diff --git a/Dockerfiles/dashboards-helper.Dockerfile b/Dockerfiles/dashboards-helper.Dockerfile index 3286b7b37..e9af4c061 100644 --- a/Dockerfiles/dashboards-helper.Dockerfile +++ b/Dockerfiles/dashboards-helper.Dockerfile @@ -95,7 +95,7 @@ RUN apk update --no-cache && \ /opt/templates && \ chmod 755 /data/*.sh /data/*.py /data/init && \ chmod 400 /opt/maps/* && \ - (echo -e "*/2 * * * * /data/create-arkime-sessions-index.sh\n0 10 * * * /data/index-refresh.py --index MALCOLM_NETWORK_INDEX_PATTERN --template malcolm_template --unassigned\n30 */2 * * * /data/index-refresh.py --index MALCOLM_OTHER_INDEX_PATTERN --template malcolm_beats_template --unassigned\n*/20 * * * * /data/opensearch_index_size_prune.py" > ${SUPERCRONIC_CRONTAB}) + (echo -e "*/2 * * * * /data/shared-object-creation.sh\n0 10 * * * /data/index-refresh.py --index MALCOLM_NETWORK_INDEX_PATTERN --template malcolm_template --unassigned\n30 */2 * * * /data/index-refresh.py --index MALCOLM_OTHER_INDEX_PATTERN --template malcolm_beats_template --unassigned\n*/20 * * * * /data/opensearch_index_size_prune.py" > ${SUPERCRONIC_CRONTAB}) EXPOSE $OFFLINE_REGION_MAPS_PORT diff --git a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json index 8c6ea75d6..8f7da041a 100644 --- a/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json +++ b/dashboards/dashboards/024062a6-48d6-498f-a91a-3bf2da3a3cd3.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-10-12T18:27:47.478Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzg4MywxXQ==", "attributes": { "title": "X.509", @@ -608,4 +608,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json index 830b701bf..f445b4a93 100644 --- a/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json +++ b/dashboards/dashboards/03207c00-d07e-11ec-b4a7-d1b4003706b7.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-05-10T16:42:42.241Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEyMTAsMV0=", "attributes": { "title": "GENISYS", @@ -381,4 +381,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json index d7f067053..4c106482e 100644 --- a/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json +++ b/dashboards/dashboards/05e3e000-f118-11e9-acda-83a8e29e1a24.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-05-11T13:57:03.753Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE1OTcsMV0=", "attributes": { "title": "LDAP", @@ -478,4 +478,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json index 5f58138a1..4b746f808 100644 --- a/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json +++ b/dashboards/dashboards/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T15:29:57.350Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE5MDYsMV0=", "attributes": { "title": "FTP", @@ -382,4 +382,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json index 2a6bfa266..287971fc9 100644 --- a/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json +++ b/dashboards/dashboards/0a490422-0ce9-44bf-9a2d-19329ddde8c3.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-11-16T21:13:35.008Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEzMzEsMV0=", "attributes": { "title": "PE", @@ -389,4 +389,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json index 75ddb6bdd..9e911124e 100644 --- a/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json +++ b/dashboards/dashboards/0ad3d7c2-3441-485e-9dfe-dbb22e84e576.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-05-04T20:30:33.149Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEzNjIsMV0=", "attributes": { "title": "Overview", @@ -467,4 +467,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json index a35d26d64..1055983d2 100644 --- a/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json +++ b/dashboards/dashboards/0aed0e23-c8ac-4f2b-9f68-d04b6e7666b0.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:10.810Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEzMSwxXQ==", "attributes": { "title": "Connections - Destination - Top Connection Duration", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json index 2a17f5301..f66753a14 100644 --- a/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json +++ b/dashboards/dashboards/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:02:01.961Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzMxNDEsMV0=", "attributes": { "title": "SIP", @@ -524,4 +524,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json index b9a5a8126..d4e930578 100644 --- a/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json +++ b/dashboards/dashboards/11be6381-beef-40a7-bdce-88c5398392fc.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T19:07:48.772Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM4MjQsMV0=", "attributes": { "title": "Tunnels", @@ -349,4 +349,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json index b277bfedb..87707105f 100644 --- a/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json +++ b/dashboards/dashboards/11ddd980-e388-11e9-b568-cf17de8e860c.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T16:02:59.762Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzIzNjUsMV0=", "attributes": { "title": "QUIC", @@ -383,4 +383,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json index ebed9bfb7..4e1b49d2b 100644 --- a/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json +++ b/dashboards/dashboards/12e3a130-d83b-11eb-a0b0-f328ce09b0b7.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-10-25T21:21:24.534Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzkwNiwxXQ==", "attributes": { "title": "ICS Best Guess", @@ -338,4 +338,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json index 09deb82f8..4ce8a4986 100644 --- a/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json +++ b/dashboards/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-11-10T19:05:19.809Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1NywxXQ==", "attributes": { "title": "Modbus", @@ -848,4 +848,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json index 81b246aa5..a5acadef3 100644 --- a/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json +++ b/dashboards/dashboards/1cc01ff0-5205-11ec-a62c-7bc80e88f3f0.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-11-30T18:12:05.004Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE0MDYsMV0=", "attributes": { "title": "OSPF", @@ -419,4 +419,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json index b8206ee94..7a8144e6b 100644 --- a/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/1ce42250-3f99-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:16.017Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzIzOCwxXQ==", "attributes": { "title": "Connections - Source - Sum of Total Bytes (region map)", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json index 758b41493..56d07e97b 100644 --- a/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json +++ b/dashboards/dashboards/1fff49f6-0199-4a0f-820b-721aff9ff1f1.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-05-04T17:52:19.656Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE2MSwxXQ==", "attributes": { "title": "Zeek Weird", @@ -278,4 +278,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json index 1917c8766..699d27535 100644 --- a/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/29a1b290-eb98-11e9-a384-0fcf32210194.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-02-14T15:38:50.396Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwNDMsMV0=", "attributes": { "title": "EtherNet/IP", @@ -526,4 +526,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json index 8f9f90ff6..e0839bf26 100644 --- a/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/2bec1490-eb94-11e9-a384-0fcf32210194.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-07-18T21:25:43.221Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1NiwxXQ==", "attributes": { "title": "BACnet", @@ -585,4 +585,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json index afeba696d..4a86908eb 100644 --- a/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json +++ b/dashboards/dashboards/2cc56240-e460-11ed-a9d5-9f591c284cb4.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-04-26T19:48:24.081Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1MSwxXQ==", "attributes": { "title": "Synchrophasor", @@ -638,4 +638,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json index 9283cd75d..0e7b1f874 100644 --- a/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json +++ b/dashboards/dashboards/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-05-11T14:11:53.521Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE3OTQsMV0=", "attributes": { "title": "DNS", @@ -522,4 +522,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json index cfe10cc20..cfe29e051 100644 --- a/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json +++ b/dashboards/dashboards/2d98bb8e-214c-4374-837b-20e1bcd63a5e.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:21.144Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzMyOCwxXQ==", "attributes": { "title": "DHCP", @@ -386,4 +386,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json index 486cfa584..12fb191c4 100644 --- a/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/32587740-ef88-11e9-b38a-2db3ee640e88.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:52:27.963Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM2NDEsMV0=", "attributes": { "title": "Tabular Data Stream - RPC", @@ -278,4 +278,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json index 379ddd8b6..2a24f8c6f 100644 --- a/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json +++ b/dashboards/dashboards/36ed695f-edcc-47c1-b0ec-50d20c93ce0f.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-01-12T18:32:51.293Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwMjMsMV0=", "attributes": { "title": "Zeek Intelligence", @@ -455,4 +455,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json index 7bcce0a43..4af306a73 100644 --- a/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json +++ b/dashboards/dashboards/37041ee1-79c0-4684-a436-3173b0e89876.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-11-14T19:40:46.803Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1NCwxXQ==", "attributes": { "title": "HTTP", @@ -656,4 +656,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json index 0494646a7..8ab4c8316 100644 --- a/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/39abfe30-3f99-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:25.340Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzQxNCwxXQ==", "attributes": { "title": "Connections - Source - Top Connection Duration (region map)", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json index 431a69e37..4c8648984 100644 --- a/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json +++ b/dashboards/dashboards/42e831b9-41a9-4f35-8b7d-e1566d368773.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-11-12T20:12:35.920Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEyMzMsMV0=", "attributes": { "title": "SMB", @@ -531,4 +531,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json index d6e17e227..28a8701da 100644 --- a/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json +++ b/dashboards/dashboards/432af556-c5c0-4cc3-8166-b274b4e3a406.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T15:16:14.488Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE4MjcsMV0=", "attributes": { "title": "DCE/RPC", @@ -454,4 +454,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json index a9c3d9f39..b3f97f28b 100644 --- a/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json +++ b/dashboards/dashboards/4a073440-b286-11eb-a4d4-09fa12a6ebd4.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-05-11T19:19:14.565Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzE1OTcsMV0=", "attributes": { "title": "EtherCAT", @@ -352,4 +352,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json index 43b5060a6..3dc0fcd3c 100644 --- a/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json +++ b/dashboards/dashboards/4a4bde20-4760-11ea-949c-bbb5a9feecbf.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:28.484Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzQ0OCwxXQ==", "attributes": { "title": "ICS/IoT Security Overview", @@ -504,4 +504,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json index 367b791b7..7233c114b 100644 --- a/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json +++ b/dashboards/dashboards/4e5f106e-c60a-4226-8f64-d534abb912ab.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-11-14T19:36:48.975Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1MiwxXQ==", "attributes": { "title": "SNMP", @@ -377,4 +377,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json index 57d8d5167..393cf9b03 100644 --- a/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json +++ b/dashboards/dashboards/50ced171-1b10-4c3f-8b67-2db9635661a6.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T15:59:01.107Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzIzMTEsMV0=", "attributes": { "title": "MySQL", @@ -243,4 +243,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json index 18437071d..7e0fa30c3 100644 --- a/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json +++ b/dashboards/dashboards/543118a9-02d7-43fe-b669-b8652177fc37.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T15:55:44.537Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzIyNDcsMV0=", "attributes": { "title": "NTLM", @@ -456,4 +456,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json index bb8112815..36af6edf3 100644 --- a/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/55e332d0-3f99-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:32.623Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzQ5MiwxXQ==", "attributes": { "title": "Connections - Destination - Originator Bytes (region map)", @@ -135,4 +135,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json index b7819873a..f4adf4eb5 100644 --- a/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json +++ b/dashboards/dashboards/5694ca60-cbdf-11ec-a50a-5fedd672f5c5.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2024-01-08T22:17:37.689Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1MSwxXQ==", "attributes": { "title": "Suricata Alerts", @@ -449,4 +449,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json index 41106a81e..3a7cd647f 100644 --- a/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json +++ b/dashboards/dashboards/60d78fbd-471c-4f59-a9e3-189b33a13644.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:33.654Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzQ5NiwxXQ==", "attributes": { "title": "Connections - Destination - Sum of Total Bytes", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json index 76adbfa48..3e8662243 100644 --- a/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json +++ b/dashboards/dashboards/665d1610-523d-11e9-a30e-e3576242f3ed.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-05-04T18:24:09.052Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzExNTEsMV0=", "attributes": { "title": "Signatures", @@ -311,4 +311,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json index 73790187f..eed00cbbe 100644 --- a/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json +++ b/dashboards/dashboards/677ee170-809e-11ed-8d5b-07069f823b6f.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-11-14T20:55:46.977Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1MSwxXQ==", "attributes": { "title": "Asset Interaction Analysis", @@ -629,4 +629,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json index acc870ea1..86a365dd9 100644 --- a/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json +++ b/dashboards/dashboards/76f2f912-80da-44cd-ab66-6a73c8344cc3.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:36.060Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzUwOSwxXQ==", "attributes": { "title": "IRC", @@ -349,4 +349,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json index 0086705a9..1249ff6ec 100644 --- a/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/77fc9960-3f99-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:37.074Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzUxOSwxXQ==", "attributes": { "title": "Connections - Destination - Responder Bytes (region map)", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json index 5102c24a3..b96a1c91a 100644 --- a/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json +++ b/dashboards/dashboards/7f41913f-cba8-43f5-82a8-241b7ead03e0.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T16:29:37.280Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzI4NjEsMV0=", "attributes": { "title": "RDP", @@ -421,4 +421,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json index 532bab29e..1c0850afb 100644 --- a/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json +++ b/dashboards/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-10-12T14:50:34.705Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzg4MCwxXQ==", "attributes": { "title": "SSL", @@ -708,4 +708,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json index b53c6fb58..07761f046 100644 --- a/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json +++ b/dashboards/dashboards/82da3101-2a9c-4ae2-bb61-d447a3fbe673.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T15:46:19.291Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzIxMjUsMV0=", "attributes": { "title": "Kerberos", @@ -524,4 +524,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json index 1e4e7d37c..9dc23a03f 100644 --- a/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json +++ b/dashboards/dashboards/870a5862-6c26-4a08-99fd-0c06cda85ba3.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:41.140Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzU3NCwxXQ==", "attributes": { "title": "DNP3", @@ -512,4 +512,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json index 2f145ac22..bb9f14d4a 100644 --- a/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json +++ b/dashboards/dashboards/87a32f90-ef58-11e9-974e-9d600036d105.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:42.154Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzU4OCwxXQ==", "attributes": { "title": "MQTT", @@ -546,4 +546,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json index 92073bf69..216a106ac 100644 --- a/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json +++ b/dashboards/dashboards/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:43.189Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzYwMywxXQ==", "attributes": { "title": "Software", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json index 99ba19a25..cb87d474d 100644 --- a/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json +++ b/dashboards/dashboards/89d1cc50-974c-11ed-bb6b-3fb06c879b11.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-01-20T16:56:59.255Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk0MCwxXQ==", "attributes": { "title": "Zeek Known Summary", @@ -587,4 +587,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json index 76ebf9b3b..4a835cd38 100644 --- a/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json +++ b/dashboards/dashboards/92985909-dc29-4533-9e80-d3182a0ecf1d.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:46:32.487Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM1OTUsMV0=", "attributes": { "title": "Syslog", @@ -384,4 +384,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json index f93317e30..d455fac20 100644 --- a/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json +++ b/dashboards/dashboards/95479950-41f2-11ea-88fa-7151df485405.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-09-14T19:51:11.803Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk0OSwxXQ==", "attributes": { "title": "Security Overview", @@ -566,4 +566,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json index 96c5f820f..72bf0b5a0 100644 --- a/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json +++ b/dashboards/dashboards/9ee51f94-3316-4fc5-bd89-93a52af69714.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2024-04-02T21:20:03.561Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEyODYsMV0=", "attributes": { "title": "Files", @@ -409,4 +409,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json index 76a377638..978533c62 100644 --- a/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/a16110b0-3f99-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:47.256Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzY0NywxXQ==", "attributes": { "title": "Connections - Destination - Sum of Total Bytes (region map)", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json index a72f9975b..eb8d566c3 100644 --- a/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json +++ b/dashboards/dashboards/a33e0a50-afcd-11ea-993f-b7d8522a8bed.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-11-14T20:25:52.249Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk2MSwxXQ==", "attributes": { "title": "Actions and Results", @@ -333,4 +333,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json index 96953438f..ae4c59a3c 100644 --- a/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/a7514350-eba6-11e9-a384-0fcf32210194.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2024-02-27T18:15:37.621Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk5MywxXQ==", "attributes": { "title": "PROFINET", @@ -452,4 +452,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json index 898c5e6ac..721d05ca0 100644 --- a/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json +++ b/dashboards/dashboards/abdd7550-2c7c-40dc-947e-f6d186a158c4.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-04-29T20:10:44.437Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEzMjMsMV0=", "attributes": { "title": "Connections", @@ -938,4 +938,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json index 2c618e78f..0ad2e7dcd 100644 --- a/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json +++ b/dashboards/dashboards/ae79b7d1-4281-4095-b2f6-fa7eafda9970.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-11-12T20:01:32.314Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwMzgsMV0=", "attributes": { "title": "RADIUS", @@ -385,4 +385,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json index b50436548..4be6d0d60 100644 --- a/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json +++ b/dashboards/dashboards/af5df620-eeb6-11e9-bdef-65a192b7f586.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T16:00:05.351Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzIzMzIsMV0=", "attributes": { "title": "NTP", @@ -385,4 +385,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json index 95f1d4f00..2fcdd0ac2 100644 --- a/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json +++ b/dashboards/dashboards/b50c8d17-6ed3-4de6-aed4-5181032810b2.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:53.414Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzcyNCwxXQ==", "attributes": { "title": "Connections - Source - Originator Bytes", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json index 2bb713c01..8fdfd7e83 100644 --- a/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/b9f247c0-3f99-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:54.429Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzczMCwxXQ==", "attributes": { "title": "Connections - Destination - Top Connection Duration (region map)", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json index e290c789b..53c5090eb 100644 --- a/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json +++ b/dashboards/dashboards/bb827f8e-639e-468c-93c8-9f5bc132eb8f.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:17:41.430Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzMyNzUsMV0=", "attributes": { "title": "SMTP", @@ -524,4 +524,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json index 983bfdaa0..e365adb8c 100644 --- a/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json +++ b/dashboards/dashboards/beats/0d4955f0-eb25-11ec-a6d4-b3526526c2c7.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-13T14:30:49.985Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzkxMSwyXQ==", "attributes": { "title": "Hardware Temperature", diff --git a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json index d7de484d4..5de33dce4 100644 --- a/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/3768ef70-d819-11ee-820d-dd9fd73a3921.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-01T22:15:31.047Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzExMTEsMV0=", "attributes": { "title": "Linux Kernel Messages", @@ -138,4 +138,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json index d2bc33ddb..2e63054dc 100644 --- a/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json +++ b/dashboards/dashboards/beats/4ca94c70-d7da-11ee-9ed3-e7afff29e59a.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-13T15:10:41.120Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwNjUsMV0=", "attributes": { "title": "Packet Capture Statistics", @@ -547,4 +547,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json index db57994e6..ab860c502 100644 --- a/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json +++ b/dashboards/dashboards/beats/79202ee0-d811-11ee-820d-dd9fd73a3921.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2024-03-01T22:03:46.831Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwOTgsMV0=", "attributes": { "title": "Windows Events", @@ -346,4 +346,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json index 127289332..bae5dba1c 100644 --- a/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json +++ b/dashboards/dashboards/beats/7a7e0a60-e8e8-11ec-b9d4-4569bb965430.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-10T18:15:34.515Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzkyNSwxXQ==", "attributes": { "title": "Malcolm Sensor Audit Logs", @@ -275,4 +275,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json index 98f29a82d..1e1551281 100644 --- a/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json +++ b/dashboards/dashboards/beats/903f42c0-f634-11ec-828d-2fb7a4a26e1f.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-27T19:43:07.018Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk0NywxXQ==", "attributes": { "title": "Malcolm Sensor File/Directory Integrity", @@ -210,4 +210,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/Filebeat-nginx-logs.json b/dashboards/dashboards/beats/Filebeat-nginx-logs.json index 879a0ae00..b2ad0dc32 100644 --- a/dashboards/dashboards/beats/Filebeat-nginx-logs.json +++ b/dashboards/dashboards/beats/Filebeat-nginx-logs.json @@ -7,13 +7,12 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-01T19:53:27.884Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwMTgsMV0=", "attributes": { "title": "nginx Access and Error Logs", - "description": "nginx Access and Error logs, including from Malcolm's own nginx instance", - "hits": 0, "description": "", + "hits": 0, "panelsJSON": "[{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"log.level\",\"error.message\"],\"sort\":[\"@timestamp\",\"desc\"]},\"panelRefName\":\"panel_0\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":23,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"url.original\",\"http.request.method\",\"http.response.status_code\",\"http.response.body.bytes\"],\"sort\":[\"@timestamp\",\"desc\"]},\"panelRefName\":\"panel_1\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":12,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"2.0.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]", "optionsJSON": "{\"darkTheme\":false}", "version": 1, @@ -173,4 +172,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/Filebeat-nginx-overview.json b/dashboards/dashboards/beats/Filebeat-nginx-overview.json index 73e3fe9c5..7690a08a8 100644 --- a/dashboards/dashboards/beats/Filebeat-nginx-overview.json +++ b/dashboards/dashboards/beats/Filebeat-nginx-overview.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-01T19:41:23.453Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzg0NywxXQ==", "attributes": { "description": "nginx logs, including from Malcolm's own nginx instance", @@ -312,4 +312,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/Metricbeat-host-overview.json b/dashboards/dashboards/beats/Metricbeat-host-overview.json index 74c3ad39a..e700b9905 100644 --- a/dashboards/dashboards/beats/Metricbeat-host-overview.json +++ b/dashboards/dashboards/beats/Metricbeat-host-overview.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-30T17:54:04.824Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwMzgsMV0=", "attributes": { "title": "Resources - Hosts Overview", @@ -504,4 +504,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/Metricbeat-system-overview.json b/dashboards/dashboards/beats/Metricbeat-system-overview.json index eea8dd158..8d88d63d0 100644 --- a/dashboards/dashboards/beats/Metricbeat-system-overview.json +++ b/dashboards/dashboards/beats/Metricbeat-system-overview.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-06-30T17:45:03.314Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk2NCwxXQ==", "attributes": { "title": "Resources - System Overview", @@ -320,4 +320,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json index 0ce72ec85..9947bb6c2 100644 --- a/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json +++ b/dashboards/dashboards/beats/f6600310-9943-11ee-a029-e973f4774355.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-12-14T22:33:38.334Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzkzOCwxXQ==", "attributes": { "title": "Journald Logs", @@ -248,4 +248,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json index 8f866e4ef..547645d61 100644 --- a/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/bed185a0-ef82-11e9-b38a-2db3ee640e88.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:47:53.333Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM2MjYsMV0=", "attributes": { "title": "Tabular Data Stream", @@ -319,4 +319,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json index 5d42165b4..ba71a5441 100644 --- a/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json +++ b/dashboards/dashboards/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-15T14:24:54.745Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzU3NiwxXQ==", "attributes": { "title": "TFTP", @@ -351,4 +351,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json index 58f3c21cf..676478426 100644 --- a/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json +++ b/dashboards/dashboards/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T19:01:48.690Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM3MzksMV0=", "attributes": { "title": "Telnet, rlogin and rsh", @@ -315,4 +315,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json index 7797d09f2..62abc2fb5 100644 --- a/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json +++ b/dashboards/dashboards/ca5799a0-56b5-11eb-b749-576de068f8ad.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:24:59.492Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzc3NCwxXQ==", "attributes": { "title": "BSAP", @@ -483,4 +483,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json index 0788ca9de..60cc062ec 100644 --- a/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json +++ b/dashboards/dashboards/caef3ade-d289-4d05-a511-149f3e97f238.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:33:44.355Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM0MzgsMV0=", "attributes": { "title": "SSH", @@ -490,4 +490,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json index 7804e79d6..2960f9192 100644 --- a/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json +++ b/dashboards/dashboards/d2dd0180-06b1-11ec-8c6b-353266ade330.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-09-02T18:26:13.166Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzMwMTksMV0=", "attributes": { "title": "Severity", @@ -685,4 +685,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json index 0c7cbab75..3d8a21438 100644 --- a/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/d41fe630-3f98-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:25:01.513Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzgwMiwxXQ==", "attributes": { "title": "Connections - Source - Originator Bytes (region map)", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json index b70adb2a3..7787b478e 100644 --- a/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json +++ b/dashboards/dashboards/d4fd6afd-15cb-42bf-8a25-03dd8e59b327.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:25:02.530Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzgwOCwxXQ==", "attributes": { "title": "Connections - Destination - Responder Bytes", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json index df44ee0a6..6bd425e30 100644 --- a/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json +++ b/dashboards/dashboards/dd87edd0-796a-11ec-9ce6-b395c1ff58f4.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2023-01-26T15:54:12.963Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzk1MiwxXQ==", "attributes": { "title": "OPCUA Binary", @@ -525,4 +525,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json index 56993492a..034ea94da 100644 --- a/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json +++ b/dashboards/dashboards/e09a4b86-29b5-4256-bb3b-802ac9f90404.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:25:03.541Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzgxNCwxXQ==", "attributes": { "title": "Connections - Source - Top Connection Duration", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json index 56bd82823..6126054a3 100644 --- a/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json +++ b/dashboards/dashboards/e76d05c0-eb9f-11e9-a384-0fcf32210194.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-10-10T19:24:43.925Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzkwNiwxXQ==", "attributes": { "title": "S7comm / S7comm Plus", @@ -503,4 +503,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json index 0fc1cd719..707531d3f 100644 --- a/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json +++ b/dashboards/dashboards/ed8a6640-3f98-11e9-a58e-8bdedb0915e8.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:25:05.562Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzgzMywxXQ==", "attributes": { "title": "Connections - Source - Responder Bytes (region map)", @@ -135,4 +135,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json index 776cdd97a..85b2c2530 100644 --- a/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json +++ b/dashboards/dashboards/f1f09567-fc7f-450b-a341-19d2f2bb468b.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2022-05-04T17:53:11.078Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzczOSwxXQ==", "attributes": { "title": "Zeek Notices", @@ -523,4 +523,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json index 345c38ac8..39e46a257 100644 --- a/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json +++ b/dashboards/dashboards/f394057d-1b16-4174-b994-7045f423a416.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-10T21:25:07.590Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "Wzg1MSwxXQ==", "attributes": { "title": "Connections - Source - Sum of Total Bytes", @@ -207,4 +207,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json index 5e089e539..6f9aef4b0 100644 --- a/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json +++ b/dashboards/dashboards/f77bf097-18a8-465c-b634-eb2acc7a4f26.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T17:56:05.373Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzMwNTMsMV0=", "attributes": { "title": "RFB", @@ -490,4 +490,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json index 69d4a8c49..84ed8892a 100644 --- a/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json +++ b/dashboards/dashboards/fa141950-ef89-11e9-b38a-2db3ee640e88.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-02-11T18:59:12.130Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzM3MjIsMV0=", "attributes": { "title": "Tabular Data Stream - SQL", @@ -313,4 +313,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json index 790cbd570..72bf72a0e 100644 --- a/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json +++ b/dashboards/dashboards/fa477130-2b8a-11ec-a9f2-3911c8571bfd.json @@ -7,7 +7,7 @@ "namespaces": [ "default" ], - "updated_at": "2021-10-14T16:32:23.695Z", + "updated_at": "2024-04-29T15:49:16.000Z", "version": "WzEwOTIsMV0=", "attributes": { "title": "STUN", @@ -541,4 +541,4 @@ } } ] -} \ No newline at end of file +} diff --git a/dashboards/scripts/docker_entrypoint.sh b/dashboards/scripts/docker_entrypoint.sh index 38c054e10..baa386eb1 100755 --- a/dashboards/scripts/docker_entrypoint.sh +++ b/dashboards/scripts/docker_entrypoint.sh @@ -42,5 +42,7 @@ if [[ -f "$ORIG_YML" ]]; then chmod 600 "$FINAL_YML" fi +rm -f /tmp/shared-objects-created + # start the default dashboards entrypoint exec "$@" diff --git a/dashboards/scripts/create-arkime-sessions-index.sh b/dashboards/scripts/shared-object-creation.sh similarity index 52% rename from dashboards/scripts/create-arkime-sessions-index.sh rename to dashboards/scripts/shared-object-creation.sh index 87a8c259c..5c40cfcfe 100755 --- a/dashboards/scripts/create-arkime-sessions-index.sh +++ b/dashboards/scripts/shared-object-creation.sh @@ -29,6 +29,8 @@ ISM_SNAPSHOT_COMPRESSED=${ISM_SNAPSHOT_COMPRESSED:-"false"} OPENSEARCH_PRIMARY=${OPENSEARCH_PRIMARY:-"opensearch-local"} OPENSEARCH_SECONDARY=${OPENSEARCH_SECONDARY:-""} +STARTUP_IMPORT_PERFORMED_FILE=/tmp/shared-objects-created + function DoReplacersInFile() { # Index pattern and time field name may be specified via environment variable, but need # to be reflected in dashboards, templates, anomaly detectors, etc. @@ -51,12 +53,49 @@ function DoReplacersForDir() { fi } +# store in an associative array the id, title, and .updated_at timestamp of a JSON file representing a dashboard +# arguments: +# 1 - the name of an associative array hash into which to insert the data +# 2 - the filename of the JSON file to check +# 3 - if the timestamp is not found, the fallback timestamp to use +function GetDashboardJsonInfo() { + local -n RESULT_HASH=$1 + local JSON_FILE_TO_IMPORT="$2" + local FALLBACK_TIMESTAMP="$3" + + DASHBOARD_TO_IMPORT_BASE="$(basename "$JSON_FILE_TO_IMPORT")" + DASHBOARD_TO_IMPORT_ID= + DASHBOARD_TO_IMPORT_TITLE= + DASHBOARD_TO_IMPORT_TIMESTAMP= + + if [[ -f "$JSON_FILE_TO_IMPORT" ]]; then + set +e + DASHBOARD_TO_IMPORT_ID="$(jq -r '.objects[] | select(.type == "dashboard") | .id' < "$JSON_FILE_TO_IMPORT" 2>/dev/null | head -n 1)" + DASHBOARD_TO_IMPORT_TITLE="$(jq -r '.objects[] | select(.type == "dashboard") | .attributes.title' < "$JSON_FILE_TO_IMPORT" 2>/dev/null | head -n 1)" + DASHBOARD_TO_IMPORT_TIMESTAMP="$(jq -r '.objects[] | select(.type == "dashboard") | .updated_at' < "$JSON_FILE_TO_IMPORT" 2>/dev/null | sort | tail -n 1)" + set -e + fi + + ( [[ -z "${DASHBOARD_TO_IMPORT_ID}" ]] || [[ "${DASHBOARD_TO_IMPORT_ID}" == "null" ]] ) && DASHBOARD_TO_IMPORT_ID="${DASHBOARD_TO_IMPORT_BASE%.*}" + ( [[ -z "${DASHBOARD_TO_IMPORT_TITLE}" ]] || [[ "${DASHBOARD_TO_IMPORT_TITLE}" == "null" ]] ) && DASHBOARD_TO_IMPORT_TITLE="${DASHBOARD_TO_IMPORT_BASE%.*}" + ( [[ -z "${DASHBOARD_TO_IMPORT_TIMESTAMP}" ]] || [[ "${DASHBOARD_TO_IMPORT_TIMESTAMP}" == "null" ]] ) && DASHBOARD_TO_IMPORT_TIMESTAMP="$FALLBACK_TIMESTAMP" + + RESULT_HASH["id"]="${DASHBOARD_TO_IMPORT_ID}" + RESULT_HASH["title"]="${DASHBOARD_TO_IMPORT_TITLE}" + RESULT_HASH["timestamp"]="${DASHBOARD_TO_IMPORT_TIMESTAMP}" +} + # is the argument to automatically create this index enabled? -if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then +if [[ "${CREATE_OS_ARKIME_SESSION_INDEX:-true}" = "true" ]] ; then # give OpenSearch time to start and Arkime to get its own template created before configuring dashboards /data/opensearch_status.sh -l arkime_sessions3_template >/dev/null 2>&1 + CURRENT_ISO_UNIX_SECS="$(date -u +%s)" + CURRENT_ISO_TIMESTAMP="$(date -u +"%Y-%m-%dT%H:%M:%SZ" -d@${CURRENT_ISO_UNIX_SECS} | sed "s/Z$/.000Z/")" + EPOCH_ISO_TIMESTAMP="$(date -u +"%Y-%m-%dT%H:%M:%SZ" -d @0 | sed "s/Z$/.000Z/")" + LAST_IMPORT_CHECK_TIME="$(stat -c %Y "${STARTUP_IMPORT_PERFORMED_FILE}" 2>/dev/null || echo '0')" + for LOOP in primary secondary; do if [[ "$LOOP" == "primary" ]]; then @@ -104,10 +143,10 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then fi # is the Dashboards process server up and responding to requests? - if [[ "$LOOP" != "primary" ]] || curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --fail -XGET "$DASHB_URL/api/status" ; then + if [[ "$LOOP" != "primary" ]] || curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --fail -XGET "$DASHB_URL/api/status" ; then - # have we not not already created the index pattern? - if [[ "$LOOP" != "primary" ]] || ! curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --fail -XGET "$DASHB_URL/api/saved_objects/index-pattern/$INDEX_PATTERN" ; then + # has it been a while since we did a full import check (or have we never done one)? + if [[ "$LOOP" != "primary" ]] || (( (${CURRENT_ISO_UNIX_SECS} - ${LAST_IMPORT_CHECK_TIME}) >= ${CREATE_OS_ARKIME_SESSION_INDEX_CHECK_INTERVAL_SEC:-3600} )); then echo "$DATASTORE_TYPE ($LOOP) is running at \"${OPENSEARCH_URL_TO_USE}\"!" @@ -121,6 +160,11 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then || true fi + ############################################################################################################################# + # Templates + # - a sha256 sum of the combined templates is calculated and the templates are imported if the previously stored hash + # (if any) does not match the files we see currently. + TEMPLATES_IMPORT_DIR="$(mktemp -d -t templates-XXXXXX)" rsync -a "$MALCOLM_TEMPLATES_DIR"/ "$TEMPLATES_IMPORT_DIR"/ DoReplacersForDir "$TEMPLATES_IMPORT_DIR" @@ -135,9 +179,6 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then TEMPLATE_HASH_OLD="$(curl "${CURL_CONFIG_PARAMS[@]}" -sSL --fail -XGET -H "Content-Type: application/json" "$OPENSEARCH_URL_TO_USE/_index_template/malcolm_template" 2>/dev/null | jq --raw-output '.index_templates[]|select(.name=="malcolm_template")|.index_template._meta.hash' 2>/dev/null)" set -e - # information about other index patterns will be obtained during template import - OTHER_INDEX_PATTERNS=() - # proceed only if the current template HASH doesn't match the previously imported one, or if there # was an error calculating or storing either if [[ "$TEMPLATE_HASH" != "$TEMPLATE_HASH_OLD" ]] || [[ -z "$TEMPLATE_HASH_OLD" ]] || [[ -z "$TEMPLATE_HASH" ]]; then @@ -179,17 +220,13 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" -sSL --fail -XPOST -H "Content-Type: application/json" \ "$OPENSEARCH_URL_TO_USE/_index_template/malcolm_template" -d "@$MALCOLM_TEMPLATE_FILE" 2>&1 - # import other templates as well (and get info for creating their index patterns) + # import other templates as well for i in "$TEMPLATES_IMPORT_DIR"/*.json; do TEMP_BASENAME="$(basename "$i")" TEMP_FILENAME="${TEMP_BASENAME%.*}" if [[ "$TEMP_FILENAME" != "malcolm_template" ]]; then echo "Importing template \"$TEMP_FILENAME\"..." - if curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" -sSL --fail -XPOST -H "Content-Type: application/json" "$OPENSEARCH_URL_TO_USE/_index_template/$TEMP_FILENAME" -d "@$i" 2>&1; then - for TEMPLATE_INDEX_PATTERN in $(jq '.index_patterns[]' "$i" | tr -d '"'); do - OTHER_INDEX_PATTERNS+=("$TEMPLATE_INDEX_PATTERN;$TEMPLATE_INDEX_PATTERN;@timestamp") - done - fi + curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" -sSL --fail -XPOST -H "Content-Type: application/json" "$OPENSEARCH_URL_TO_USE/_index_template/$TEMP_FILENAME" -d "@$i" 2>&1 || true fi done @@ -197,21 +234,41 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then echo "malcolm_template ($TEMPLATE_HASH) already exists ($LOOP) at \"${OPENSEARCH_URL_TO_USE}\"" fi # TEMPLATE_HASH check + + # get info for creating the index patterns of "other" templates + OTHER_INDEX_PATTERNS=() + for i in "$TEMPLATES_IMPORT_DIR"/*.json; do + TEMP_BASENAME="$(basename "$i")" + TEMP_FILENAME="${TEMP_BASENAME%.*}" + if [[ "$TEMP_FILENAME" != "malcolm_template" ]]; then + for TEMPLATE_INDEX_PATTERN in $(jq -r '.index_patterns[]' "$i"); do + OTHER_INDEX_PATTERNS+=("$TEMPLATE_INDEX_PATTERN;$TEMPLATE_INDEX_PATTERN;@timestamp") + done + fi + done + rm -rf "${TEMPLATES_IMPORT_DIR}" + # end Templates + ############################################################################################################################# + if [[ "$LOOP" == "primary" ]]; then + + ############################################################################################################################# + # Index pattern(s) + # - TODO: how do I check to make sure it really needs to be updated? Or maybe it doesn't matter? echo "Importing index pattern..." # From https://github.com/elastic/kibana/issues/3709 # Create index pattern - curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" -sSL --fail -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \ + curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --location --fail --silent --output /dev/null --show-error -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \ "$DASHB_URL/api/saved_objects/index-pattern/$INDEX_PATTERN" \ -d"{\"attributes\":{\"title\":\"$INDEX_PATTERN\",\"timeFieldName\":\"$INDEX_TIME_FIELD\"}}" 2>&1 || true echo "Setting default index pattern..." # Make it the default index - curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" -sSL -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \ + curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --location --fail --silent --output /dev/null --show-error -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \ "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/defaultIndex" \ -d"{\"value\":\"$INDEX_PATTERN\"}" || true @@ -220,28 +277,52 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then IDX_NAME="$(echo "$i" | cut -d';' -f2)" IDX_TIME_FIELD="$(echo "$i" | cut -d';' -f3)" echo "Creating index pattern \"$IDX_NAME\"..." - curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" -sSL --fail -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \ + curl "${CURL_CONFIG_PARAMS[@]}" -w "\n" --location --fail --silent --output /dev/null --show-error -XPOST -H "Content-Type: application/json" -H "$XSRF_HEADER: anything" \ "$DASHB_URL/api/saved_objects/index-pattern/$IDX_ID" \ -d"{\"attributes\":{\"title\":\"$IDX_NAME\",\"timeFieldName\":\"$IDX_TIME_FIELD\"}}" 2>&1 || true done + # end Index pattern + ############################################################################################################################# + echo "Importing $DATASTORE_TYPE Dashboards saved objects..." - # install default dashboards + ############################################################################################################################# + # Dashboards + # - Dashboard JSON files have an .updated_at field with an ISO 8601-formatted date (e.g., "2024-04-29T15:49:16.000Z"). + # For each dashboard, query to see if the object exists and get the .updated_at field for the .type == "dashboard" + # objects. If the dashboard doesn't already exist, or if the file-to-be-imported date is newer than the old one, + # then import the dashboard. + DASHBOARDS_IMPORT_DIR="$(mktemp -d -t dashboards-XXXXXX)" rsync -a /opt/dashboards/ "$DASHBOARDS_IMPORT_DIR"/ DoReplacersForDir "$DASHBOARDS_IMPORT_DIR"/ for i in "${DASHBOARDS_IMPORT_DIR}"/*.json; do - if [[ "$DATASTORE_TYPE" == "elasticsearch" ]]; then - # strip out Arkime and NetBox links from dashboards' navigation pane when doing Kibana import (idaholab/Malcolm#286) - sed -i 's/ \\\\n\[↪ NetBox\](\/netbox\/) \\\\n\[↪ Arkime\](\/arkime)//' "$i" - # take care of a few other substitutions - sed -i 's/opensearchDashboardsAddFilter/kibanaAddFilter/g' "$i" - fi - # prepend $DASHBOARDS_PREFIX to dashboards' titles - [[ -n "$DASHBOARDS_PREFIX" ]] && jq ".objects |= map(if .type == \"dashboard\" then .attributes.title |= \"${DASHBOARDS_PREFIX} \" + . else . end)" < "$i" | sponge "$i" - # import the dashboard - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/dashboards/import?force=true" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + + # get info about the dashboard to be imported + declare -A NEW_DASHBOARD_INFO + GetDashboardJsonInfo NEW_DASHBOARD_INFO "$i" "$CURRENT_ISO_TIMESTAMP" + + # get the old dashboard JSON and its info + curl "${CURL_CONFIG_PARAMS[@]}" --location --fail --silent --show-error --output "${i}_old" -XGET "$DASHB_URL/api/$DASHBOARDS_URI_PATH/dashboards/export?dashboard=$DASHBOARD_TO_IMPORT_ID" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' || true + declare -A OLD_DASHBOARD_INFO + GetDashboardJsonInfo OLD_DASHBOARD_INFO "${i}_old" "$EPOCH_ISO_TIMESTAMP" + rm -f "${i}_old" + + # compare the timestamps and import if it's newer + if [[ "${NEW_DASHBOARD_INFO["timestamp"]}" > "${OLD_DASHBOARD_INFO["timestamp"]}" ]]; then + if [[ "$DATASTORE_TYPE" == "elasticsearch" ]]; then + # strip out Arkime and NetBox links from dashboards' navigation pane when doing Kibana import (idaholab/Malcolm#286) + sed -i 's/ \\\\n\[↪ NetBox\](\/netbox\/) \\\\n\[↪ Arkime\](\/arkime)//' "$i" + # take care of a few other substitutions + sed -i 's/opensearchDashboardsAddFilter/kibanaAddFilter/g' "$i" + fi + # prepend $DASHBOARDS_PREFIX to dashboards' titles + [[ -n "$DASHBOARDS_PREFIX" ]] && jq ".objects |= map(if .type == \"dashboard\" then .attributes.title |= \"${DASHBOARDS_PREFIX} \" + . else . end)" < "$i" | sponge "$i" + # import the dashboard + echo "Importing dashboard \"${NEW_DASHBOARD_INFO["title"]}\" (${NEW_DASHBOARD_INFO["timestamp"]} > ${OLD_DASHBOARD_INFO["timestamp"]}) ..." + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/dashboards/import?force=true" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + fi # timestamp check done rm -rf "${DASHBOARDS_IMPORT_DIR}" @@ -253,42 +334,69 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then rsync -a /opt/dashboards/beats/ "$BEATS_DASHBOARDS_IMPORT_DIR"/ DoReplacersForDir "$BEATS_DASHBOARDS_IMPORT_DIR" for i in "${BEATS_DASHBOARDS_IMPORT_DIR}"/*.json; do - # prepend $DASHBOARDS_PREFIX to dashboards' titles - [[ -n "$DASHBOARDS_PREFIX" ]] && jq ".objects |= map(if .type == \"dashboard\" then .attributes.title |= \"${DASHBOARDS_PREFIX} \" + . else . end)" < "$i" | sponge "$i" - # import the dashboard - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/dashboards/import?force=true" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + + # get info about the dashboard to be imported + declare -A NEW_DASHBOARD_INFO + GetDashboardJsonInfo NEW_DASHBOARD_INFO "$i" "$CURRENT_ISO_TIMESTAMP" + + # get the old dashboard JSON and its info + curl "${CURL_CONFIG_PARAMS[@]}" --location --fail --silent --show-error --output "${i}_old" -XGET "$DASHB_URL/api/$DASHBOARDS_URI_PATH/dashboards/export?dashboard=$DASHBOARD_TO_IMPORT_ID" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' || true + declare -A OLD_DASHBOARD_INFO + GetDashboardJsonInfo OLD_DASHBOARD_INFO "${i}_old" "$EPOCH_ISO_TIMESTAMP" + rm -f "${i}_old" + + # compare the timestamps and import if it's newer + if [[ "${NEW_DASHBOARD_INFO["timestamp"]}" > "${OLD_DASHBOARD_INFO["timestamp"]}" ]]; then + # prepend $DASHBOARDS_PREFIX to dashboards' titles + [[ -n "$DASHBOARDS_PREFIX" ]] && jq ".objects |= map(if .type == \"dashboard\" then .attributes.title |= \"${DASHBOARDS_PREFIX} \" + . else . end)" < "$i" | sponge "$i" + # import the dashboard + echo "Importing dashboard \"${NEW_DASHBOARD_INFO["title"]}\" (${NEW_DASHBOARD_INFO["timestamp"]} > ${OLD_DASHBOARD_INFO["timestamp"]}) ..." + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/dashboards/import?force=true" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + fi # timestamp check done rm -rf "${BEATS_DASHBOARDS_IMPORT_DIR}" echo "$DATASTORE_TYPE Dashboards saved objects import complete!" + # end Dashboards + ############################################################################################################################# + if [[ "$DATASTORE_TYPE" == "opensearch" ]]; then # some features and tweaks like anomaly detection, alerting, etc. only exist in opensearch + ############################################################################################################################# + # OpenSearch Tweaks + # set dark theme (or not) [[ "$DARK_MODE" == "true" ]] && DARK_MODE_ARG='{"value":true}' || DARK_MODE_ARG='{"value":false}' - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/theme:darkMode" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "$DARK_MODE_ARG" + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/theme:darkMode" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "$DARK_MODE_ARG" # set default dashboard - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/defaultRoute" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "{\"value\":\"/app/dashboards#/view/${DEFAULT_DASHBOARD}\"}" + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/defaultRoute" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "{\"value\":\"/app/dashboards#/view/${DEFAULT_DASHBOARD}\"}" # set default query time range - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d \ + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d \ '{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}' # turn off telemetry - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/telemetry/v2/optIn" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d '{"enabled":false}' + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/telemetry/v2/optIn" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d '{"enabled":false}' # pin filters by default - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/filters:pinnedByDefault" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d '{"value":true}' + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/filters:pinnedByDefault" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d '{"value":true}' # enable in-session storage - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/state:storeInSessionStorage" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d '{"value":true}' + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$DASHB_URL/api/$DASHBOARDS_URI_PATH/settings/state:storeInSessionStorage" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d '{"value":true}' + + # end OpenSearch Tweaks + ############################################################################################################################# # before we go on to create the anomaly detectors, we need to wait for actual network log documents /data/opensearch_status.sh -w >/dev/null 2>&1 sleep 60 + ############################################################################################################################# + # OpenSearch anomaly detectors + echo "Creating $DATASTORE_TYPE anomaly detectors..." # Create anomaly detectors here @@ -296,7 +404,7 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then rsync -a /opt/anomaly_detectors/ "$ANOMALY_IMPORT_DIR"/ DoReplacersForDir "$ANOMALY_IMPORT_DIR" for i in "${ANOMALY_IMPORT_DIR}"/*.json; do - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" done rm -rf "${ANOMALY_IMPORT_DIR}" @@ -310,26 +418,32 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then DUMMY_DETECTOR_ID="" until [[ -n "$DUMMY_DETECTOR_ID" ]]; do sleep 5 - DUMMY_DETECTOR_ID="$(curl "${CURL_CONFIG_PARAMS[@]}" -L --fail --silent --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/_search" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "{ \"query\": { \"match\": { \"name\": \"$DUMMY_DETECTOR_NAME\" } } }" | jq '.. | ._id? // empty' 2>/dev/null | head -n 1 | tr -d '"')" + DUMMY_DETECTOR_ID="$(curl "${CURL_CONFIG_PARAMS[@]}" --location --fail --silent --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/_search" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "{ \"query\": { \"match\": { \"name\": \"$DUMMY_DETECTOR_NAME\" } } }" | jq '.. | ._id? // empty' 2>/dev/null | head -n 1 | tr -d '"')" done set -e if [[ -n "$DUMMY_DETECTOR_ID" ]]; then - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/$DUMMY_DETECTOR_ID/_start" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/$DUMMY_DETECTOR_ID/_start" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' sleep 10 - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/$DUMMY_DETECTOR_ID/_stop" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/$DUMMY_DETECTOR_ID/_stop" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' sleep 10 - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XDELETE "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/$DUMMY_DETECTOR_ID" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XDELETE "$OPENSEARCH_URL_TO_USE/_plugins/_anomaly_detection/detectors/$DUMMY_DETECTOR_ID" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' fi echo "$DATASTORE_TYPE anomaly detectors creation complete!" + # end OpenSearch anomaly detectors + ############################################################################################################################# + + ############################################################################################################################# + # OpenSearch alerting + echo "Creating $DATASTORE_TYPE alerting objects..." # Create notification/alerting objects here # notification channels for i in /opt/notifications/channels/*.json; do - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_notifications/configs" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_notifications/configs" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" done # monitors @@ -337,15 +451,21 @@ if [[ "$CREATE_OS_ARKIME_SESSION_INDEX" = "true" ]] ; then rsync -a /opt/alerting/monitors/ "$ALERTING_IMPORT_DIR"/ DoReplacersForDir "$ALERTING_IMPORT_DIR" for i in "${ALERTING_IMPORT_DIR}"/*.json; do - curl "${CURL_CONFIG_PARAMS[@]}" -L --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_alerting/monitors" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" + curl "${CURL_CONFIG_PARAMS[@]}" --location --silent --output /dev/null --show-error -XPOST "$OPENSEARCH_URL_TO_USE/_plugins/_alerting/monitors" -H "$XSRF_HEADER:true" -H 'Content-type:application/json' -d "@$i" done rm -rf "${ALERTING_IMPORT_DIR}" echo "$DATASTORE_TYPE alerting objects creation complete!" + # end OpenSearch alerting + ############################################################################################################################# + fi # DATASTORE_TYPE == opensearch fi # stuff to only do for primary - fi # index pattern not already created check + + touch "${STARTUP_IMPORT_PERFORMED_FILE}" + fi # LAST_IMPORT_CHECK_TIME interval check + fi # dashboards is running done # primary vs. secondary fi # CREATE_OS_ARKIME_SESSION_INDEX is true