From 005d41dd03b7e6fddc8e256f36bbe329dfa4a59e Mon Sep 17 00:00:00 2001 From: To-om Date: Tue, 7 Apr 2020 10:07:17 +0200 Subject: [PATCH] #1202 Fix dashboard format --- .../12/dashboards/Observable_statistics .json | 1 - .../12/dashboards/Observable_statistics.json | 101 ++++++++++++++++++ 2 files changed, 101 insertions(+), 1 deletion(-) delete mode 100644 migration/12/dashboards/Observable_statistics .json create mode 100644 migration/12/dashboards/Observable_statistics.json diff --git a/migration/12/dashboards/Observable_statistics .json b/migration/12/dashboards/Observable_statistics .json deleted file mode 100644 index 467bf0d517..0000000000 --- a/migration/12/dashboards/Observable_statistics .json +++ /dev/null @@ -1 +0,0 @@ -{"_routing":"AWu4YZXHg8tFuebkSwcG","description":"Observable statistics","title":"Observable statistics","_parent":null,"definition":{"period":"last3Months","items":[{"type":"container","items":[{"type":"donut","options":{"title":"Observables by type","entity":"case_artifact","field":"dataType","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{"fqdn":"fqdn","url":"url","regexp":"regexp","mail":"mail","hash":"hash","registry":"registry","uri_path":"uri_path","truc":"truc","ip":"ip","user-agent":"user-agent","autonomous-system":"autonomous-system","file":"file","mail_subject":"mail_subject","filename":"filename","other":"other","domain":"domain"},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"6ee86a99-3f40-1960-fd4d-398a1da5b76e"},{"type":"donut","options":{"title":"Observables by attachment content type","entity":"case_artifact","field":"attachment.contentType","query":{"_and":[{"_field":"dataType","_value":"file"},{"_not":{"_field":"status","_value":"Deleted"}}]},"names":{},"filters":[{"field":"dataType","type":"enumeration","value":{"list":[{"text":"file","label":"file"}]}},{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"b6110238-3074-4e85-674f-4bc56829e68a"}]},{"type":"container","items":[{"type":"donut","options":{"title":"Observable tags","entity":"case_artifact","field":"tags","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"70bbc0a5-1692-4e46-ebac-8769952ad9c0"},{"type":"donut","options":{"title":"Observables by TLP","entity":"case_artifact","field":"tlp","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{"0":"white","1":"green","2":"amber","3":"red"},"colors":{"0":"#bdf0ea","1":"#48e80f","2":"#e0a91a","3":"#f02626"},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"633fbe97-805e-6123-3330-29f5c8f45f13"}]},{"type":"container","items":[{"type":"donut","options":{"title":"Observables by IOC flag","entity":"case_artifact","field":"ioc","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"771a3bdf-e437-ac3a-384d-23be91a25b07"},{"type":"line","options":{"title":"Observables over time","entity":"case_artifact","field":"createdAt","interval":"1w","series":[{"agg":"count","field":null,"type":"area-spline","filters":[{"field":"ioc","type":"boolean","value":true}],"label":"IOC","query":{"_field":"ioc","_value":true}},{"agg":"count","field":null,"type":"area-spline","label":"non-IOC","filters":[{"field":"ioc","type":"boolean","value":false}],"query":{"_field":"ioc","_value":false}}],"stacked":true,"query":{"_not":{"_field":"status","_value":"Deleted"}},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"e5ed24a6-51ed-ecc4-9db0-ce837fd84214"}]}],"customPeriod":{"fromDate":null,"toDate":null}},"_id":"AWu4YZXHg8tFuebkSwcG","_version":3,"status":"Shared"} diff --git a/migration/12/dashboards/Observable_statistics.json b/migration/12/dashboards/Observable_statistics.json new file mode 100644 index 0000000000..2be434a943 --- /dev/null +++ b/migration/12/dashboards/Observable_statistics.json @@ -0,0 +1,101 @@ +{ + "description": "Observable statistics", + "title": "Observable statistics", + "definition": { + "period": "last3Months", "items": [ + { + "type": "container", "items": [ + { + "type": "donut", "options": { + "title": "Observables by type", "entity": "case_artifact", "field": "dataType", + "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": { + "fqdn": "fqdn", "url": "url", "regexp": "regexp", "mail": "mail", "hash": "hash", "registry": "registry", + "uri_path": "uri_path", "truc": "truc", "ip": "ip", "user-agent": "user-agent", + "autonomous-system": "autonomous-system", "file": "file", "mail_subject": "mail_subject", + "filename": "filename", "other": "other", "domain": "domain" + }, "filters": [ + { + "field": "status", "type": "enumeration", + "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]} + } + ] + }, "id": "6ee86a99-3f40-1960-fd4d-398a1da5b76e" + }, { + "type": "donut", "options": { + "title": "Observables by attachment content type", "entity": "case_artifact", + "field": "attachment.contentType", "query": { + "_and": [{"_field": "dataType", "_value": "file"}, {"_not": {"_field": "status", "_value": "Deleted"}}] + }, "names": {}, "filters": [ + {"field": "dataType", "type": "enumeration", "value": {"list": [{"text": "file", "label": "file"}]}}, { + "field": "status", "type": "enumeration", + "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]} + } + ] + }, "id": "b6110238-3074-4e85-674f-4bc56829e68a" + } + ] + }, { + "type": "container", "items": [ + { + "type": "donut", "options": { + "title": "Observable tags", "entity": "case_artifact", "field": "tags", + "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {}, "filters": [ + { + "field": "status", "type": "enumeration", + "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]} + } + ] + }, "id": "70bbc0a5-1692-4e46-ebac-8769952ad9c0" + }, { + "type": "donut", "options": { + "title": "Observables by TLP", "entity": "case_artifact", "field": "tlp", + "query": {"_not": {"_field": "status", "_value": "Deleted"}}, + "names": {"0": "white", "1": "green", "2": "amber", "3": "red"}, + "colors": {"0": "#bdf0ea", "1": "#48e80f", "2": "#e0a91a", "3": "#f02626"}, "filters": [ + { + "field": "status", "type": "enumeration", + "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]} + } + ] + }, "id": "633fbe97-805e-6123-3330-29f5c8f45f13" + } + ] + }, { + "type": "container", "items": [ + { + "type": "donut", "options": { + "title": "Observables by IOC flag", "entity": "case_artifact", "field": "ioc", + "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {}, "filters": [ + { + "field": "status", "type": "enumeration", + "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]} + } + ] + }, "id": "771a3bdf-e437-ac3a-384d-23be91a25b07" + }, { + "type": "line", "options": { + "title": "Observables over time", "entity": "case_artifact", "field": "createdAt", "interval": "1w", + "series": [ + { + "agg": "count", "field": null, "type": "area-spline", + "filters": [{"field": "ioc", "type": "boolean", "value": true}], "label": "IOC", + "query": {"_field": "ioc", "_value": true} + }, { + "agg": "count", "field": null, "type": "area-spline", "label": "non-IOC", + "filters": [{"field": "ioc", "type": "boolean", "value": false}], + "query": {"_field": "ioc", "_value": false} + } + ], "stacked": true, "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "filters": [ + { + "field": "status", "type": "enumeration", + "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]} + } + ] + }, "id": "e5ed24a6-51ed-ecc4-9db0-ce837fd84214" + } + ] + } + ], "customPeriod": {"fromDate": null, "toDate": null} + }, + "status": "Shared" +}