-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathLinux USB drive monitoring.ndjson
More file actions
2 lines (2 loc) · 3.8 KB
/
Linux USB drive monitoring.ndjson
File metadata and controls
2 lines (2 loc) · 3.8 KB
1
2
{"attributes":{"description":"Shows authorized and unauthorized USB drives.","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"language\": \"kuery\",\n \"query\": \"\"\n },\n \"filter\": [],\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Linux USB drive monitoring","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\n \"title\": \"Linux USB drive monitoring\",\n \"type\": \"table\",\n \"aggs\": [\n {\n \"id\": \"1\",\n \"enabled\": true,\n \"type\": \"count\",\n \"params\": {},\n \"schema\": \"metric\"\n },\n {\n \"id\": \"2\",\n \"enabled\": true,\n \"type\": \"filters\",\n \"params\": {\n \"filters\": [\n {\n \"input\": {\n \"query\": \"rule.id:111010\",\n \"language\": \"kuery\"\n },\n \"label\": \"Authorized USB drive\"\n },\n {\n \"input\": {\n \"query\": \"rule.id:111011\",\n \"language\": \"kuery\"\n },\n \"label\": \"Unauthorized USB drive\"\n }\n ]\n },\n \"schema\": \"split\"\n },\n {\n \"id\": \"3\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"params\": {\n \"field\": \"agent.id\",\n \"orderBy\": \"1\",\n \"order\": \"desc\",\n \"size\": 5,\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Agent ID\"\n },\n \"schema\": \"bucket\"\n },\n {\n \"id\": \"4\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"params\": {\n \"field\": \"agent.ip\",\n \"orderBy\": \"1\",\n \"order\": \"desc\",\n \"size\": 5,\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Agent IP\"\n },\n \"schema\": \"bucket\"\n },\n {\n \"id\": \"5\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"params\": {\n \"field\": \"agent.name\",\n \"orderBy\": \"1\",\n \"order\": \"desc\",\n \"size\": 5,\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"Device Name\"\n },\n \"schema\": \"bucket\"\n },\n {\n \"id\": \"6\",\n \"enabled\": true,\n \"type\": \"terms\",\n \"params\": {\n \"field\": \"rule.description\",\n \"orderBy\": \"1\",\n \"order\": \"desc\",\n \"size\": 5,\n \"otherBucket\": false,\n \"otherBucketLabel\": \"Other\",\n \"missingBucket\": false,\n \"missingBucketLabel\": \"Missing\",\n \"customLabel\": \"USB Description\"\n },\n \"schema\": \"bucket\"\n }\n ],\n \"params\": {\n \"perPage\": 10,\n \"showPartialRows\": false,\n \"showMetricsAtAllLevels\": false,\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n },\n \"showTotal\": true,\n \"totalFunc\": \"sum\",\n \"percentageCol\": \"\",\n \"row\": true\n }\n}"},"id":"2e293a87-2eae-4e94-832a-a601aeaed51c","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"35d3c727-1116-41b6-aa88-4c4ab29332bf","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2025-05-06T16:35:09.188Z","version":"WzEyMywxMV0="}
{"exportedCount":1,"missingRefCount":0,"missingReferences":[]}