diff --git a/roles/elk/files/filebeat.yml b/roles/elk/files/Beats/filebeat.yml similarity index 100% rename from roles/elk/files/filebeat.yml rename to roles/elk/files/Beats/filebeat.yml diff --git a/roles/elk/files/config.js b/roles/elk/files/config.js deleted file mode 100644 index c6eb530..0000000 --- a/roles/elk/files/config.js +++ /dev/null @@ -1,96 +0,0 @@ -module.exports = { - - //////////////////////////////////// - // ElasticSearch Backend Settings - //////////////////////////////////// - "es_host": "localhost", // The host of Elastic Search - "es_port": 9200, // The port of Elastic Search - "es_using_ssl": false, // If the ES is using SSL(https)? - "es_username": "", // The basic authentication user of ES server, leave it blank if no basic auth applied - "es_password": "", // The password of basic authentication of ES server, leave it blank if no basic auth applied. - - - //////////////////////////////////// - // Proxy server configurations - //////////////////////////////////// - // Which port listen to - "listen_port": 80, - // Control HTTP max-Age header. Whether the browser cache static kibana files or not? - // 0 for no-cache, unit in millisecond, default to 0 - // We strongly recommand you set to a larger number such as 2592000000(a month) to get a better loading speed - "brower_cache_maxage": 0, - // Enable SSL protocol - "enable_ssl_port": false, - // The following settings are valid only when enable_ssl_port is true - "listen_port_ssl": 4443, - // Use absolute path for the key file - "ssl_key_file": "POINT_TO_YOUR_SSL_KEY", - // Use absolute path for the certification file - "ssl_cert_file": "POINT_TO_YOUR_SSL_CERT", - - // The ES index for saving kibana dashboards - // default to "kibana-int" - // With the default configuration, all users will use the same index for kibana dashboards settings, - // But we support using different kibana settings for each user. - // If you want to use different kibana indices for individual users, use %user% instead of the real username - // Since we support multiple authentication types(google, cas or basic), you must decide which one you gonna use. - - // Bad English:D - // For example: - // Config "kibana_es_index": "kibana-int-for-%user%", "which_auth_type_for_kibana_index": "basic" - // will use kibana index settings like "kibana-int-for-demo1", "kibana-int-for-demo2" for user demo1 and demo2. - // in this case, if you enabled both Google Oauth2 and BasicAuth, and the username of BasicAuth is the boss. - "kibana_es_index": "kibana-int", // "kibana-int-%user%" - "which_auth_type_for_kibana_index": "cas", // google, cas or basic - - //////////////////////////////////// - // Security Configurations - //////////////////////////////////// - // Cookies secret - // Please change the following secret randomly for security. - "cookie_secret": "REPLACE_WITH_A_RANDOM_STRING_PLEASE", - - - //////////////////////////////////// - // Kibana3 Authentication Settings - // Currently we support 3 different auth methods: Google OAuth2, Basic Auth and CAS SSO. - // You can use one of them or both - //////////////////////////////////// - - - // ================================= - // Google OAuth2 settings - // Enable? true or false - // When set to false, google OAuth will not be applied. - "enable_google_oauth": false, - // We use the following redirect URI: - // http://YOUR-KIBANA-SITE:[listen_port]/auth/google/callback - // Please add it in the google developers console first. - // The client ID of Google OAuth2 - "client_id": "", - "client_secret": "", // The client secret of Google OAuth2 - "allowed_emails": ["*"], // An emails list for the authorized users - - - // ================================= - // Basic Authentication Settings - // The following config is different from the previous basic auth settings. - // It will be applied on the client who access kibana3. - // Enable? true or false - "enable_basic_auth": true, - // Multiple user/passwd supported - // The User&Passwd list for basic auth - "basic_auth_users": [ - {"user": "admin", "password": "admin"}, - ], - - - // ================================= - // CAS SSO Login - // Enable? true or false - "enable_cas_auth": false, - // Point to the CAS authentication URL - "cas_server_url": "https://point-to-the-cas-server/cas", - // CAS protocol version, one of 1.0 or 2.0 - "cas_protocol_version": 1.0, -}; \ No newline at end of file diff --git a/roles/elk/files/kibana-dashboards/cisco.json b/roles/elk/files/kibana-dashboards/cisco.json deleted file mode 100644 index 4b6207a..0000000 --- a/roles/elk/files/kibana-dashboards/cisco.json +++ /dev/null @@ -1,603 +0,0 @@ -{ - "title": "Cisco", - "services": { - "query": { - "list": { - "6": { - "id": 6, - "type": "lucene", - "query": "", - "alias": "", - "color": "#7EB26D", - "pin": false, - "enable": true - } - }, - "ids": [ - 6 - ] - }, - "filter": { - "list": { - "0": { - "from": "2015-05-25T13:57:41.342Z", - "to": "now", - "type": "time", - "field": "@timestamp", - "mandate": "must", - "active": true, - "alias": "", - "id": 0 - }, - "1": { - "type": "terms", - "field": "Alert.Analyzer.Name.raw", - "value": "cisco", - "mandate": "must", - "active": true, - "alias": "", - "id": 1 - } - }, - "ids": [ - 0, - 1 - ] - } - }, - "rows": [ - { - "title": "Alerts flow", - "height": "150px", - "editable": true, - "collapse": true, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 4, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Source.Node.Address", - "chart": "bar", - "counter_pos": "below", - "arrangement": "vertical", - "other": true, - "exclude": [], - "missing": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "IP" - }, - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Source.Node.Port", - "size": 10, - "order": "count", - "chart": "bar", - "counter_pos": "below", - "arrangement": "vertical", - "other": true, - "exclude": [], - "missing": true, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "Port" - } - ], - "title": "Source" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "type": "terms", - "tmode": "terms", - "field": "Alert.Target.Node.Address", - "size": 10, - "order": "count", - "chart": "bar", - "counter_pos": "below", - "arrangement": "vertical", - "other": true, - "exclude": [], - "missing": true, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "IP" - }, - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Target.Node.Port", - "size": 10, - "order": "count", - "chart": "bar", - "counter_pos": "below", - "arrangement": "vertical", - "other": true, - "exclude": [], - "missing": true, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "Port" - } - ], - "title": "Destination" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Source.Process.Name", - "size": 10, - "order": "count", - "chart": "bar", - "counter_pos": "below", - "arrangement": "vertical", - "other": true, - "exclude": [], - "missing": false, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "ACL name" - }, - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Classification.Text", - "size": 10, - "order": "count", - "chart": "bar", - "counter_pos": "below", - "arrangement": "vertical", - "other": true, - "exclude": [], - "missing": true, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "EVENT NAME" - } - ] - } - ], - "notice": false - }, - { - "title": "Events filter", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "span": 12, - "editable": true, - "group": [ - "default" - ], - "type": "histogram", - "mode": "count", - "time_field": "@timestamp", - "value_field": null, - "auto_int": true, - "resolution": 100, - "interval": "30s", - "fill": 3, - "linewidth": 3, - "timezone": "browser", - "spyable": true, - "zoomlinks": true, - "bars": true, - "stack": true, - "points": false, - "lines": false, - "legend": true, - "x-axis": true, - "y-axis": true, - "percentage": false, - "interactive": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "title": "Events over time", - "intervals": [ - "auto", - "1s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1M", - "1y" - ], - "options": true, - "tooltip": { - "value_type": "individual", - "query_as_alias": true - }, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "pointradius": 5, - "show_query": true, - "legend_counts": true, - "zerofill": true, - "derivative": false - }, - { - "error": false, - "span": 2, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Source.User.Name", - "size": 20, - "order": "count", - "chart": "table", - "other": true, - "exclude": [], - "missing": false, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "Users" - }, - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "tmode": "terms", - "field": "Alert.Analyzer.Node.Name", - "size": 20, - "order": "count", - "chart": "table", - "other": true, - "exclude": [], - "missing": false, - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "tstat": "total", - "valuefield": "", - "title": "Devices" - } - ], - "title": "Users and devices" - }, - { - "error": false, - "span": 10, - "editable": true, - "type": "table", - "loadingEditor": false, - "size": 50, - "pages": 5, - "offset": 0, - "sort": [ - "@timestamp", - "desc" - ], - "overflow": "min-height", - "fields": [ - "Alert.ReceiveTime", - "Alert.Analyzer.Node.Name", - "Alert.Analyzer.rawmessage" - ], - "highlight": [], - "sortable": true, - "header": true, - "paging": true, - "field_list": false, - "all_fields": true, - "trimFactor": 600, - "localTime": true, - "timeField": "Alert.ReceiveTime", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 6 - ] - }, - "style": { - "font-size": "9pt" - }, - "normTimes": true, - "title": "Events" - } - ], - "notice": false - } - ], - "editable": true, - "failover": false, - "index": { - "interval": "day", - "pattern": "[logstash-]YYYY.MM.DD", - "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED", - "warm_fields": true - }, - "style": "dark", - "panel_hints": true, - "pulldowns": [ - { - "type": "query", - "collapse": false, - "notice": false, - "query": "*", - "pinned": true, - "history": [ - "", - "10\\.27\\.18\\.33", - "10", - ".*", - "ACL_NAT_WEB", - "ACL_NAT", - "ACL_NATWEB", - "10\\.27\\.18\\.", - "10.27.18.", - "10.27.18" - ], - "remember": 10, - "enable": true - }, - { - "type": "filtering", - "collapse": false, - "notice": true, - "enable": true - } - ], - "nav": [ - { - "type": "timepicker", - "collapse": false, - "notice": false, - "status": "Stable", - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ], - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "timefield": "@timestamp", - "now": true, - "filter_id": 0, - "enable": true - } - ], - "loader": { - "save_gist": false, - "save_elasticsearch": true, - "save_local": true, - "save_default": true, - "save_temp": true, - "save_temp_ttl_enable": true, - "save_temp_ttl": "30d", - "load_gist": true, - "load_elasticsearch": true, - "load_elasticsearch_size": 20, - "load_local": true, - "hide": false - }, - "refresh": false -} \ No newline at end of file diff --git a/roles/elk/files/kibana-dashboards/elasticsearch-template.json b/roles/elk/files/kibana-dashboards/elasticsearch-template.json deleted file mode 100644 index b02b8c9..0000000 --- a/roles/elk/files/kibana-dashboards/elasticsearch-template.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "template" : "logstash-*", - "settings" : { - "index.refresh_interval" : "5s" - }, - "mappings" : { - "_default_" : { - "_all" : {"enabled" : true}, - "dynamic_templates" : [ { - "string_fields" : { - "match" : "*", - "match_mapping_type" : "string", - "mapping" : { - "type" : "string", "index" : "analyzed", "omit_norms" : true, - "fields" : { - "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256} - } - } - } - } ], - "properties" : { - "@version": { "type": "string", "index": "not_analyzed" }, - "Alert.Source.Node.Geoip" : { - "type" : "object", - "dynamic": true, - "path": "full", - "properties" : { - "location" : { "type" : "geo_point" } - } - } - } - } - } -} \ No newline at end of file diff --git a/roles/elk/files/kibana-dashboards/fim.json b/roles/elk/files/kibana-dashboards/fim.json deleted file mode 100644 index fd9f833..0000000 --- a/roles/elk/files/kibana-dashboards/fim.json +++ /dev/null @@ -1,298 +0,0 @@ -{ - "title": "File Integrity Monitoring", - "services": { - "query": { - "list": { - "0": { - "query": "Alert.Source.Ident:syscheck", - "alias": "Syscheck", - "color": "#7EB26D", - "id": 0, - "pin": true, - "type": "lucene", - "enable": true - } - }, - "ids": [ - 0 - ] - }, - "filter": { - "list": { - "0": { - "type": "time", - "field": "@timestamp", - "from": "now-1h", - "to": "now", - "mandate": "must", - "active": true, - "alias": "", - "id": 0 - } - }, - "ids": [ - 0 - ] - } - }, - "rows": [ - { - "title": "Graph", - "height": "350px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "span": 12, - "editable": true, - "group": [ - "default" - ], - "type": "histogram", - "mode": "count", - "time_field": "@timestamp", - "value_field": null, - "auto_int": true, - "resolution": 100, - "interval": "30s", - "fill": 3, - "linewidth": 3, - "timezone": "browser", - "spyable": true, - "zoomlinks": true, - "bars": true, - "stack": true, - "points": false, - "lines": false, - "legend": true, - "x-axis": true, - "y-axis": true, - "percentage": false, - "interactive": true, - "queries": { - "mode": "all", - "ids": [ - 0 - ] - }, - "title": "Events over time", - "intervals": [ - "auto", - "1s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1M", - "1y" - ], - "options": true, - "tooltip": { - "value_type": "cumulative", - "query_as_alias": true - }, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "pointradius": 5, - "show_query": true, - "legend_counts": true, - "zerofill": true, - "derivative": false - } - ], - "notice": false - }, - { - "title": "Statistics", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 2, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Source.Node.Name", - "exclude": [], - "missing": true, - "other": true, - "size": 50, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "chart": "table", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "pinned", - "ids": [ - 0 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Hosts statistics" - }, - { - "error": false, - "span": 10, - "editable": true, - "type": "table", - "loadingEditor": false, - "size": 100, - "pages": 5, - "offset": 0, - "sort": [ - "_score", - "desc" - ], - "overflow": "min-height", - "fields": [ - "@timestamp", - "Alert.Analyzer.Node.Name", - "Alert.Source.Node.Name", - "Alert.Target.File.Path" - ], - "highlight": [], - "sortable": true, - "header": true, - "paging": true, - "field_list": false, - "all_fields": false, - "trimFactor": 300, - "localTime": false, - "timeField": "@timestamp", - "spyable": true, - "queries": { - "mode": "pinned", - "ids": [ - 0 - ] - }, - "style": { - "font-size": "9pt" - }, - "normTimes": true, - "title": "Files" - } - ], - "notice": false - } - ], - "editable": true, - "failover": false, - "index": { - "interval": "day", - "pattern": "[logstash-]YYYY.MM.DD", - "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED", - "warm_fields": true - }, - "style": "dark", - "panel_hints": true, - "pulldowns": [ - { - "type": "query", - "collapse": false, - "notice": false, - "query": "*", - "pinned": true, - "history": [ - "Alert.Source.Ident:syscheck", - "syscheck", - "patterns", - "ossec.conf", - "20-ossec", - "20-oss", - "20-", - "/opt/logstash/patterns/ossec" - ], - "remember": 10, - "enable": true - }, - { - "type": "filtering", - "collapse": false, - "notice": true, - "enable": true - } - ], - "nav": [ - { - "type": "timepicker", - "collapse": false, - "notice": false, - "status": "Stable", - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ], - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "timefield": "@timestamp", - "now": true, - "filter_id": 0, - "enable": true - } - ], - "loader": { - "save_gist": false, - "save_elasticsearch": true, - "save_local": true, - "save_default": true, - "save_temp": true, - "save_temp_ttl_enable": true, - "save_temp_ttl": "30d", - "load_gist": true, - "load_elasticsearch": true, - "load_elasticsearch_size": 20, - "load_local": true, - "hide": false - }, - "refresh": false -} \ No newline at end of file diff --git a/roles/elk/files/kibana-dashboards/kibana.json b/roles/elk/files/kibana-dashboards/kibana.json deleted file mode 100644 index b6931f3..0000000 --- a/roles/elk/files/kibana-dashboards/kibana.json +++ /dev/null @@ -1,6 +0,0 @@ -[ - {"_index":".kibana","_type":"config","_id":"4.5.0","_score":0,"_source":{"buildNum":9889,"defaultIndex":"lightsiem-*"}} -,{"_index":".kibana","_type":"index-pattern","_id":"lightsiem-*","_score":0,"_source":{"title":"lightsiem-*","timeFieldName":"@timestamp","fields":"[{\"name\":\"Alert.CreateTime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Source.Node.Address\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"Alert.Assessment.Action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Source.Process.Name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Target.Node.Port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"duration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Analyzer.tcpflags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"syslog5424_pri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Analyzer.Node.Name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Analyzer.rawmessage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Sensor.Node.Address\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Analyzer.Name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Source.Node.Port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Analyzer.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Analyzer.Level.Normalized\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Classification.Ident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"Alert.Analyzer.Level.Origin\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Classification.Text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"Alert.Target.Node.Address\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"Alert.Analyzer.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false}]"}} -,{"_index":".kibana","_type":"visualization","_id":"Histogram:Alert.Source.Node.Address","_score":0,"_source":{"title":"Histogram:Alert.Source.Node.Address","visState":"{\"aggs\":[{\"params\":{\"field\":\"Alert.Source.Node.Address\",\"orderBy\":\"2\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\",\"id\":\"3\"},{\"id\":\"2\",\"schema\":\"metric\",\"type\":\"count\"}],\"type\":\"histogram\"}","uiStateJSON":"{}","description":"","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"lightsiem-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}}} -,{"_index":".kibana","_type":"visualization","_id":"Histogram:Alert.Target.Node.Address","_score":0,"_source":{"title":"Histogram:Alert.Target.Node.Address","visState":"{\"title\":\"Histogram:Alert.Target.Node.Address\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"Alert.Target.Node.Address\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"2\"}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"Alert.Analyzer.Level.Normalized\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"2\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","description":"","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"lightsiem-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"}}} -] \ No newline at end of file diff --git a/roles/elk/files/kibana-dashboards/ossec.json b/roles/elk/files/kibana-dashboards/ossec.json deleted file mode 100644 index 513c26c..0000000 --- a/roles/elk/files/kibana-dashboards/ossec.json +++ /dev/null @@ -1,983 +0,0 @@ -{ - "title": "IDS proposal", - "services": { - "query": { - "list": { - "0": { - "query": "Alert.Analyzer.Level.Normalized:[0 TO 5]", - "alias": "", - "color": "#629E51", - "id": 0, - "pin": true, - "type": "lucene", - "enable": true - }, - "1": { - "id": 1, - "color": "#E5AC0E", - "alias": "", - "pin": true, - "type": "lucene", - "enable": true, - "query": "Alert.Analyzer.Level.Normalized:[6 TO 8]" - }, - "2": { - "id": 2, - "color": "#E0752D", - "alias": "", - "pin": true, - "type": "lucene", - "enable": true, - "query": "Alert.Analyzer.Level.Normalized:[9 TO 11]" - }, - "3": { - "id": 3, - "color": "#BF1B00", - "alias": "", - "pin": true, - "type": "lucene", - "enable": true, - "query": "Alert.Analyzer.Level.Normalized:[12 TO 15]" - }, - "4": { - "id": 4, - "color": "#2F575E", - "alias": "", - "pin": true, - "type": "lucene", - "enable": true, - "query": "*" - }, - "5": { - "id": 5, - "color": "#58140C", - "alias": "", - "pin": true, - "type": "lucene", - "enable": true, - "query": "tags:_grokparsefailure" - } - }, - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5 - ] - }, - "filter": { - "list": { - "0": { - "type": "time", - "field": "@timestamp", - "from": "now-7d", - "to": "now", - "mandate": "must", - "active": true, - "alias": "", - "id": 0 - } - }, - "ids": [ - 0 - ] - } - }, - "rows": [ - { - "title": "Alerts flow", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Source.Node.Name", - "exclude": [], - "missing": false, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "vertical", - "chart": "bar", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Alert source" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Target.Node.Name", - "exclude": [], - "missing": false, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "vertical", - "chart": "bar", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Alert target" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Classification.Text", - "exclude": [], - "missing": false, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "vertical", - "chart": "bar", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Alert description" - } - ], - "notice": false - }, - { - "title": "Alert level", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 4, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "type": "histogram", - "mode": "mean", - "value_field": "Alert.Analyzer.Level.Normalized", - "time_field": "@timestamp", - "timezone": "browser", - "interval": "1h", - "x-axis": true, - "y-axis": true, - "scale": 1, - "y_format": "none", - "grid": { - "max": 16, - "min": 0 - }, - "queries": { - "mode": "selected", - "ids": [ - 4 - ] - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "Alert.Analyzer.Level.Normalized", - "sort": [ - "_score", - "desc" - ] - }, - "auto_int": false, - "resolution": 100, - "intervals": [ - "auto", - "1s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1y" - ], - "lines": false, - "fill": 0, - "linewidth": 3, - "points": false, - "pointradius": 5, - "bars": true, - "stack": false, - "spyable": true, - "zoomlinks": true, - "options": true, - "legend": false, - "show_query": true, - "interactive": true, - "legend_counts": true, - "percentage": true, - "zerofill": false, - "derivative": false, - "tooltip": { - "value_type": "cumulative", - "query_as_alias": true - }, - "height": "150px", - "editable": true - }, - { - "loading": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "histogram", - "mode": "mean", - "value_field": "Alert.Analyzer.Level.Normalized", - "time_field": "@timestamp", - "timezone": "browser", - "auto_int": false, - "interval": "1d", - "x-axis": true, - "y-axis": true, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "queries": { - "mode": "selected", - "ids": [ - 4 - ] - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "resolution": 100, - "intervals": [ - "auto", - "1s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1y" - ], - "lines": false, - "fill": 0, - "linewidth": 3, - "points": false, - "pointradius": 5, - "bars": true, - "stack": false, - "spyable": true, - "zoomlinks": true, - "options": true, - "legend": true, - "show_query": true, - "interactive": true, - "legend_counts": true, - "percentage": false, - "zerofill": true, - "derivative": false, - "tooltip": { - "value_type": "cumulative", - "query_as_alias": true - } - } - ], - "title": "Average level" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Analyzer.Level.Normalized", - "exclude": [], - "missing": true, - "other": true, - "size": 18, - "order": "term", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "vertical", - "chart": "bar", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Alerts per level" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Target.File.Path", - "exclude": [], - "missing": false, - "other": true, - "size": 14, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "horizontal", - "chart": "table", - "counter_pos": "above", - "spyable": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Last changed files" - } - ], - "notice": false - }, - { - "title": "Analyzers and sensors", - "height": "150px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Analyzer.Name", - "exclude": [], - "missing": true, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": true, - "labels": true, - "arrangement": "vertical", - "chart": "pie", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "pinned", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Analyzer type" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Analyzer.Node.Name", - "exclude": [], - "missing": true, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": true, - "labels": true, - "arrangement": "vertical", - "chart": "pie", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "pinned", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Analyzer host" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "terms", - "loadingEditor": false, - "field": "Alert.Sensor.Node.Name", - "exclude": [], - "missing": true, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": true, - "labels": true, - "arrangement": "vertical", - "chart": "pie", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "pinned", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "Sensors" - } - ], - "notice": false - }, - { - "title": "Alerts dashboard", - "height": "150px", - "editable": true, - "collapse": true, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 4, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "loading": false, - "error": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "terms", - "field": "Alert.Source.Process.Name", - "exclude": [], - "missing": true, - "other": true, - "size": 10, - "order": "count", - "style": { - "font-size": "10pt" - }, - "donut": false, - "tilt": false, - "labels": true, - "arrangement": "vertical", - "chart": "bar", - "counter_pos": "below", - "spyable": true, - "queries": { - "mode": "all", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5 - ] - }, - "tmode": "terms", - "tstat": "total", - "valuefield": "", - "title": "alerts per program" - } - ], - "title": "Alerts sources" - }, - { - "error": false, - "span": 4, - "editable": true, - "type": "column", - "loadingEditor": false, - "panels": [ - { - "loading": false, - "sizeable": false, - "draggable": false, - "removable": false, - "span": 10, - "height": "150px", - "editable": true, - "type": "histogram", - "mode": "count", - "time_field": "@timestamp", - "value_field": null, - "x-axis": true, - "y-axis": true, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "queries": { - "mode": "selected", - "ids": [] - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "auto_int": true, - "resolution": 100, - "interval": "1s", - "intervals": [ - "auto", - "1s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1y" - ], - "lines": false, - "fill": 0, - "linewidth": 3, - "points": false, - "pointradius": 5, - "bars": true, - "stack": true, - "spyable": true, - "zoomlinks": true, - "options": true, - "legend": true, - "show_query": true, - "interactive": true, - "legend_counts": true, - "timezone": "browser", - "percentage": false, - "zerofill": true, - "derivative": false, - "tooltip": { - "value_type": "cumulative", - "query_as_alias": true - }, - "title": "Parse failure" - } - ], - "title": "Alerts" - } - ], - "notice": false - }, - { - "title": "Map", - "height": "600px", - "editable": true, - "collapse": true, - "collapsable": true, - "panels": [ - { - "error": false, - "span": 12, - "editable": true, - "type": "bettermap", - "loadingEditor": false, - "field": "Alert.Source.Node.Geoip.location", - "size": 1000, - "spyable": true, - "tooltip": "Alert.Source.Node.Name", - "queries": { - "mode": "all", - "ids": [ - 0, - 1, - 2, - 3, - 4, - 5 - ] - }, - "title": "Alert source locations" - } - ], - "notice": false - }, - { - "title": "Graph", - "height": "350px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "span": 12, - "editable": true, - "group": [ - "default" - ], - "type": "histogram", - "mode": "count", - "time_field": "@timestamp", - "value_field": null, - "auto_int": true, - "resolution": 100, - "interval": "1h", - "fill": 3, - "linewidth": 3, - "timezone": "browser", - "spyable": true, - "zoomlinks": true, - "bars": true, - "stack": true, - "points": false, - "lines": false, - "legend": true, - "x-axis": true, - "y-axis": true, - "percentage": false, - "interactive": true, - "queries": { - "mode": "selected", - "ids": [ - 0, - 1, - 2, - 3 - ] - }, - "title": "Events over time", - "intervals": [ - "auto", - "1s", - "1m", - "5m", - "10m", - "30m", - "1h", - "3h", - "12h", - "1d", - "1w", - "1M", - "1y" - ], - "options": true, - "tooltip": { - "value_type": "cumulative", - "query_as_alias": true - }, - "scale": 1, - "y_format": "none", - "grid": { - "max": null, - "min": 0 - }, - "annotate": { - "enable": false, - "query": "*", - "size": 20, - "field": "_type", - "sort": [ - "_score", - "desc" - ] - }, - "pointradius": 5, - "show_query": true, - "legend_counts": true, - "zerofill": true, - "derivative": false - } - ], - "notice": false - }, - { - "title": "Events", - "height": "350px", - "editable": true, - "collapse": false, - "collapsable": true, - "panels": [ - { - "title": "All events", - "error": false, - "span": 12, - "editable": true, - "group": [ - "default" - ], - "type": "table", - "size": 100, - "pages": 5, - "offset": 0, - "sort": [ - "@timestamp", - "desc" - ], - "style": { - "font-size": "9pt" - }, - "overflow": "min-height", - "fields": [ - "Alert.ReceiveTime", - "Alert.Sensor.Node.Name", - "Alert.Analyzer.Level.Normalized", - "Alert.Classification.Text", - "Alert.Source.rawmessage", - "Alert.Source.Node.Name" - ], - "localTime": true, - "timeField": "Alert.ReceiveTime", - "highlight": [], - "sortable": true, - "header": true, - "paging": true, - "spyable": true, - "queries": { - "mode": "selected", - "ids": [ - 4 - ] - }, - "field_list": false, - "status": "Stable", - "trimFactor": 300, - "normTimes": true, - "all_fields": true - } - ], - "notice": false - } - ], - "editable": true, - "failover": false, - "index": { - "interval": "day", - "pattern": "[logstash-]YYYY.MM.DD", - "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED", - "warm_fields": true - }, - "style": "dark", - "panel_hints": true, - "pulldowns": [ - { - "type": "query", - "collapse": false, - "notice": false, - "query": "*", - "pinned": true, - "history": [ - "tags:_grokparsefailure", - "*", - "Alert.Analyzer.Level.Normalized:12 TO 15]", - "Alert.Analyzer.Level.Normalized:[9 TO 11]", - "Alert.Analyzer.Level.Normalized:[6 TO 8]", - "Alert.Analyzer.Level.Normalized:[0 TO 5]", - "Alert.Analyzer.Level.Normalized:[0 to 5]" - ], - "remember": 10, - "enable": true - }, - { - "type": "filtering", - "collapse": false, - "notice": true, - "enable": true - } - ], - "nav": [ - { - "type": "timepicker", - "collapse": false, - "notice": false, - "status": "Stable", - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ], - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "timefield": "@timestamp", - "now": true, - "filter_id": 0, - "enable": true - } - ], - "loader": { - "save_gist": false, - "save_elasticsearch": true, - "save_local": true, - "save_default": true, - "save_temp": true, - "save_temp_ttl_enable": true, - "save_temp_ttl": "30d", - "load_gist": true, - "load_elasticsearch": true, - "load_elasticsearch_size": 20, - "load_local": true, - "hide": false - }, - "refresh": "30s" -} diff --git a/roles/elk/files/kibana.config.js b/roles/elk/files/kibana.config.js deleted file mode 100644 index 70c7c87..0000000 --- a/roles/elk/files/kibana.config.js +++ /dev/null @@ -1,80 +0,0 @@ -/** @scratch /configuration/config.js/1 - * - * == Configuration - * config.js is where you will find the core Kibana configuration. This file contains parameter that - * must be set before kibana is run for the first time. - */ -define(['settings'], - function (Settings) { - "use strict"; - - /** @scratch /configuration/config.js/2 - * - * === Parameters - */ - return new Settings({ - - /** @scratch /configuration/config.js/5 - * - * ==== elasticsearch - * - * The URL to your elasticsearch server. You almost certainly don't - * want +http://localhost:9200+ here. Even if Kibana and Elasticsearch are on - * the same host. By default this will attempt to reach ES at the same host you have - * kibana installed on. You probably want to set it to the FQDN of your - * elasticsearch host - * - * Note: this can also be an object if you want to pass options to the http client. For example: - * - * +elasticsearch: {server: "http://localhost:9200", withCredentials: true}+ - * - */ - elasticsearch: "http://"+window.location.hostname+":9200", - - /** @scratch /configuration/config.js/5 - * - * ==== default_route - * - * This is the default landing page when you don't specify a dashboard to load. You can specify - * files, scripts or saved dashboards here. For example, if you had saved a dashboard called - * `WebLogs' to elasticsearch you might use: - * - * default_route: '/dashboard/elasticsearch/WebLogs', - */ - default_route : '/dashboard/file/ossec.json', - - /** @scratch /configuration/config.js/5 - * - * ==== kibana-int - * - * The default ES index to use for storing Kibana specific object - * such as stored dashboards - */ - kibana_index: "kibana-int", - - /** @scratch /configuration/config.js/5 - * - * ==== panel_name - * - * An array of panel modules available. Panels will only be loaded when they are defined in the - * dashboard, but this list is used in the "add panel" interface. - */ - panel_names: [ - 'histogram', - 'map', - 'goal', - 'table', - 'filtering', - 'timepicker', - 'text', - 'hits', - 'column', - 'trends', - 'bettermap', - 'query', - 'terms', - 'stats', - 'sparklines' - ] - }); - }); diff --git a/roles/elk/files/kibana.service b/roles/elk/files/kibana.service deleted file mode 100644 index 7410d1a..0000000 --- a/roles/elk/files/kibana.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Kibana 4 - -[Service] -ExecStart=/opt/lightsiem/kibana4/bin/kibana -StandartOutput=syslog -SyslogIdentifier=Kibana - -[Install] -WantedBy=multi-user.target diff --git a/roles/elk/files/module.html b/roles/elk/files/module.html deleted file mode 100644 index 3312a2d..0000000 --- a/roles/elk/files/module.html +++ /dev/null @@ -1,202 +0,0 @@ -
- - -
- -
-
- - Fields

- -

- - All ({{fields.list.length}}) / - - Current ({{current_fields.length || 0}}) -
- -
-
- -
- Note These fields have been
- extracted from your mapping.
- Not all fields may be available
- in your source document. -
- -
    -
  • - - -
    • -
- -
    -
  • - - -
    • -
- -
-
- -
- -
-
-

- - {{adhocOpts.title}} - -

- -
- - -
-
- - -
-
- {{panel.offset}} to {{panel.offset + data.slice(panel.offset,panel.offset+panel.size).length}} - of {{data.length}} available for paging -
-
- -
-
- - - - - - - - - - - - - - - -
_source (select columns from the list to the left) - - - - {{field}} - - - {{field}} - -
- - -
- - View: - Table / - JSON / - Raw - - - - - - - - - - - - - - -
FieldActionValue
- - - -
- 

-                            

-                        

-                

-                    

-                        
-                        
-                    

-                    

-                        {{panel.offset}} to {{panel.offset + data.slice(panel.offset,panel.offset+panel.size).length}}
-                         of {{data.length}} available for paging
-                    

-                    

-                        
-                    

-                

-            

-        

-    

-

\ No newline at end of file
diff --git a/roles/elk/tasks/main.yml b/roles/elk/tasks/main.yml
index 8654185..a2dd8b8 100644
--- a/roles/elk/tasks/main.yml
+++ b/roles/elk/tasks/main.yml
@@ -196,8 +196,3 @@
   copy: src=kibana-config.yml dest=/opt/kibana/config/kibana.yml
   tags:
         - configuration
-
-- name: Copy Kibana dashboards
-  copy: src=kibana-dashboards/kibana.json dest=/tmp/
-  tags:
-        - configuration