [Windows Overview]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Log Levels\",\"field\":\"log.level\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Event Levels [Windows Overview]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-Event-Levels","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,572],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTMsMTld"}
{"attributes":{"columns":["host.hostname","process.name","message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"fields\":{\"*\":{}},\"fragment_size\":2147483647,\"post_tags\":[\"@/kibana-highlighted-field@\"],\"pre_tags\":[\"@kibana-highlighted-field@\"],\"require_field_match\":false},\"highlightAll\":true,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:system.syslog\"}}"},"sort":[["@timestamp","desc"]],"title":"Syslog logs [Logs System]","version":1},"coreMigrationVersion":"8.0.0","id":"system-Syslog-system-logs","migrationVersion":{"search":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,738],"type":"search","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNzQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog events by hostname [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"host.hostname\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog events by hostname\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-Syslog-events-by-hostname","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-Syslog-system-logs","name":"search_0","type":"search"}],"sort":[1670478486400,581],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTgsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog hostnames and processes [Logs System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.hostname\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"process.name\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"bottom\",\"shareYAxis\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Syslog hostnames and processes\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-Syslog-hostnames-and-processes","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"system-Syslog-system-logs","name":"search_0","type":"search"}],"sort":[1670478486400,583],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTksMTld"}
{"attributes":{"description":"Syslog dashboard from the Logs System integration","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"1\",\"w\":32,\"x\":0,\"y\":4},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":16,\"i\":\"2\",\"w\":16,\"x\":32,\"y\":4},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"type\":\"search\",\"gridData\":{\"h\":28,\"i\":\"3\",\"w\":48,\"x\":0,\"y\":20},\"panelIndex\":\"3\",\"embeddableConfig\":{\"columns\":[\"host.hostname\",\"process.name\",\"message\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"4\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"[Logs System] Syslog dashboard","version":1},"coreMigrationVersion":"8.0.0","id":"system-Logs-syslog-dashboard","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-Syslog-events-by-hostname","name":"1:panel_1","type":"visualization"},{"id":"system-Syslog-hostnames-and-processes","name":"2:panel_2","type":"visualization"},{"id":"system-Syslog-system-logs","name":"3:panel_3","type":"search"},{"id":"system-327417e0-8462-11e7-bab8-bd2f0fb42c54","name":"4:panel_4","type":"visualization"}],"sort":[1670478486400,334],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMjksMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"\"}}"},"title":"Number of hosts [Metrics System]","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Number of hosts\",\"field\":\"host.name\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"gauge\":{\"autoExtend\":false,\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":100}],\"gaugeColorMode\":\"None\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Metric\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":false},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":false,\"width\":2},\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":\"63\",\"labelColor\":false,\"subText\":\"\"},\"type\":\"simple\",\"useRange\":false,\"verticalSplit\":false},\"type\":\"gauge\"},\"title\":\"Number of hosts [Metrics System]\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-c6f2ffd0-4d17-11e7-a196-69b9a7a020a9","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"metrics-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,664],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNDAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Top Hosts By Memory (Realtime) [Metrics System]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"bar_color_rules\":[{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"33349dd0-1b1c-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0},{\"bar_color\":\"rgba(254,146,0,1)\",\"id\":\"997dc440-1b1c-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0.6},{\"bar_color\":\"rgba(211,49,21,1)\",\"id\":\"a10d7f20-1b1c-11e7-b09e-037021c4f8df\",\"operator\":\"gte\",\"value\":0.85},{\"bar_color\":\"rgba(104,188,0,1)\",\"id\":\"a81475a7-3ea8-4822-b152-850764945a32\",\"operator\":\"empty\",\"value\":null}],\"drilldown_url\":\"../app/kibana#/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8?_a=(query:(language:kuery,query:'host.name:\\\"{{key}}\\\"'))\",\"filter\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset : \\\"system.memory\\\"\"},\"id\":\"31e5afa0-1b1c-11e7-b09e-037021c4f8df\",\"index_pattern\":\"metrics-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"percent\",\"id\":\"31e5afa1-1b1c-11e7-b09e-037021c4f8df\",\"line_width\":1,\"metrics\":[{\"field\":\"system.memory.actual.used.pct\",\"id\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"type\":\"avg\"}],\"point_size\":1,\"seperate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"host.name\",\"terms_order_by\":\"31e5afa2-1b1c-11e7-b09e-037021c4f8df\",\"terms_size\":\"10\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"top_n\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1},\"title\":\"Top Hosts By Memory (Realtime) [Metrics System]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-fe064790-1b1f-11e7-bec4-a5e9ec5cab8b","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,708],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjMsMTld"}
{"attributes":{"description":"Overview of system metrics","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"version\":true}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"9\",\"w\":48,\"x\":0,\"y\":0},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"11\",\"w\":8,\"x\":0,\"y\":4},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":12},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":24,\"x\":0,\"y\":12},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":32},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0% - 15%\":\"rgb(247,252,245)\",\"15% - 30%\":\"rgb(199,233,192)\",\"30% - 45%\":\"rgb(116,196,118)\",\"45% - 60%\":\"rgb(35,139,69)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":32,\"y\":4},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":8,\"x\":40,\"y\":4},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"18\",\"w\":8,\"x\":24,\"y\":4},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"19\",\"w\":8,\"x\":16,\"y\":4},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"version\":\"7.6.0\",\"type\":\"visualization\",\"gridData\":{\"h\":8,\"i\":\"20\",\"w\":8,\"x\":8,\"y\":4},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"}]","timeRestore":false,"title":"[Metrics System] Overview","version":1},"coreMigrationVersion":"8.0.0","id":"system-Metrics-system-overview","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-Navigation","name":"9:panel_9","type":"visualization"},{"id":"system-c6f2ffd0-4d17-11e7-a196-69b9a7a020a9","name":"11:panel_11","type":"visualization"},{"id":"system-fe064790-1b1f-11e7-bec4-a5e9ec5cab8b","name":"12:panel_12","type":"visualization"},{"id":"system-855899e0-1b1c-11e7-b09e-037021c4f8df","name":"13:panel_13","type":"visualization"},{"id":"system-7cdb1330-4d1a-11e7-a196-69b9a7a020a9","name":"14:panel_14","type":"visualization"},{"id":"system-522ee670-1b92-11e7-bec4-a5e9ec5cab8b","name":"16:panel_16","type":"visualization"},{"id":"system-1aae9140-1b93-11e7-8ada-3df93aab833e","name":"17:panel_17","type":"visualization"},{"id":"system-825fdb80-4d1d-11e7-b5f2-2b7c1895bf32","name":"18:panel_18","type":"visualization"},{"id":"system-d3166e80-1b91-11e7-bec4-a5e9ec5cab8b","name":"19:panel_19","type":"visualization"},{"id":"system-83e12df0-1b91-11e7-bec4-a5e9ec5cab8b","name":"20:panel_20","type":"visualization"}],"sort":[1670478486400,345],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzAsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR data_stream.dataset:system.application OR data_stream.dataset:system.security OR data_stream.dataset:system.system)\"}}"},"title":"Number of Events [Windows Overview]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"fontSize\":60},\"type\":\"metric\"}"},"coreMigrationVersion":"8.0.0","id":"system-Number-of-Events","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,577],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR data_stream.dataset:system.application OR data_stream.dataset:system.security OR data_stream.dataset:system.system)\"}}"},"title":"Number of Events Over Time By Channel [Windows Overview]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"drop_partials\":false,\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"timeRange\":{\"from\":\"now-15d\",\"mode\":\"relative\",\"to\":\"now\"},\"useNormalizedEsInterval\":true},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Channel\",\"field\":\"winlog.channel\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":6},\"schema\":\"group\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"dimensions\":{\"series\":[{\"accessor\":1,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"x\":{\"accessor\":0,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY-MM-DD HH:mm\"}},\"params\":{\"bounds\":{\"max\":\"2019-02-05T04:30:25.961Z\",\"min\":\"2019-01-21T04:30:25.961Z\"},\"date\":true,\"format\":\"YYYY-MM-DD HH:mm\",\"interval\":43200000}},\"y\":[{\"accessor\":2,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"mode\":\"stacked\",\"show\":\"true\",\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"shareYAxis\":true,\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":false,\"mode\":\"normal\",\"setYExtents\":false,\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"yAxis\":{},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"title\":\"Number of Events Over Time By Channel [Windows Overview]\",\"type\":\"histogram\"}"},"coreMigrationVersion":"8.0.0","id":"system-Number-of-Events-Over-Time-By-Event-Log","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,575],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR data_stream.dataset:system.application OR data_stream.dataset:system.security OR data_stream.dataset:system.system)\"}}"},"title":"Sources (Provider Names) [Windows Overview]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"winlog.provider_name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":7},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Sources (Provider Names) [Windows Overview]\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.0.0","id":"system-Sources","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,579],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMTcsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR data_stream.dataset:system.application OR data_stream.dataset:system.security OR data_stream.dataset:system.system)\"}}"},"title":"Top Event IDs [Windows Overview]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Event IDs\",\"field\":\"winlog.event_id\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"perPage\":10,\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Top Event IDs [Windows Overview]\",\"type\":\"table\"}"},"coreMigrationVersion":"8.0.0","id":"system-Top-Event-IDs","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1670478486400,585],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjAsMTld"}
{"attributes":{"description":"Overview of all Windows Event Logs.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"(data_stream.dataset:windows.application OR data_stream.dataset:system.application OR data_stream.dataset:windows.forwarded OR data_stream.dataset:windows.powershell OR data_stream.dataset:windows.powershell_operational OR data_stream.dataset:windows.security OR data_stream.dataset:system.security OR data_stream.dataset:windows.sysmon_operational OR data_stream.dataset:windows.system OR  data_stream.dataset:system.system)\"}}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[{\"version\":\"7.0.0-SNAPSHOT\",\"gridData\":{\"h\":20,\"i\":\"1\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.0.0-SNAPSHOT\",\"gridData\":{\"h\":20,\"i\":\"3\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.0.0-SNAPSHOT\",\"gridData\":{\"h\":20,\"i\":\"4\",\"w\":16,\"x\":16,\"y\":20},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.0.0-SNAPSHOT\",\"gridData\":{\"h\":20,\"i\":\"5\",\"w\":16,\"x\":32,\"y\":20},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.0.0-SNAPSHOT\",\"gridData\":{\"h\":20,\"i\":\"6\",\"w\":16,\"x\":0,\"y\":20},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"[System] Windows Overview","version":1},"coreMigrationVersion":"8.0.0","id":"system-Windows-Dashboard","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-Number-of-Events-Over-Time-By-Event-Log","name":"panel_0","type":"visualization"},{"id":"system-Number-of-Events","name":"panel_1","type":"visualization"},{"id":"system-Top-Event-IDs","name":"panel_2","type":"visualization"},{"id":"system-Event-Levels","name":"panel_3","type":"visualization"},{"id":"system-Sources","name":"panel_4","type":"visualization"}],"sort":[1670478486400,351],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzEsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Removed - TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"bfcaced0-f419-11e9-928e-8f5fd2b6c66e\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(228,155,75,1)\",\"id\":\"11604700-9b51-11ea-99a1-e5b989979a59\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"e380712e-11b0-4daf-88df-492c4c6072b5\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4733 OR  event.code:4729 OR event.code:4788 OR event.code:4786 OR event.code:4752 OR event.code:4762 OR event.code:4747\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Removed from Group\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Removed - TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-a5f664c0-f49a-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,590],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Blocked Accounts TSVB [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"color\":\"rgba(51,51,51,1)\",\"id\":\"8d597960-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(102,102,102,1)\",\"id\":\"a3f59730-ff18-11e9-8249-2371c695f3b0\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"color\":\"rgba(51,51,51,1)\",\"id\":\"1d41d879-b23e-438b-b8f6-ba0d35d08706\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4740\\\"\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Blocked Accounts\",\"line_width\":1,\"metrics\":[{\"field\":\"user.name\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"cardinality\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Blocked Accounts TSVB [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-a79395f0-6aba-11ea-896f-0d70f7ec3956","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,591],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjQsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Logon Events Timeline [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4672\\\" or event.code: \\\"4624\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_filters\":[{\"color\":\"rgba(226,115,0,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4672\\\"\"},\"id\":\"7560ee50-685f-11ea-8d46-c19e41702dd4\",\"label\":\"Admin logons\"},{\"color\":\"rgba(164,221,243,1)\",\"filter\":{\"language\":\"kuery\",\"query\":\"event.code: \\\"4624\\\"\"},\"id\":\"80e7fb10-685f-11ea-8d46-c19e41702dd4\",\"label\":\"Logon Events\"}],\"split_mode\":\"filters\",\"stacked\":\"none\",\"type\":\"timeseries\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1},\"title\":\"Logon Events Timeline [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-a909b930-685f-11ea-896f-0d70f7ec3956","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,592],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMjUsMTld"}
{"attributes":{"description":"User logon activity dashboard.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":28,\"i\":\"1\",\"w\":18,\"x\":0,\"y\":34},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Admin Users Sessions\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"3\",\"w\":18,\"x\":0,\"y\":16},\"panelIndex\":\"3\",\"embeddableConfig\":{\"colors\":{\"AdminLocalSta\":\"#890F02\",\"SERVICIO LOCAL\":\"#508642\"},\"legendOpen\":true,\"vis\":{\"colors\":{\"AdminLocalSta\":\"#890F02\",\"NETWORK SERVICE\":\"#1F78C1\",\"SERVICIO LOCAL\":\"#508642\"},\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Administrators Logged On\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":47,\"i\":\"10\",\"w\":23,\"x\":0,\"y\":62},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Details\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":6,\"i\":\"34fc9633-8a7c-444d-8d19-06095b55fb43\",\"w\":36,\"x\":12,\"y\":0},\"panelIndex\":\"34fc9633-8a7c-444d-8d19-06095b55fb43\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_34fc9633-8a7c-444d-8d19-06095b55fb43\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"67d2409d-3e51-45d5-972f-32a36537e622\",\"w\":9,\"x\":0,\"y\":6},\"panelIndex\":\"67d2409d-3e51-45d5-972f-32a36537e622\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_67d2409d-3e51-45d5-972f-32a36537e622\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"33d05ce3-f60d-4a31-a668-aa6fab0cc800\",\"w\":9,\"x\":9,\"y\":6},\"panelIndex\":\"33d05ce3-f60d-4a31-a668-aa6fab0cc800\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_33d05ce3-f60d-4a31-a668-aa6fab0cc800\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"7b3906e6-3a81-450c-bb31-ca0d670440b7\",\"w\":30,\"x\":18,\"y\":6},\"panelIndex\":\"7b3906e6-3a81-450c-bb31-ca0d670440b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Events Timeline\",\"panelRefName\":\"panel_7b3906e6-3a81-450c-bb31-ca0d670440b7\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"cf50b48e-453c-46fb-ad35-7ccfb7b03de0\",\"w\":15,\"x\":18,\"y\":19},\"panelIndex\":\"cf50b48e-453c-46fb-ad35-7ccfb7b03de0\",\"embeddableConfig\":{\"colors\":{\"CachedInteractive\":\"#6ED0E0\",\"Interactive\":\"#2F575E\",\"Network\":\"#447EBC\",\"RemoteInteractive\":\"#64B0C8\",\"Service\":\"#6ED0E0\",\"Unlock\":\"#BADFF4\"},\"legendOpen\":true,\"vis\":{\"colors\":{\"CachedInteractive\":\"#6ED0E0\",\"Interactive\":\"#2F575E\",\"Network\":\"#447EBC\",\"RemoteInteractive\":\"#64B0C8\",\"Service\":\"#65C5DB\",\"Unlock\":\"#BADFF4\"},\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Logon Types\",\"panelRefName\":\"panel_cf50b48e-453c-46fb-ad35-7ccfb7b03de0\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":15,\"i\":\"a743ffe5-a2ac-4c0b-9b6f-a81563140c42\",\"w\":15,\"x\":33,\"y\":19},\"panelIndex\":\"a743ffe5-a2ac-4c0b-9b6f-a81563140c42\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a743ffe5-a2ac-4c0b-9b6f-a81563140c42\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":28,\"i\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"w\":18,\"x\":18,\"y\":34},\"panelIndex\":\"454bb008-9720-455e-8ab9-b2f47d25aa4f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RDP Reconnections and Desconnections\",\"panelRefName\":\"panel_454bb008-9720-455e-8ab9-b2f47d25aa4f\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":28,\"i\":\"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\",\"w\":12,\"x\":36,\"y\":34},\"panelIndex\":\"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_29a0e70a-ab23-4d48-8d4e-9a39c5af47ad\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":46,\"i\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"w\":25,\"x\":23,\"y\":62},\"panelIndex\":\"28115147-8399-4fcd-95ce-ed0a4f4239e3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logout Details\",\"panelRefName\":\"panel_28115147-8399-4fcd-95ce-ed0a4f4239e3\"}]","timeRestore":false,"title":"[System Windows Security] User Logons","version":1},"coreMigrationVersion":"8.0.0","id":"system-bae11b00-9bfc-11ea-87e4-49f31ec44891","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-804dd400-a248-11e9-a422-d144027429da","name":"1:panel_1","type":"visualization"},{"id":"system-e2516c10-a249-11e9-a422-d144027429da","name":"3:panel_3","type":"visualization"},{"id":"system-18348f30-a24d-11e9-a422-d144027429da","name":"4:panel_4","type":"visualization"},{"id":"system-ce71c9a0-a25e-11e9-a422-d144027429da","name":"10:panel_10","type":"search"},{"id":"system-a3c3f350-9b6d-11ea-87e4-49f31ec44891","name":"34fc9633-8a7c-444d-8d19-06095b55fb43:panel_34fc9633-8a7c-444d-8d19-06095b55fb43","type":"visualization"},{"id":"system-0622da40-9bfd-11ea-87e4-49f31ec44891","name":"67d2409d-3e51-45d5-972f-32a36537e622:panel_67d2409d-3e51-45d5-972f-32a36537e622","type":"visualization"},{"id":"system-860706a0-9bfd-11ea-87e4-49f31ec44891","name":"33d05ce3-f60d-4a31-a668-aa6fab0cc800:panel_33d05ce3-f60d-4a31-a668-aa6fab0cc800","type":"visualization"},{"id":"system-a909b930-685f-11ea-896f-0d70f7ec3956","name":"7b3906e6-3a81-450c-bb31-ca0d670440b7:panel_7b3906e6-3a81-450c-bb31-ca0d670440b7","type":"visualization"},{"id":"system-006d75f0-9c03-11ea-87e4-49f31ec44891","name":"cf50b48e-453c-46fb-ad35-7ccfb7b03de0:panel_cf50b48e-453c-46fb-ad35-7ccfb7b03de0","type":"visualization"},{"id":"system-21aadac0-9c0b-11ea-87e4-49f31ec44891","name":"a743ffe5-a2ac-4c0b-9b6f-a81563140c42:panel_a743ffe5-a2ac-4c0b-9b6f-a81563140c42","type":"visualization"},{"id":"system-6f4071a0-7a78-11ea-bc9a-0baf2ca323a3","name":"454bb008-9720-455e-8ab9-b2f47d25aa4f:panel_454bb008-9720-455e-8ab9-b2f47d25aa4f","type":"search"},{"id":"system-25f31ee0-9c23-11ea-87e4-49f31ec44891","name":"29a0e70a-ab23-4d48-8d4e-9a39c5af47ad:panel_29a0e70a-ab23-4d48-8d4e-9a39c5af47ad","type":"visualization"},{"id":"system-06b6b060-7a80-11ea-bc9a-0baf2ca323a3","name":"28115147-8399-4fcd-95ce-ed0a4f4239e3:panel_28115147-8399-4fcd-95ce-ed0a4f4239e3","type":"search"}],"sort":[1670478486400,365],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzIsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Users Added - Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"bfcaced0-f419-11e9-928e-8f5fd2b6c66e\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(181,99,93,1)\",\"id\":\"a7d935e0-f497-11e9-928e-8f5fd2b6c66e\",\"operator\":\"gte\",\"value\":1},{\"background_color\":\"rgba(204,204,204,1)\",\"id\":\"d990573b-8144-426a-96fc-ae4550d43a7d\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4732 OR event.code:4728 OR event.code:4756  OR event.code:4751  OR event.code:4761  OR event.code:4746  OR event.code:4785 OR event.code:4787\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Users Added to Group\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Users Added - Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-ffebe440-f419-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,712],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNjUsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Groups Deleted  TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(200,201,197,1)\",\"id\":\"bfcaced0-f419-11e9-928e-8f5fd2b6c66e\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(228,155,75,1)\",\"id\":\"a7d935e0-f497-11e9-928e-8f5fd2b6c66e\",\"operator\":\"gt\",\"value\":0},{\"background_color\":\"rgba(200,201,197,1)\",\"id\":\"b111245b-19fb-41f8-84e0-66082dd5d353\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4734 OR event.code:4730 OR event.code:4758 OR event.code:4753  OR event.code:4763  OR event.code:4748  OR event.code:4789  OR event.code:4792\"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Groups Deleted\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Groups Deleted  TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-e22c6f40-f498-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,692],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTYsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Groups Created  TSVB Metric [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"background_color\":\"rgba(200,201,197,1)\",\"id\":\"bfcaced0-f419-11e9-928e-8f5fd2b6c66e\",\"operator\":\"lte\",\"value\":0},{\"background_color\":\"rgba(181,99,93,1)\",\"id\":\"a7d935e0-f497-11e9-928e-8f5fd2b6c66e\",\"operator\":\"gt\",\"value\":0},{\"background_color\":\"rgba(200,201,197,1)\",\"id\":\"e211716f-df1f-455e-b894-30ff0cbd468e\",\"operator\":\"empty\",\"value\":null}],\"drop_last_bucket\":0,\"filter\":{\"language\":\"kuery\",\"query\":\"event.code:4731 OR event.code:4727 OR event.code:\\\"4754\\\" OR event.code:\\\"4749\\\" OR event.code:\\\"4759\\\"  OR event.code:\\\"4744\\\"  OR event.code:\\\"4783\\\"  OR event.code:\\\"4790\\\" \"},\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"logs-*\",\"interval\":\"90d\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Groups Created\",\"line_width\":1,\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"gradient\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true},\"title\":\"Groups Created  TSVB Metric [Windows System Security]\",\"type\":\"metrics\"}"},"coreMigrationVersion":"8.0.0","id":"system-ee292bc0-f499-11e9-8405-516218e3d268","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,699],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExNTksMTld"}
{"attributes":{"description":"Group management activity.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"22\",\"w\":16,\"x\":0,\"y\":0},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_22\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"29\",\"w\":16,\"x\":0,\"y\":68},\"panelIndex\":\"29\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_29\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"30\",\"w\":9,\"x\":18,\"y\":48},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_30\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"31\",\"w\":9,\"x\":0,\"y\":48},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_31\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"32\",\"w\":9,\"x\":9,\"y\":48},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_32\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"33\",\"w\":17,\"x\":16,\"y\":68},\"panelIndex\":\"33\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_33\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"34\",\"w\":15,\"x\":33,\"y\":68},\"panelIndex\":\"34\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_34\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"36\",\"w\":9,\"x\":0,\"y\":55},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Creation Summary [Windows System Security]\",\"panelRefName\":\"panel_36\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"37\",\"w\":9,\"x\":9,\"y\":55},\"panelIndex\":\"37\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Changes Summary [Windows System Security]\",\"panelRefName\":\"panel_37\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"38\",\"w\":9,\"x\":18,\"y\":55},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Deletion Summary [Windows System Security]\",\"panelRefName\":\"panel_38\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"39\",\"w\":16,\"x\":0,\"y\":75},\"panelIndex\":\"39\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users Added to Group  Summary [Windows System Security]\",\"panelRefName\":\"panel_39\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"40\",\"w\":17,\"x\":16,\"y\":75},\"panelIndex\":\"40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Users Removed From Group Summary [Windows System Security]\",\"panelRefName\":\"panel_40\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"42\",\"w\":15,\"x\":33,\"y\":75},\"panelIndex\":\"42\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Enumeration - Table [Windows System Security]\",\"panelRefName\":\"panel_42\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":20,\"i\":\"43\",\"w\":21,\"x\":27,\"y\":48},\"panelIndex\":\"43\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Details  [Windows System Security]\",\"panelRefName\":\"panel_43\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":22,\"i\":\"45\",\"w\":48,\"x\":0,\"y\":89},\"panelIndex\":\"45\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Management Operations Details [Windows System Security]\",\"panelRefName\":\"panel_45\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"3f7e277d-09d1-4a79-bc17-bc5da5a7e290\",\"w\":20,\"x\":0,\"y\":7},\"panelIndex\":\"3f7e277d-09d1-4a79-bc17-bc5da5a7e290\",\"embeddableConfig\":{\"colors\":{\"added-group-account\":\"#0A437C\",\"added-member-to-group\":\"#1F78C1\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#052B51\",\"user-member-enumerated\":\"#447EBC\"},\"vis\":{\"colors\":{\"added-group-account\":\"#0A437C\",\"added-member-to-group\":\"#1F78C1\",\"deleted-group-account\":\"#82B5D8\",\"modified-group-account\":\"#052B51\",\"user-member-enumerated\":\"#447EBC\"}},\"enhancements\":{}},\"panelRefName\":\"panel_3f7e277d-09d1-4a79-bc17-bc5da5a7e290\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"8cda9d6a-096f-41a5-86e6-09dd1f6b9c98\",\"w\":16,\"x\":32,\"y\":7},\"panelIndex\":\"8cda9d6a-096f-41a5-86e6-09dd1f6b9c98\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8cda9d6a-096f-41a5-86e6-09dd1f6b9c98\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":20,\"i\":\"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\",\"w\":12,\"x\":20,\"y\":7},\"panelIndex\":\"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Group Management Events - Event Actions - Table [Windows System Security]\",\"panelRefName\":\"panel_74edddd5-2dc5-41b8-b4f2-bf9c95218f1b\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"33cef054-615a-49cb-bb2e-eb55fab96ae5\",\"w\":27,\"x\":0,\"y\":27},\"panelIndex\":\"33cef054-615a-49cb-bb2e-eb55fab96ae5\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"panelRefName\":\"panel_33cef054-615a-49cb-bb2e-eb55fab96ae5\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"e0d495aa-f897-403f-815b-6116fae330b7\",\"w\":21,\"x\":27,\"y\":27},\"panelIndex\":\"e0d495aa-f897-403f-815b-6116fae330b7\",\"embeddableConfig\":{\"colors\":{\"added-group-account\":\"#1F78C1\",\"added-member-to-group\":\"#0A437C\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#0A50A1\",\"type-changed-group-account\":\"#82B5D8\",\"user-member-enumerated\":\"#447EBC\"},\"vis\":{\"colors\":{\"added-group-account\":\"#1F78C1\",\"added-member-to-group\":\"#0A437C\",\"deleted-group-account\":\"#5195CE\",\"modified-group-account\":\"#0A50A1\",\"removed-member-from-group\":\"#BADFF4\",\"type-changed-group-account\":\"#82B5D8\",\"user-member-enumerated\":\"#447EBC\"}},\"enhancements\":{}},\"panelRefName\":\"panel_e0d495aa-f897-403f-815b-6116fae330b7\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"663e0493-2070-407b-9d00-079915cce7e7\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"663e0493-2070-407b-9d00-079915cce7e7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_663e0493-2070-407b-9d00-079915cce7e7\"}]","timeRestore":false,"title":"[System Windows Security] Group Management Events","version":1},"coreMigrationVersion":"8.0.0","id":"system-bb858830-f412-11e9-8405-516218e3d268","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-6f0f2ea0-f414-11e9-8405-516218e3d268","name":"22:panel_22","type":"visualization"},{"id":"system-ffebe440-f419-11e9-8405-516218e3d268","name":"29:panel_29","type":"visualization"},{"id":"system-e22c6f40-f498-11e9-8405-516218e3d268","name":"30:panel_30","type":"visualization"},{"id":"system-ee292bc0-f499-11e9-8405-516218e3d268","name":"31:panel_31","type":"visualization"},{"id":"system-400b63e0-f49a-11e9-8405-516218e3d268","name":"32:panel_32","type":"visualization"},{"id":"system-a5f664c0-f49a-11e9-8405-516218e3d268","name":"33:panel_33","type":"visualization"},{"id":"system-546febc0-f49b-11e9-8405-516218e3d268","name":"34:panel_34","type":"visualization"},{"id":"system-98884120-f49d-11e9-8405-516218e3d268","name":"36:panel_36","type":"visualization"},{"id":"system-9e534190-f49d-11e9-8405-516218e3d268","name":"37:panel_37","type":"visualization"},{"id":"system-bb9cf7a0-f49d-11e9-8405-516218e3d268","name":"38:panel_38","type":"visualization"},{"id":"system-ce867840-f49e-11e9-8405-516218e3d268","name":"39:panel_39","type":"visualization"},{"id":"system-fee83900-f49f-11e9-8405-516218e3d268","name":"40:panel_40","type":"visualization"},{"id":"system-bc165210-f4b8-11e9-8405-516218e3d268","name":"42:panel_42","type":"visualization"},{"id":"system-7e178c80-fee1-11e9-8405-516218e3d268","name":"43:panel_43","type":"search"},{"id":"system-9066d5b0-fef2-11e9-8405-516218e3d268","name":"45:panel_45","type":"search"},{"id":"system-b89b0c90-9b41-11ea-87e4-49f31ec44891","name":"3f7e277d-09d1-4a79-bc17-bc5da5a7e290:panel_3f7e277d-09d1-4a79-bc17-bc5da5a7e290","type":"visualization"},{"id":"system-58fb9480-9b46-11ea-87e4-49f31ec44891","name":"8cda9d6a-096f-41a5-86e6-09dd1f6b9c98:panel_8cda9d6a-096f-41a5-86e6-09dd1f6b9c98","type":"visualization"},{"id":"system-33462600-9b47-11ea-87e4-49f31ec44891","name":"74edddd5-2dc5-41b8-b4f2-bf9c95218f1b:panel_74edddd5-2dc5-41b8-b4f2-bf9c95218f1b","type":"visualization"},{"id":"system-e20c02d0-9b48-11ea-87e4-49f31ec44891","name":"33cef054-615a-49cb-bb2e-eb55fab96ae5:panel_33cef054-615a-49cb-bb2e-eb55fab96ae5","type":"visualization"},{"id":"system-7de2e3f0-9b4d-11ea-87e4-49f31ec44891","name":"e0d495aa-f897-403f-815b-6116fae330b7:panel_e0d495aa-f897-403f-815b-6116fae330b7","type":"visualization"},{"id":"system-a3c3f350-9b6d-11ea-87e4-49f31ec44891","name":"663e0493-2070-407b-9d00-079915cce7e7:panel_663e0493-2070-407b-9d00-079915cce7e7","type":"visualization"}],"sort":[1670478486400,387],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzMsMTld"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"title":"Failed Logon and Account Lockout [Windows System Security]","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[],\"params\":{\"fontSize\":10,\"markdown\":\"### **Failed Logons and Account Lockouts**\",\"openLinksInNewTab\":false},\"title\":\"Failed Logon and Account Lockout [Windows System Security]\",\"type\":\"markdown\"}"},"coreMigrationVersion":"8.0.0","id":"system-c2ea73f0-a4bd-11e9-a422-d144027429da","migrationVersion":{"visualization":"8.0.0"},"references":[],"sort":[1670478486400,658],"type":"visualization","updated_at":"2022-12-08T05:48:06.400Z","version":"WzExMzcsMTld"}
{"attributes":{"description":"Failed and blocked accounts with TSVB metrics.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":7},\"panelIndex\":\"2\",\"embeddableConfig\":{\"colors\":{\"Failed Logins\":\"#EF843C\",\"Failed Logons\":\"#E24D42\",\"Successful Login\":\"#B7DBAB\",\"Successful Logon\":\"#9AC48A\"},\"legendOpen\":true,\"vis\":{\"colors\":{\"Failed Logins\":\"#EF843C\",\"Failed Logons\":\"#BF1B00\",\"Successful Login\":\"#B7DBAB\",\"Successful Logon\":\"#9AC48A\"},\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Login Successful vs Failed\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"3\",\"w\":11,\"x\":12,\"y\":35},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Blocked Acoounts\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"4\",\"w\":23,\"x\":12,\"y\":7},\"panelIndex\":\"4\",\"embeddableConfig\":{\"colors\":{\"Login Failed\":\"#F9934E\",\"Login OK\":\"#9AC48A\",\"Logon Failed\":\"#E24D42\",\"Logon Successful\":\"#9AC48A\"},\"legendOpen\":true,\"vis\":{\"colors\":{\"Login Failed\":\"#F9934E\",\"Login OK\":\"#9AC48A\",\"Logon Failed\":\"#BF1B00\",\"Logon Successful\":\"#9AC48A\"},\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Logon Successful and Failed  Over time\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":30,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":56},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 5\":\"rgb(255,245,240)\",\"10 - 15\":\"rgb(252,138,106)\",\"15 - 20\":\"rgb(241,68,50)\",\"20 - 24\":\"rgb(188,20,26)\",\"5 - 10\":\"rgb(253,202,181)\"},\"legendOpen\":false},\"enhancements\":{}},\"title\":\"Logon Failed  (Time Mosaic View)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Failed and Account Lockouts\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"10\",\"w\":13,\"x\":35,\"y\":7},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Failed Source IPs\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":31,\"i\":\"11\",\"w\":25,\"x\":23,\"y\":25},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logins Table\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"628de26f-7b7b-457c-b811-e06161e4e7b4\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"628de26f-7b7b-457c-b811-e06161e4e7b4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_628de26f-7b7b-457c-b811-e06161e4e7b4\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"01a624c2-7a86-4fa9-89d3-e2ae84e94ec9\",\"w\":12,\"x\":0,\"y\":25},\"panelIndex\":\"01a624c2-7a86-4fa9-89d3-e2ae84e94ec9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_01a624c2-7a86-4fa9-89d3-e2ae84e94ec9\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"e3046900-1ffc-4efa-9dab-613d685c617b\",\"w\":11,\"x\":12,\"y\":25},\"panelIndex\":\"e3046900-1ffc-4efa-9dab-613d685c617b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_e3046900-1ffc-4efa-9dab-613d685c617b\"}]","timeRestore":false,"title":"[System Windows Security] Failed and Blocked Accounts","version":1},"coreMigrationVersion":"8.0.0","id":"system-d401ef40-a7d5-11e9-a422-d144027429da","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-c2ea73f0-a4bd-11e9-a422-d144027429da","name":"1:panel_1","type":"visualization"},{"id":"system-175a5760-a7d5-11e9-a422-d144027429da","name":"2:panel_2","type":"visualization"},{"id":"system-7a329a00-a7d5-11e9-a422-d144027429da","name":"3:panel_3","type":"visualization"},{"id":"system-162d7ab0-a7d6-11e9-a422-d144027429da","name":"4:panel_4","type":"visualization"},{"id":"system-729443b0-a7d6-11e9-a422-d144027429da","name":"5:panel_5","type":"visualization"},{"id":"system-4b683ac0-a7d7-11e9-a422-d144027429da","name":"6:panel_6","type":"visualization"},{"id":"system-757510b0-a87f-11e9-a422-d144027429da","name":"8:panel_8","type":"search"},{"id":"system-2084e300-a884-11e9-a422-d144027429da","name":"10:panel_10","type":"visualization"},{"id":"system-421f0610-af98-11e9-a422-d144027429da","name":"11:panel_11","type":"visualization"},{"id":"system-a3c3f350-9b6d-11ea-87e4-49f31ec44891","name":"628de26f-7b7b-457c-b811-e06161e4e7b4:panel_628de26f-7b7b-457c-b811-e06161e4e7b4","type":"visualization"},{"id":"system-8ef59f90-6ab8-11ea-896f-0d70f7ec3956","name":"01a624c2-7a86-4fa9-89d3-e2ae84e94ec9:panel_01a624c2-7a86-4fa9-89d3-e2ae84e94ec9","type":"visualization"},{"id":"system-a79395f0-6aba-11ea-896f-0d70f7ec3956","name":"e3046900-1ffc-4efa-9dab-613d685c617b:panel_e3046900-1ffc-4efa-9dab-613d685c617b","type":"visualization"}],"sort":[1670478486400,400],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzQsMTld"}
{"attributes":{"description":"Failed and blocked accounts.","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"kuery\",\"query\":\"data_stream.dataset:windows.security OR data_stream.dataset:system.security\"}}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"1\",\"w\":14,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"2\",\"w\":12,\"x\":0,\"y\":7},\"panelIndex\":\"2\",\"embeddableConfig\":{\"colors\":{\"Failed Logins\":\"#EF843C\",\"Failed Logons\":\"#E24D42\",\"Successful Login\":\"#B7DBAB\",\"Successful Logon\":\"#9AC48A\"},\"legendOpen\":true,\"vis\":{\"colors\":{\"Failed Logins\":\"#EF843C\",\"Failed Logons\":\"#BF1B00\",\"Successful Login\":\"#B7DBAB\",\"Successful Logon\":\"#9AC48A\"},\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Login Successful vs Failed\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"3\",\"w\":11,\"x\":12,\"y\":35},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Blocked Acoounts\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"4\",\"w\":23,\"x\":12,\"y\":7},\"panelIndex\":\"4\",\"embeddableConfig\":{\"colors\":{\"Login Failed\":\"#F9934E\",\"Login OK\":\"#9AC48A\",\"Logon Failed\":\"#E24D42\",\"Logon Successful\":\"#9AC48A\"},\"legendOpen\":true,\"vis\":{\"colors\":{\"Login Failed\":\"#F9934E\",\"Login OK\":\"#9AC48A\",\"Logon Failed\":\"#BF1B00\",\"Logon Successful\":\"#9AC48A\"},\"legendOpen\":true},\"enhancements\":{}},\"title\":\"Logon Successful and Failed  Over time\",\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":21,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":35},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":30,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":56},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 5\":\"rgb(255,245,240)\",\"10 - 15\":\"rgb(252,138,106)\",\"15 - 20\":\"rgb(241,68,50)\",\"20 - 24\":\"rgb(188,20,26)\",\"5 - 10\":\"rgb(253,202,181)\"},\"legendOpen\":false},\"enhancements\":{}},\"title\":\"Logon Failed  (Time Mosaic View)\",\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.0\",\"type\":\"search\",\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":48,\"x\":0,\"y\":86},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Failed and Account Lockouts\",\"panelRefName\":\"panel_8\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"10\",\"w\":13,\"x\":35,\"y\":7},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon Failed Source IPs\",\"panelRefName\":\"panel_10\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":31,\"i\":\"11\",\"w\":25,\"x\":23,\"y\":25},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logins Table\",\"panelRefName\":\"panel_11\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":7,\"i\":\"a79ee89f-ff45-486c-9788-9446d39456c2\",\"w\":34,\"x\":14,\"y\":0},\"panelIndex\":\"a79ee89f-ff45-486c-9788-9446d39456c2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_a79ee89f-ff45-486c-9788-9446d39456c2\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"7765df59-11c4-476d-898f-9ebf98c369e2\",\"w\":11,\"x\":12,\"y\":25},\"panelIndex\":\"7765df59-11c4-476d-898f-9ebf98c369e2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_7765df59-11c4-476d-898f-9ebf98c369e2\"},{\"version\":\"7.7.0\",\"type\":\"visualization\",\"gridData\":{\"h\":10,\"i\":\"b47c91d3-58c4-4b5b-b302-444b048efdfa\",\"w\":12,\"x\":0,\"y\":25},\"panelIndex\":\"b47c91d3-58c4-4b5b-b302-444b048efdfa\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_b47c91d3-58c4-4b5b-b302-444b048efdfa\"}]","timeRestore":false,"title":"[System Windows Security] Failed and Blocked Accounts - Simple Metrics","version":1},"coreMigrationVersion":"8.0.0","id":"system-f49f3170-9ffc-11ea-87e4-49f31ec44891","migrationVersion":{"dashboard":"8.0.0"},"references":[{"id":"system-c2ea73f0-a4bd-11e9-a422-d144027429da","name":"1:panel_1","type":"visualization"},{"id":"system-175a5760-a7d5-11e9-a422-d144027429da","name":"2:panel_2","type":"visualization"},{"id":"system-7a329a00-a7d5-11e9-a422-d144027429da","name":"3:panel_3","type":"visualization"},{"id":"system-162d7ab0-a7d6-11e9-a422-d144027429da","name":"4:panel_4","type":"visualization"},{"id":"system-729443b0-a7d6-11e9-a422-d144027429da","name":"5:panel_5","type":"visualization"},{"id":"system-4b683ac0-a7d7-11e9-a422-d144027429da","name":"6:panel_6","type":"visualization"},{"id":"system-757510b0-a87f-11e9-a422-d144027429da","name":"8:panel_8","type":"search"},{"id":"system-2084e300-a884-11e9-a422-d144027429da","name":"10:panel_10","type":"visualization"},{"id":"system-421f0610-af98-11e9-a422-d144027429da","name":"11:panel_11","type":"visualization"},{"id":"system-d770b040-9b35-11ea-87e4-49f31ec44891","name":"a79ee89f-ff45-486c-9788-9446d39456c2:panel_a79ee89f-ff45-486c-9788-9446d39456c2","type":"visualization"},{"id":"system-5d117970-9ffd-11ea-87e4-49f31ec44891","name":"7765df59-11c4-476d-898f-9ebf98c369e2:panel_7765df59-11c4-476d-898f-9ebf98c369e2","type":"visualization"},{"id":"system-4bedf650-9ffd-11ea-87e4-49f31ec44891","name":"b47c91d3-58c4-4b5b-b302-444b048efdfa:panel_b47c91d3-58c4-4b5b-b302-444b048efdfa","type":"visualization"}],"sort":[1670478486400,413],"type":"dashboard","updated_at":"2022-12-08T05:48:06.400Z","version":"WzEwMzUsMTld"}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":189,"missingRefCount":0,"missingReferences":[]}