This repository was archived by the owner on Apr 16, 2021. It is now read-only.
This repository was archived by the owner on Apr 16, 2021. It is now read-only.
securityonion-elastic: dashboard updates #1302
Description
- Remove HTTP - Summary viz from HTTP dashboard as it is slow and can cause issues
- Remove the Total Bytes By Source Port viz from the Connections dashboard; replace with map links from above to place the map links closer to the Service by Destination Country viz
- Add a Total Bytes by Source and Destination IP pair viz to Connections dashboard
- Indicator dashboard should include a top 50 source IP viz and top 50 dest IP viz
- Add viz for DNS response codes (rcode_name)
- Bro Notice "Logs" saved search should include note rather than message
- Create a viz for total logs of each type per sensor and device
- Consider using "syslog-host_from" rather than "host" in OSSEC-related viz