{
"attributes": {
"description": "Microsoft Defender ATP Incident Table",
"kibanaSavedObjectMeta": {
"searchSourceJSON": {
"filter": [
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"key": "event.module",
"negate": false,
"params": {
"query": "microsoft"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.module": "microsoft"
}
}
},
{
"$state": {
"store": "appState"
},
"meta": {
"alias": null,
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
"key": "event.dataset",
"negate": false,
"params": {
"query": "microsoft.defender_atp"
},
"type": "phrase"
},
"query": {
"match_phrase": {
"event.dataset": "microsoft.defender_atp"
}
}
}
],
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
"query": {
"language": "kuery",
"query": ""
}
}
},
"title": "ATP Incident Table [Filebeat Microsoft]",
"uiStateJSON": {
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
},
"version": 1,
"visState": {
"aggs": [
{
"enabled": true,
"id": "2",
"params": {
"customLabel": "Incident ID",
"field": "microsoft.defender_atp.incidentId",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 100
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "3",
"params": {
"customLabel": "Current Status",
"field": "microsoft.defender_atp.status",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 1
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "5",
"params": {
"customLabel": "Assigned To",
"field": "microsoft.defender_atp.assignedTo",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 1
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "9",
"params": {
"customLabel": "Severity",
"field": "event.severity",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 5
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "4",
"params": {
"customLabel": "Hostname",
"field": "host.hostname",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 1
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "6",
"params": {
"customLabel": "Title",
"field": "event.test.message",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 1
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "8",
"params": {
"aggregate": "concat",
"field": "@timestamp",
"size": 1,
"sortField": "@timestamp",
"sortOrder": "desc"
},
"schema": "metric",
"type": "top_hits"
},
{
"enabled": true,
"id": "10",
"params": {
"customLabel": "Category",
"field": "threat.technique.name",
"missingBucket": false,
"missingBucketLabel": "Missing",
"order": "desc",
"orderBy": "_key",
"otherBucket": false,
"otherBucketLabel": "Other",
"size": 1
},
"schema": "bucket",
"type": "terms"
}
],
"params": {
"perPage": 10,
"percentageCol": "",
"row": true,
"showMetricsAtAllLevels": false,
"showPartialRows": false,
"showToolbar": true,
"showTotal": false,
"sort": {
"columnIndex": null,
"direction": null
},
"totalFunc": "sum"
},
"title": "ATP Incident Table [Filebeat Microsoft]",
"type": "table"
}
},
"coreMigrationVersion": "8.0.0",
"id": "00e8fca0-ca68-11ea-9d4d-9737a63aaa55",
"migrationVersion": {
"visualization": "7.14.0"
},
"references": [
{
"id": "filebeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern"
},
{
"id": "filebeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern"
},
{
"id": "filebeat-*",
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
"type": "index-pattern"
}
],
"type": "visualization",
"updated_at": "2021-08-04T16:34:12.667Z",
"version": "WzQ0NTMsMV0="
}