Skip to content

Commit

Permalink
[Corelight] Add security workflows dashboards (#12215)
Browse files Browse the repository at this point in the history 
* Add security workflows dashboards
  • Loading branch information
@sharadcrest
sharadcrest authored Jan 3, 2025
1 parent 8d8142f commit 020ab93
Show file tree
Hide file tree
Showing 33 changed files with 9,545 additions and 63 deletions.
5 changes: 5 additions & 0 deletions packages/corelight/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.4.0"
changes:
- description: Add security workflows dashboards.
type: enhancement
link: https://github.com/elastic/integrations/pull/12215
- version: "0.3.0"
changes:
- description: Added an alert insight panel and updated the VPN connections visualization to a line chart in the security posture dashboard.
Expand Down
12 changes: 10 additions & 2 deletions packages/corelight/docs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,18 @@
[Corelight](https://corelight.com/) provides network detection and response (NDR) solutions that enhance visibility, threat detection, and incident response by leveraging open-source technologies like Zeek. Its platform integrates with existing security tools to deliver high-fidelity network data, helping organizations detect and respond to threats more effectively across both on-premises and cloud environments​.

This integration includes only the Corelight dashboards mentioned below:
- Security Posture
- Remote Activity Insights
- Corelight Suricata IDS Alert Overview
- Intel
- IP Interrogation
- Log Hunting
- Name Resolution Insights
- Notices
- RDP Inferences Overview
- Remote Activity Insights
- Secure Channel Insights
- Security Posture
- SSH Inferences Overview
- VPN Insights

## Prerequisites:

Expand Down
Binary file added packages/corelight/img/corelight-suricata-ids-alert-overview.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/intel.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/ip-interrogation.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/log-hunting.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified packages/corelight/img/name-resolution-insights.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/notices.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/rdp-inferences-overview.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified packages/corelight/img/remote-activity-insights-screenshot.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified packages/corelight/img/secure-channel-insights.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified packages/corelight/img/security-posture.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/ssh-inferences-overview.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added packages/corelight/img/vpn-insights.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1,512 changes: 1,512 additions & 0 deletions packages/corelight/kibana/dashboard/corelight-023162b6-94da-4d8d-b1f6-de6192356cce.json
View file

Large diffs are not rendered by default.

1,059 changes: 1,059 additions & 0 deletions packages/corelight/kibana/dashboard/corelight-2d4dc345-cbbe-4d7a-9203-5ab11c8cb5ba.json
View file

Large diffs are not rendered by default.

902 changes: 902 additions & 0 deletions packages/corelight/kibana/dashboard/corelight-323b0f27-993e-4fee-ae6e-b5977d7cab11.json
View file

Large diffs are not rendered by default.

1,375 changes: 1,375 additions & 0 deletions packages/corelight/kibana/dashboard/corelight-3a4a279f-f238-47de-90ba-f643c5647fde.json
View file

Large diffs are not rendered by default.

75 changes: 57 additions & 18 deletions packages/corelight/kibana/dashboard/corelight-45197477-c13f-4e52-a5dd-fb4f53564963.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,21 @@
"panelsJSON": {
"b7b4bc2e-98d1-453a-a412-a37228a386b1": {
"explicitInput": {
"enhancements": {},
"dataViewId": "logs-*",
"fieldName": "observer.hostname",
"grow": true,
"id": "b7b4bc2e-98d1-453a-a412-a37228a386b1",
"searchTechnique": "prefix",
"title": "Sensor",
"width": "medium"
"selectedOptions": [],
"sort": {
"by": "_count",
"direction": "desc"
},
"title": "Sensor"
},
"grow": false,
"grow": true,
"order": 0,
"type": "optionsListControl",
"width": "small"
"width": "medium"
}
},
"showApplySelections": false
Expand All @@ -49,7 +52,11 @@
{
"embeddableConfig": {
"description": "",
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -87,7 +94,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": false,
"savedVis": {
"data": {
Expand All @@ -104,7 +115,7 @@
"id": "",
"params": {
"fontSize": 12,
"markdown": "**Navigation**\n\n**Corelight**\n\n- [Security Posture](#/dashboard/corelight-7c0946bc-acd0-4ec3-ab3b-8a92853f4a3b)\n- [Name Resolution Insights](#/dashboard/corelight-8546a96c-86c9-4edf-9d46-88338d6ac40e)\n- [**Secure Channel Insights (This Page)**](#/dashboard/corelight-45197477-c13f-4e52-a5dd-fb4f53564963)\n- [Remote Activity Insights](#/dashboard/corelight-f4864774-ed73-4b78-b861-5b8235ec12cf)\n\n[**Integrations Page**](/app/integrations/detail/corelight/overview)",
"markdown": "**Navigation**\n\n**Corelight**\n\n- [Security Posture](#/dashboard/corelight-7c0946bc-acd0-4ec3-ab3b-8a92853f4a3b)\n- **Data Insights**\n - [Name Resolution Insights](#/dashboard/corelight-8546a96c-86c9-4edf-9d46-88338d6ac40e)\n - **Secure Channel Insights**\n - [Remote Activity Insights](#/dashboard/corelight-f4864774-ed73-4b78-b861-5b8235ec12cf)\n- Security Workflows\n - [Intel](#/dashboard/corelight-323b0f27-993e-4fee-ae6e-b5977d7cab11)\n - [IP Interrogation](#/dashboard/corelight-3a4a279f-f238-47de-90ba-f643c5647fde)\n - [Log Hunting](#/dashboard/corelight-ff07e65c-2703-4cbe-a45f-3881025352a3)\n - [Notices](#/dashboard/corelight-f7da14f0-85db-48e8-a591-1f650af0f618)\n - [RDP Inferences Overview](#/dashboard/corelight-2d4dc345-cbbe-4d7a-9203-5ab11c8cb5ba)\n - [SSH Inferences Overview](#/dashboard/corelight-65a5fa91-06e4-459b-b4bb-998c85a6cf08)\n - [Corelight Suricata IDS Alert Overview](#/dashboard/corelight-f1208ffe-d168-46d1-9531-24de523d1bfb)\n - [VPN Insights](#/dashboard/corelight-023162b6-94da-4d8d-b1f6-de6192356cce)\n\n[**Integrations Page**](/app/integrations/detail/corelight/overview)",
"openLinksInNewTab": false
},
"title": "",
Expand Down Expand Up @@ -206,7 +217,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -323,7 +338,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -708,7 +727,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -825,7 +848,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -1206,7 +1233,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -1323,7 +1354,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -1704,7 +1739,11 @@
},
{
"embeddableConfig": {
"enhancements": {},
"enhancements": {
"dynamicActions": {
"events": []
}
},
"hidePanelTitles": true,
"savedVis": {
"data": {
Expand Down Expand Up @@ -1882,9 +1921,9 @@
"version": 2
},
"coreMigrationVersion": "8.8.0",
"created_at": "2024-11-06T06:41:37.294Z",
"created_at": "2025-01-03T09:56:21.193Z",
"id": "corelight-45197477-c13f-4e52-a5dd-fb4f53564963",
"managed": false,
"managed": true,
"references": [
{
"id": "logs-*",
Expand Down
Loading

0 comments on commit 020ab93

Please sign in to comment.