-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcowrie.ndjson
26 lines (26 loc) · 50.4 KB
/
cowrie.ndjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{"attributes":{"fieldAttrs":"{\"event.action\":{\"count\":34},\"cowrie.url\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"ecs-logstash-cowrie-*","typeMeta":"{}"},"coreMigrationVersion":"8.1.1","id":"cf268890-db6d-11ec-9cee-0961d2c8438c","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2022-05-24T18:28:03.439Z","version":"WzMyOTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Source Unique IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Source Unique IP\",\"type\":\"gauge\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Unique Source IP's\"},\"schema\":\"metric\"}],\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":300},{\"from\":300,\"to\":600},{\"from\":600,\"to\":900}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60}}}}"},"coreMigrationVersion":"8.1.1","id":"3670b5c4-399e-41a0-9909-56f0b18746eb","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-31T10:26:59.521Z","version":"WzM4OTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Cowrie - Attack Logs Top Source Countries","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Logs Source Country Top 5\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true}}"},"coreMigrationVersion":"8.1.1","id":"9510e26b-dea9-4f4a-a6de-db4f5b61b82d","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Source Protocol","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Source Protocol\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.1.1","id":"ceeb1cf3-4283-42e7-b51b-dac2e77dfb9e","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-31T10:22:54.982Z","version":"WzM4MjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Username","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Username\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.username\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":9,\"maxFontSize\":36,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}}}"},"coreMigrationVersion":"8.1.1","id":"2ed1af87-915d-47d9-991c-3ee9b2031d7c","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Password","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Password\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.password\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":9,\"maxFontSize\":36,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}}}"},"coreMigrationVersion":"8.1.1","id":"ecafe4c0-fa4d-4af8-8c2f-26e5b480803e","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTQsMl0="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"f5103e82-0ccd-47d6-bdb2-443f25a2c13e\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"15a1165c-4710-4b09-823b-881ceacda709\",\"geoField\":\"source.geo.location\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"heatmap\",\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"4e5955d7-5671-43eb-83c9-839ac52ddc05\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"type\":\"HEATMAP\",\"joins\":[]},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"358ed55d-ebca-439e-b268-8a87edf1d388\",\"geoField\":\"source.geo.location\",\"metrics\":[{\"type\":\"count\"}],\"requestType\":\"point\",\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#ff0000\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":4}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":7,\"maxSize\":32,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"cbef64fc-4b64-4ae5-8ac2-a1358f01af4c\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[]}]","mapStateJSON":"{\"zoom\":1.56,\"center\":{\"lon\":-60.10794,\"lat\":14.87591},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\",\"autoFitToDataBounds\":false}}","title":"Cowrie - Attack Map","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.1.1","id":"b2dc91cc-4e66-4aba-b9d8-e99ccf2256b1","migrationVersion":{"map":"8.1.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"layer_2_source_index_pattern","type":"index-pattern"}],"type":"map","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top Source IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top Source IP Addresses\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Country\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"City\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"4f4c7fc3-c27b-43dc-a44f-e6fb7ee20377","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"kuery\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Cowrie - Attack Top Source ASN 's","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"Cowrie - Attack Source ASN Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.as.number\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.as.organization.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Org\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"01230574-0144-4f19-b59d-167ab067a4b1","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Source Country","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Source Country\",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":0,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":3,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100,\"rotate\":75},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"cardinal\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"labels\":{},\"radiusRatio\":50,\"row\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"}}"},"coreMigrationVersion":"8.1.1","id":"05a29dec-3d4b-40a6-87c8-2cf031ea035f","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top Destination IP","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top Destination IP\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"d0e77c19-47b0-4a0a-a066-58698fa06b2f","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top Destination Ports","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top Destination Ports\",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-1h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"cardinal\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"labels\":{},\"row\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"}}"},"coreMigrationVersion":"8.1.1","id":"3bbce071-d2f7-4290-a6de-a96556114d9e","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top Username Password Combinations","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top Username Password Combinations\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.username\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.password\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"66db54a0-260b-44b1-994c-72f6bedd1167","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top Commands","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top Commands\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.input\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"65bec98e-8599-43ad-92a1-07034fdd8896","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top File URL","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top File URL\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"url.original\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"hash.sha256\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VirusTotal Search\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"ec19f6a9-c125-42b8-ab3f-2da1f5215439","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Attack Top Files","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Cowrie - Attack Top Files\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cowrie.destfile\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"hash.sha256\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VirusTotal Search\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.1.1","id":"c9450de6-559f-43c9-ad83-6081bc969568","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.action\",\"value\":\"cowrie.client.version, cowrie.client.kex\",\"params\":[\"cowrie.client.version\",\"cowrie.client.kex\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.action\":\"cowrie.client.version\"}},{\"match_phrase\":{\"event.action\":\"cowrie.client.kex\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie - Event ID","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Event ID\",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"cardinal\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"labels\":{},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"}}"},"coreMigrationVersion":"8.1.1","id":"7f96f84d-5d8f-47a5-96dd-6e58a960eea1","migrationVersion":{"visualization":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Cowrie - Attack Logs 24hr Difference","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie - Attack Logs 24hr Difference\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(84,179,153,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"2\",\"fill\":\"0.5\",\"stacked\":\"none\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"label\":\"Logs\"},{\"id\":\"283a30a0-e83e-11ea-a339-475a68e1677f\",\"color\":\"rgba(255,0,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"283a30a1-e83e-11ea-a339-475a68e1677f\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"2\",\"fill\":0.5,\"stacked\":\"none\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"offset_time\":\"24h\",\"label\":\"24h Offset\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"5m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"background_color_rules\":[{\"id\":\"a391c8a0-e841-11ea-a339-475a68e1677f\"}],\"bar_color_rules\":[{\"id\":\"a3ea9700-e841-11ea-a339-475a68e1677f\"}],\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.1.1","id":"3a898b27-1c7b-4c7b-b59f-46873daf821d","migrationVersion":{"visualization":"8.0.0"},"references":[],"type":"visualization","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NjUsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"aa8c13af-65a4-4461-b267-5654ebf0d792\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"aa8c13af-65a4-4461-b267-5654ebf0d792\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(0,104,55)\",\"50 - 75\":\"rgb(255,255,190)\",\"75 - 100\":\"rgb(165,0,38)\"},\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_aa8c13af-65a4-4461-b267-5654ebf0d792\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"2ea0738d-eedd-452e-bd5e-a16b039785af\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"2ea0738d-eedd-452e-bd5e-a16b039785af\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_2ea0738d-eedd-452e-bd5e-a16b039785af\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"380f8fc9-8c99-4ed7-bb14-587623787662\",\"w\":8,\"x\":16,\"y\":0},\"panelIndex\":\"380f8fc9-8c99-4ed7-bb14-587623787662\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_380f8fc9-8c99-4ed7-bb14-587623787662\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"00d68457-c286-473e-80ba-3e476147d739\",\"w\":12,\"x\":24,\"y\":0},\"panelIndex\":\"00d68457-c286-473e-80ba-3e476147d739\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_00d68457-c286-473e-80ba-3e476147d739\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"fcd53bb9-8c5f-4ef3-bd67-39611f32aa0f\",\"w\":12,\"x\":36,\"y\":0},\"panelIndex\":\"fcd53bb9-8c5f-4ef3-bd67-39611f32aa0f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fcd53bb9-8c5f-4ef3-bd67-39611f32aa0f\"},{\"version\":\"8.1.1\",\"type\":\"map\",\"gridData\":{\"h\":18,\"i\":\"36d110d3-748c-4773-a860-4c49c1133565\",\"w\":24,\"x\":0,\"y\":9},\"panelIndex\":\"36d110d3-748c-4773-a860-4c49c1133565\",\"embeddableConfig\":{\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":37.43998,\"lon\":10.56319,\"zoom\":1},\"openTOCDetails\":[],\"enhancements\":{}},\"panelRefName\":\"panel_36d110d3-748c-4773-a860-4c49c1133565\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"9976cdaf-aa3d-47e1-a07a-7b4de225a6e8\",\"w\":12,\"x\":24,\"y\":9},\"panelIndex\":\"9976cdaf-aa3d-47e1-a07a-7b4de225a6e8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9976cdaf-aa3d-47e1-a07a-7b4de225a6e8\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":18,\"i\":\"1437c804-5c0c-4708-816f-53ab0bcd08c6\",\"w\":12,\"x\":36,\"y\":9},\"panelIndex\":\"1437c804-5c0c-4708-816f-53ab0bcd08c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1437c804-5c0c-4708-816f-53ab0bcd08c6\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"5e9a1ad8-081c-4f11-ad7a-cf253d86c224\",\"w\":18,\"x\":0,\"y\":27},\"panelIndex\":\"5e9a1ad8-081c-4f11-ad7a-cf253d86c224\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5e9a1ad8-081c-4f11-ad7a-cf253d86c224\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"9b915d4b-cabf-4a7d-9b37-2a88da20cf8b\",\"w\":12,\"x\":18,\"y\":27},\"panelIndex\":\"9b915d4b-cabf-4a7d-9b37-2a88da20cf8b\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"table\":null,\"enhancements\":{}},\"panelRefName\":\"panel_9b915d4b-cabf-4a7d-9b37-2a88da20cf8b\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"e2681167-3361-431e-84be-e13993cde148\",\"w\":18,\"x\":30,\"y\":27},\"panelIndex\":\"e2681167-3361-431e-84be-e13993cde148\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e2681167-3361-431e-84be-e13993cde148\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"1504b077-32a9-48ce-b6f3-f5401857b56f\",\"w\":24,\"x\":0,\"y\":46},\"panelIndex\":\"1504b077-32a9-48ce-b6f3-f5401857b56f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1504b077-32a9-48ce-b6f3-f5401857b56f\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"2cded41a-7194-4422-82b1-584042945284\",\"w\":24,\"x\":24,\"y\":46},\"panelIndex\":\"2cded41a-7194-4422-82b1-584042945284\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2cded41a-7194-4422-82b1-584042945284\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"0bc5bc75-dd0d-4cd5-a415-8dbc15a1f411\",\"w\":24,\"x\":0,\"y\":65},\"panelIndex\":\"0bc5bc75-dd0d-4cd5-a415-8dbc15a1f411\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0bc5bc75-dd0d-4cd5-a415-8dbc15a1f411\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":13,\"i\":\"4358f10f-0a1f-4dd3-ab95-9c6b333c7407\",\"w\":24,\"x\":24,\"y\":65},\"panelIndex\":\"4358f10f-0a1f-4dd3-ab95-9c6b333c7407\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4358f10f-0a1f-4dd3-ab95-9c6b333c7407\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"2f5e1209-4fa5-4d6f-98f9-826731a30acc\",\"w\":24,\"x\":24,\"y\":78},\"panelIndex\":\"2f5e1209-4fa5-4d6f-98f9-826731a30acc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2f5e1209-4fa5-4d6f-98f9-826731a30acc\"},{\"version\":\"8.1.1\",\"type\":\"visualization\",\"gridData\":{\"h\":19,\"i\":\"715afa99-9ab9-4708-a3d0-3da323bb8ccd\",\"w\":24,\"x\":0,\"y\":78},\"panelIndex\":\"715afa99-9ab9-4708-a3d0-3da323bb8ccd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_715afa99-9ab9-4708-a3d0-3da323bb8ccd\"}]","refreshInterval":{"pause":false,"value":300000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Cowrie - Dashboard","version":1},"coreMigrationVersion":"8.1.1","id":"c5671a89-86e9-49b9-b0a6-d7dd050ce434","migrationVersion":{"dashboard":"8.1.0"},"references":[{"id":"3670b5c4-399e-41a0-9909-56f0b18746eb","name":"aa8c13af-65a4-4461-b267-5654ebf0d792:panel_aa8c13af-65a4-4461-b267-5654ebf0d792","type":"visualization"},{"id":"9510e26b-dea9-4f4a-a6de-db4f5b61b82d","name":"2ea0738d-eedd-452e-bd5e-a16b039785af:panel_2ea0738d-eedd-452e-bd5e-a16b039785af","type":"visualization"},{"id":"ceeb1cf3-4283-42e7-b51b-dac2e77dfb9e","name":"380f8fc9-8c99-4ed7-bb14-587623787662:panel_380f8fc9-8c99-4ed7-bb14-587623787662","type":"visualization"},{"id":"2ed1af87-915d-47d9-991c-3ee9b2031d7c","name":"00d68457-c286-473e-80ba-3e476147d739:panel_00d68457-c286-473e-80ba-3e476147d739","type":"visualization"},{"id":"ecafe4c0-fa4d-4af8-8c2f-26e5b480803e","name":"fcd53bb9-8c5f-4ef3-bd67-39611f32aa0f:panel_fcd53bb9-8c5f-4ef3-bd67-39611f32aa0f","type":"visualization"},{"id":"b2dc91cc-4e66-4aba-b9d8-e99ccf2256b1","name":"36d110d3-748c-4773-a860-4c49c1133565:panel_36d110d3-748c-4773-a860-4c49c1133565","type":"map"},{"id":"4f4c7fc3-c27b-43dc-a44f-e6fb7ee20377","name":"9976cdaf-aa3d-47e1-a07a-7b4de225a6e8:panel_9976cdaf-aa3d-47e1-a07a-7b4de225a6e8","type":"visualization"},{"id":"01230574-0144-4f19-b59d-167ab067a4b1","name":"1437c804-5c0c-4708-816f-53ab0bcd08c6:panel_1437c804-5c0c-4708-816f-53ab0bcd08c6","type":"visualization"},{"id":"05a29dec-3d4b-40a6-87c8-2cf031ea035f","name":"5e9a1ad8-081c-4f11-ad7a-cf253d86c224:panel_5e9a1ad8-081c-4f11-ad7a-cf253d86c224","type":"visualization"},{"id":"d0e77c19-47b0-4a0a-a066-58698fa06b2f","name":"9b915d4b-cabf-4a7d-9b37-2a88da20cf8b:panel_9b915d4b-cabf-4a7d-9b37-2a88da20cf8b","type":"visualization"},{"id":"3bbce071-d2f7-4290-a6de-a96556114d9e","name":"e2681167-3361-431e-84be-e13993cde148:panel_e2681167-3361-431e-84be-e13993cde148","type":"visualization"},{"id":"66db54a0-260b-44b1-994c-72f6bedd1167","name":"1504b077-32a9-48ce-b6f3-f5401857b56f:panel_1504b077-32a9-48ce-b6f3-f5401857b56f","type":"visualization"},{"id":"65bec98e-8599-43ad-92a1-07034fdd8896","name":"2cded41a-7194-4422-82b1-584042945284:panel_2cded41a-7194-4422-82b1-584042945284","type":"visualization"},{"id":"ec19f6a9-c125-42b8-ab3f-2da1f5215439","name":"0bc5bc75-dd0d-4cd5-a415-8dbc15a1f411:panel_0bc5bc75-dd0d-4cd5-a415-8dbc15a1f411","type":"visualization"},{"id":"c9450de6-559f-43c9-ad83-6081bc969568","name":"4358f10f-0a1f-4dd3-ab95-9c6b333c7407:panel_4358f10f-0a1f-4dd3-ab95-9c6b333c7407","type":"visualization"},{"id":"7f96f84d-5d8f-47a5-96dd-6e58a960eea1","name":"2f5e1209-4fa5-4d6f-98f9-826731a30acc:panel_2f5e1209-4fa5-4d6f-98f9-826731a30acc","type":"visualization"},{"id":"3a898b27-1c7b-4c7b-b59f-46873daf821d","name":"715afa99-9ab9-4708-a3d0-3da323bb8ccd:panel_715afa99-9ab9-4708-a3d0-3da323bb8ccd","type":"visualization"}],"type":"dashboard","updated_at":"2022-05-31T10:23:44.890Z","version":"WzM4MzcsMl0="}
{"attributes":{"columns":["message","event.action","source.ip","source.geo.country_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"cowrie.session.connect\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.action\":\"cowrie.session.connect\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Cowrie - Session Connect","version":1},"coreMigrationVersion":"8.1.1","id":"c84abe07-dbe0-43e6-8659-e3b4b3e9ce08","migrationVersion":{"search":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDQsMl0="}
{"attributes":{"columns":["message","event.action","source.ip","source.geo.country_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"cowrie.session.closed\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.action\":\"cowrie.session.closed\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Cowrie - Session Closed","version":1},"coreMigrationVersion":"8.1.1","id":"02e5bc4d-6102-420e-b8d2-d2fd2e2d8165","migrationVersion":{"search":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDUsMl0="}
{"attributes":{"columns":["message","username","password","event.action","source.ip","source.geo.country_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"cowrie.login.success\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.action\":\"cowrie.login.success\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Cowrie - Login Success","version":1},"coreMigrationVersion":"8.1.1","id":"e75fd9df-5def-4bb7-9636-bd4004aaf8ac","migrationVersion":{"search":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDYsMl0="}
{"attributes":{"columns":["message","event.action","source.ip","source.geo.country_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"cowrie.login.failed\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.action\":\"cowrie.login.failed\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Cowrie - Login Failed","version":1},"coreMigrationVersion":"8.1.1","id":"348c5c9d-494e-4520-8909-94fae32bb140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDcsMl0="}
{"attributes":{"columns":["message","event.action","source.ip","source.geo.country_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"cowrie.client.kex\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.action\":\"cowrie.client.kex\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Cowrie - Client Kex","version":1},"coreMigrationVersion":"8.1.1","id":"63029086-2a41-44c9-9647-f6b21283f670","migrationVersion":{"search":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDgsMl0="}
{"attributes":{"columns":["message","event.action","source.ip","source.geo.country_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"cowrie.direct-tcpip.request\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.action\":\"cowrie.direct-tcpip.request\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Cowrie - Direct-TCP IP Request","version":1},"coreMigrationVersion":"8.1.1","id":"b30f88e2-3269-4f2f-9dd2-973a8a6e2c94","migrationVersion":{"search":"8.0.0"},"references":[{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"cf268890-db6d-11ec-9cee-0961d2c8438c","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2022-05-24T18:32:37.403Z","version":"WzM0NDksMl0="}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":25,"missingRefCount":0,"missingReferences":[]}