File: //usr/share/filebeat/kibana/8/visualization/cef-18a1d5b4-8f9e-43b6-a6e7-d9f24db85136.json
{
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": {
"filter": []
}
},
"savedSearchRefName": "search_0",
"title": "Top 15 Event Types by Events — ArcSight [Filebeat CEF]",
"uiStateJSON": {
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
},
"version": 1,
"visState": {
"aggs": [
{
"enabled": true,
"id": "2",
"params": {
"customLabel": "Event Types",
"field": "cef.extensions.categoryBehavior",
"order": "desc",
"orderBy": "1",
"size": 15
},
"schema": "bucket",
"type": "terms"
},
{
"enabled": true,
"id": "3",
"params": {
"customLabel": "Source Users",
"field": "source.user.name"
},
"schema": "metric",
"type": "cardinality"
},
{
"enabled": true,
"id": "4",
"params": {
"customLabel": "Destination Users",
"field": "destination.user.name"
},
"schema": "metric",
"type": "cardinality"
},
{
"enabled": true,
"id": "5",
"params": {
"customLabel": "Source Hosts",
"field": "source.domain"
},
"schema": "metric",
"type": "cardinality"
},
{
"enabled": true,
"id": "6",
"params": {
"customLabel": "Destination Hosts",
"field": "destination.domain"
},
"schema": "metric",
"type": "cardinality"
},
{
"enabled": true,
"id": "1",
"params": {},
"schema": "metric",
"type": "count"
}
],
"listeners": {},
"params": {
"perPage": 15,
"showMeticsAtAllLevels": false,
"showPartialRows": false,
"showToolbar": true,
"showTotal": false,
"sort": {
"columnIndex": null,
"direction": null
},
"totalFunc": "sum"
},
"title": "Top 15 Event Types by Events — ArcSight [Filebeat CEF]",
"type": "table"
}
},
"coreMigrationVersion": "8.3.3",
"id": "cef-18a1d5b4-8f9e-43b6-a6e7-d9f24db85136",
"migrationVersion": {
"visualization": "8.3.0"
},
"references": [
{
"id": "cef-69d6e511-7744-429a-9aa4-ceae2222db94",
"name": "search_0",
"type": "search"
}
],
"type": "visualization",
"updated_at": "2022-08-24T00:29:51.550Z",
"version": "WzIzNzAsMV0="
}