Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "v": 1,
- "id": "e7ea6648-9702-4f5a-b9e2-d3fb811af8d0",
- "rev": 1,
- "name": "Palo Alto Traffic Content Pack",
- "summary": "Palo Alto Traffic Content Pack",
- "description": "Syslog listens on port 10001 (UDP)\n\nExtractors are all Split & Index for PanOS 8.1",
- "vendor": "Palo Alto",
- "url": "",
- "parameters": [],
- "entities": [{
- "v": "1",
- "type": {
- "name": "input",
- "version": "1"
- },
- "id": "121309de-7740-460c-91b9-9b31168b8452",
- "data": {
- "title": {
- "@type": "string",
- "@value": "Palo Alto"
- },
- "configuration": {
- "tls_key_file": {
- "@type": "string",
- "@value": "admin"
- },
- "port": {
- "@type": "integer",
- "@value": 10001
- },
- "tls_enable": {
- "@type": "boolean",
- "@value": false
- },
- "use_null_delimiter": {
- "@type": "boolean",
- "@value": false
- },
- "recv_buffer_size": {
- "@type": "integer",
- "@value": 1048576
- },
- "tcp_keepalive": {
- "@type": "boolean",
- "@value": false
- },
- "force_rdns": {
- "@type": "boolean",
- "@value": false
- },
- "allow_override_date": {
- "@type": "boolean",
- "@value": true
- },
- "tls_client_auth_cert_file": {
- "@type": "string",
- "@value": ""
- },
- "bind_address": {
- "@type": "string",
- "@value": "0.0.0.0"
- },
- "tls_cert_file": {
- "@type": "string",
- "@value": ""
- },
- "expand_structured_data": {
- "@type": "boolean",
- "@value": false
- },
- "max_message_size": {
- "@type": "integer",
- "@value": 2097152
- },
- "store_full_message": {
- "@type": "boolean",
- "@value": false
- },
- "tls_client_auth": {
- "@type": "string",
- "@value": "disabled"
- },
- "number_worker_threads": {
- "@type": "integer",
- "@value": 2
- },
- "tls_key_password": {
- "@type": "string",
- "@value": "3tmFXp7P"
- }
- },
- "static_fields": {},
- "type": {
- "@type": "string",
- "@value": "org.graylog2.inputs.syslog.tcp.SyslogTCPInput"
- },
- "global": {
- "@type": "boolean",
- "@value": true
- },
- "extractors": [{
- "target_field": {
- "@type": "string",
- "@value": "receive_date_time"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 2
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "System - Receive Date"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "hostname"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 1
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "System - Hostname"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_nat_src_ip"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 10
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - NAT Source IP"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "time_generated"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 7
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "System - Log Time Generated"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "serial_number"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 3
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "System - Serial Number"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "log_subtype"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 5
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "System - Log Subtype"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "log_type"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 4
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "System - Log Type"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_dst_ip"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 9
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Destination IP"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "firewall_rule"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 12
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - FIrewall Rule"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_src_ip"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 8
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Source IP"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "application"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 15
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Application"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_dst_zone"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 18
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Destination Zone"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_src_zone"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 17
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Source Zone"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_src_port"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 25
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Source Port"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_dst_port"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 26
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Destination Port"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "repeat_count"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 24
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Repeat Count (5 seconds)"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "egress_interface"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 20
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Egress Interface"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_id"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 23
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Session ID"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_total_bytes"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 32
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Total Bytes"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "ingress_interface"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 19
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Ingress Interface"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_nat_src_port"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 27
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - NAT Source Port"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_ip_proto"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 30
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - IP Protocol"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_nat_dst_port"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 28
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - NAT Destination Port"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "action"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 31
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Action"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_bytes_sent"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 33
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Bytes Sent"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_bytes_received"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 34
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Bytes Received"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_flags"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 29
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Flags"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_total_packets"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 35
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Total Packets"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "url_category"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 38
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - URL Category"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_start_time"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 36
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Start Time"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_elapsed_time_sec"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 37
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Elapsed Time (Seconds)"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "source_country"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 42
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Source Country"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "destination_country"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 43
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Destination Country"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "pkts_sent"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 45
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Packets Sent"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "session_end_reason"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 47
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - End Reason"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "action_source"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 54
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Action Source"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- },
- {
- "target_field": {
- "@type": "string",
- "@value": "pkts_received"
- },
- "condition_value": {
- "@type": "string",
- "@value": ""
- },
- "order": {
- "@type": "integer",
- "@value": 0
- },
- "converters": [],
- "configuration": {
- "index": {
- "@type": "integer",
- "@value": 46
- },
- "split_by": {
- "@type": "string",
- "@value": ","
- }
- },
- "source_field": {
- "@type": "string",
- "@value": "message"
- },
- "title": {
- "@type": "string",
- "@value": "Session - Packets Received"
- },
- "type": {
- "@type": "string",
- "@value": "SPLIT_AND_INDEX"
- },
- "cursor_strategy": {
- "@type": "string",
- "@value": "COPY"
- },
- "condition_type": {
- "@type": "string",
- "@value": "NONE"
- }
- }
- ]
- },
- "constraints": [{
- "type": "server-version",
- "version": ">=3.2.1"
- }]
- },
- {
- "v": "1",
- "type": {
- "name": "stream",
- "version": "1"
- },
- "id": "5d22e8f8-c982-41f2-82c0-dbf8a9125594",
- "data": {
- "alarm_callbacks": [],
- "outputs": [],
- "remove_matches": {
- "@type": "boolean",
- "@value": false
- },
- "title": {
- "@type": "string",
- "@value": "Palo Alto Traffic"
- },
- "stream_rules": [{
- "type": {
- "@type": "string",
- "@value": "EXACT"
- },
- "field": {
- "@type": "string",
- "@value": "source"
- },
- "value": {
- "@type": "string",
- "@value": "Panorama-1"
- },
- "inverted": {
- "@type": "boolean",
- "@value": false
- },
- "description": {
- "@type": "string",
- "@value": ""
- }
- }],
- "alert_conditions": [],
- "matching_type": {
- "@type": "string",
- "@value": "AND"
- },
- "disabled": {
- "@type": "boolean",
- "@value": false
- },
- "description": {
- "@type": "string",
- "@value": "Firewall Traffic Messages"
- },
- "default_stream": {
- "@type": "boolean",
- "@value": false
- }
- },
- "constraints": [{
- "type": "server-version",
- "version": ">=3.2.1"
- }]
- },
- {
- "v": "1",
- "type": {
- "name": "dashboard",
- "version": "2"
- },
- "id": "44493158-7991-4fa1-bb24-7a47d7a9e259",
- "data": {
- "summary": {
- "@type": "string",
- "@value": "Firewall Traffic - Last 1 Day"
- },
- "search": {
- "queries": [{
- "id": "f706ae7b-dbc8-4137-b3f8-6af50f79efba",
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "filter": {
- "type": "or",
- "filters": [{
- "type": "stream",
- "filters": null,
- "id": "5d22e8f8-c982-41f2-82c0-dbf8a9125594",
- "title": null
- }]
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "search_types": [{
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "count()",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [{
- "type": "values",
- "field": "application",
- "limit": 15
- }],
- "type": "pivot",
- "id": "3f46b994-dff9-45f9-8b21-a888f2435971",
- "column_groups": [],
- "sort": []
- },
- {
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "count()",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [{
- "type": "values",
- "field": "url_category",
- "limit": 15
- }],
- "type": "pivot",
- "id": "eda4e1b0-bcfb-4cbb-9fcc-31a3b6a69ddd",
- "column_groups": [],
- "sort": []
- },
- {
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "count()",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [{
- "type": "values",
- "field": "action",
- "limit": 15
- }],
- "type": "pivot",
- "id": "eb7256b9-f044-40a9-bfe0-e40994831054",
- "column_groups": [],
- "sort": []
- },
- {
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "count()",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [{
- "type": "values",
- "field": "destination_country",
- "limit": 15
- }],
- "type": "pivot",
- "id": "b64992f7-a3ba-4e21-ac6e-a415523ad8bd",
- "column_groups": [],
- "sort": []
- },
- {
- "query": null,
- "name": null,
- "timerange": null,
- "offset": 0,
- "streams": [],
- "filter": null,
- "decorators": [],
- "type": "messages",
- "id": "2d1fd0d2-04fa-451b-88f3-8a7cf53df21b",
- "limit": 150
- },
- {
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "count()",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [{
- "type": "values",
- "field": "firewall_rule",
- "limit": 15
- }],
- "type": "pivot",
- "id": "efb69f75-ed42-4f50-b43b-eaf1c8a685ef",
- "column_groups": [],
- "sort": []
- },
- {
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "count()",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [{
- "type": "time",
- "field": "timestamp",
- "interval": {
- "type": "auto",
- "scaling": 1
- }
- }],
- "type": "pivot",
- "id": "88a6a24f-1192-41e8-b290-d0add49dad9c",
- "column_groups": [],
- "sort": []
- },
- {
- "query": null,
- "name": "chart",
- "timerange": null,
- "streams": [],
- "series": [{
- "type": "count",
- "id": "Message Count",
- "field": null
- }],
- "filter": null,
- "rollup": true,
- "row_groups": [],
- "type": "pivot",
- "id": "3a633c18-12a3-453c-be15-6dce9543be65",
- "column_groups": [],
- "sort": []
- }
- ]
- }],
- "parameters": [],
- "requires": {},
- "owner": "admin",
- "created_at": "2020-10-01T08:52:01.280Z"
- },
- "created_at": "2020-10-01T08:44:06.128Z",
- "requires": {},
- "state": {
- "f706ae7b-dbc8-4137-b3f8-6af50f79efba": {
- "selected_fields": null,
- "static_message_list_id": null,
- "titles": {
- "widget": {
- "d4a7ade1-e549-483d-b599-e0e0aa28297b": "Message Count",
- "46eb0faa-0496-4a38-874b-f50b4de3ed25": "All Messages",
- "346d13b3-df23-4966-8d0b-893bd123ee92": "Log Message Generated",
- "5ab10b98-be52-4177-8da2-407eccbe7e56": "Top Destination Countries",
- "b6b57f94-e6eb-4408-b52d-0e0dfcba6692": "Top URL Categories",
- "885a1d8f-03d2-49ac-b0cf-9895df7370e4": "Top Firewall Rules",
- "682d51b9-0815-4653-80b0-1388e0a3d34c": "Top Applications",
- "00c682c0-6027-4150-ad6a-6476a293ab70": "Top Firewall Actions"
- }
- },
- "widgets": [{
- "id": "46eb0faa-0496-4a38-874b-f50b4de3ed25",
- "type": "messages",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "fields": [
- "timestamp",
- "source"
- ],
- "show_message_row": true,
- "decorators": [],
- "sort": [{
- "type": "pivot",
- "field": "timestamp",
- "direction": "Descending"
- }]
- }
- },
- {
- "id": "885a1d8f-03d2-49ac-b0cf-9895df7370e4",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "table",
- "event_annotation": false,
- "row_pivots": [{
- "field": "firewall_rule",
- "type": "values",
- "config": {
- "limit": 15
- }
- }],
- "series": [{
- "config": {
- "name": null
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- },
- {
- "id": "346d13b3-df23-4966-8d0b-893bd123ee92",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "numeric",
- "event_annotation": false,
- "row_pivots": [],
- "series": [{
- "config": {
- "name": "Message Count"
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- },
- {
- "id": "5ab10b98-be52-4177-8da2-407eccbe7e56",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "table",
- "event_annotation": false,
- "row_pivots": [{
- "field": "destination_country",
- "type": "values",
- "config": {
- "limit": 15
- }
- }],
- "series": [{
- "config": {
- "name": null
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- },
- {
- "id": "b6b57f94-e6eb-4408-b52d-0e0dfcba6692",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "table",
- "event_annotation": false,
- "row_pivots": [{
- "field": "url_category",
- "type": "values",
- "config": {
- "limit": 15
- }
- }],
- "series": [{
- "config": {
- "name": null
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- },
- {
- "id": "00c682c0-6027-4150-ad6a-6476a293ab70",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "table",
- "event_annotation": false,
- "row_pivots": [{
- "field": "action",
- "type": "values",
- "config": {
- "limit": 15
- }
- }],
- "series": [{
- "config": {
- "name": null
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- },
- {
- "id": "d4a7ade1-e549-483d-b599-e0e0aa28297b",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "bar",
- "event_annotation": false,
- "row_pivots": [{
- "field": "timestamp",
- "type": "time",
- "config": {
- "interval": {
- "type": "auto",
- "scaling": null
- }
- }
- }],
- "series": [{
- "config": {
- "name": null
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- },
- {
- "id": "682d51b9-0815-4653-80b0-1388e0a3d34c",
- "type": "aggregation",
- "filter": null,
- "timerange": {
- "type": "relative",
- "range": 86400
- },
- "query": {
- "type": "elasticsearch",
- "query_string": ""
- },
- "streams": [
- "5d22e8f8-c982-41f2-82c0-dbf8a9125594"
- ],
- "config": {
- "visualization": "table",
- "event_annotation": false,
- "row_pivots": [{
- "field": "application",
- "type": "values",
- "config": {
- "limit": 15
- }
- }],
- "series": [{
- "config": {
- "name": null
- },
- "function": "count()"
- }],
- "rollup": true,
- "column_pivots": [],
- "visualization_config": null,
- "formatting_settings": null,
- "sort": []
- }
- }
- ],
- "widget_mapping": {
- "d4a7ade1-e549-483d-b599-e0e0aa28297b": [
- "88a6a24f-1192-41e8-b290-d0add49dad9c"
- ],
- "46eb0faa-0496-4a38-874b-f50b4de3ed25": [
- "2d1fd0d2-04fa-451b-88f3-8a7cf53df21b"
- ],
- "346d13b3-df23-4966-8d0b-893bd123ee92": [
- "3a633c18-12a3-453c-be15-6dce9543be65"
- ],
- "5ab10b98-be52-4177-8da2-407eccbe7e56": [
- "b64992f7-a3ba-4e21-ac6e-a415523ad8bd"
- ],
- "b6b57f94-e6eb-4408-b52d-0e0dfcba6692": [
- "eda4e1b0-bcfb-4cbb-9fcc-31a3b6a69ddd"
- ],
- "885a1d8f-03d2-49ac-b0cf-9895df7370e4": [
- "efb69f75-ed42-4f50-b43b-eaf1c8a685ef"
- ],
- "682d51b9-0815-4653-80b0-1388e0a3d34c": [
- "3f46b994-dff9-45f9-8b21-a888f2435971"
- ],
- "00c682c0-6027-4150-ad6a-6476a293ab70": [
- "eb7256b9-f044-40a9-bfe0-e40994831054"
- ]
- },
- "positions": {
- "d4a7ade1-e549-483d-b599-e0e0aa28297b": {
- "col": 1,
- "row": 9,
- "height": 2,
- "width": "Infinity"
- },
- "46eb0faa-0496-4a38-874b-f50b4de3ed25": {
- "col": 1,
- "row": 11,
- "height": 6,
- "width": "Infinity"
- },
- "346d13b3-df23-4966-8d0b-893bd123ee92": {
- "col": 1,
- "row": 1,
- "height": 4,
- "width": 4
- },
- "5ab10b98-be52-4177-8da2-407eccbe7e56": {
- "col": 5,
- "row": 1,
- "height": 4,
- "width": 4
- },
- "b6b57f94-e6eb-4408-b52d-0e0dfcba6692": {
- "col": 9,
- "row": 2,
- "height": 4,
- "width": 4
- },
- "885a1d8f-03d2-49ac-b0cf-9895df7370e4": {
- "col": 1,
- "row": 5,
- "height": 4,
- "width": 4
- },
- "682d51b9-0815-4653-80b0-1388e0a3d34c": {
- "col": 5,
- "row": 5,
- "height": 4,
- "width": 4
- },
- "00c682c0-6027-4150-ad6a-6476a293ab70": {
- "col": 9,
- "row": 4,
- "height": 4,
- "width": 4
- }
- },
- "formatting": {
- "highlighting": []
- },
- "display_mode_settings": {
- "positions": {}
- }
- }
- },
- "properties": [],
- "owner": "admin",
- "title": {
- "@type": "string",
- "@value": "Firewall Traffic - Last 1 Day"
- },
- "type": "DASHBOARD",
- "description": {
- "@type": "string",
- "@value": ""
- }
- },
- "constraints": [{
- "type": "server-version",
- "version": ">=3.2.1"
- }]
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
