{
  "visualizations": {
    "viz_Q5GQT6h2": {
      "type": "splunk.area",
      "dataSources": {
        "primary": "ds_N3cdEic4"
      },
      "options": {
        "stackMode": "stacked",
        "xAxisTitleText": "timestamp",
        "yAxisTitleText": "count"
      },
      "title": "Emotet malware activity"
    },
    "viz_U8vFKyUp": {
      "type": "splunk.table",
      "dataSources": {
        "primary": "ds_f5AJxLS5"
      },
      "title": "Security alerts"
    },
    "viz_uLQLGVbg": {
      "type": "splunk.line",
      "options": {
        "xAxisTitleText": "timestamp",
        "yAxisTitleText": "count"
      },
      "dataSources": {
        "primary": "ds_IcWLWjPn"
      },
      "title": "Rootkits activity over time"
    }
  },
  "dataSources": {
    "ds_N3cdEic4": {
      "type": "ds.search",
      "options": {
        "query": "index=\"wazuh-alerts\" \"rule.groups{}\"=\"rootcheck\" | timechart count by \"rule.groups{}\"",
        "queryParameters": {
          "latest": "$global_time.latest$",
          "earliest": "$global_time.earliest$"
        }
      },
      "name": "Search_1"
    },
    "ds_f5AJxLS5": {
      "type": "ds.search",
      "options": {
        "query": "index=\"wazuh-alerts\" \"rule.mitre.technique{}\"=\"*\", \"rule.mitre.tactic{}\"=\"*\", \"rule.level\"=\"*\", \"rule.id\"=\"*\", \"rule.description\"=\"*\" | table _time, agent.name, rule.mitre.technique{}, rule.mitre.tactic{}, rule.level, rule.id, rule.description\n",
        "queryParameters": {
          "latest": "$global_time.latest$",
          "earliest": "$global_time.earliest$"
        }
      },
      "name": "Search_2"
    },
    "ds_IcWLWjPn": {
      "type": "ds.search",
      "options": {
        "query": "index=\"wazuh-alerts\" | timechart count by data.title useother=false usenull=false\n",
        "queryParameters": {
          "latest": "$global_time.latest$",
          "earliest": "$global_time.earliest$"
        }
      },
      "name": "Search_3"
    }
  },
  "defaults": {
    "dataSources": {
      "ds.search": {
        "options": {
          "queryParameters": {
            "latest": "$global_time.latest$",
            "earliest": "$global_time.earliest$"
          }
        }
      }
    }
  },
  "inputs": {
    "input_global_trp": {
      "type": "input.timerange",
      "options": {
        "token": "global_time",
        "defaultValue": "-60m@m,now"
      },
      "title": "Global Time Range"
    }
  },
  "layout": {
    "type": "grid",
    "options": {},
    "structure": [
      {
        "item": "viz_Q5GQT6h2",
        "type": "block",
        "position": {
          "x": 0,
          "y": 0,
          "w": 458,
          "h": 293
        }
      },
      {
        "item": "viz_U8vFKyUp",
        "type": "block",
        "position": {
          "x": 0,
          "y": 293,
          "w": 1200,
          "h": 381
        }
      },
      {
        "item": "viz_uLQLGVbg",
        "type": "block",
        "position": {
          "x": 458,
          "y": 0,
          "w": 742,
          "h": 293
        }
      }
    ],
    "globalInputs": [
      "input_global_trp"
    ]
  },
  "description": "",
  "title": "wazuh-malware-detection-v1.0"
}