Skip to content

Instantly share code, notes, and snippets.

@adampielak

adampielak/suricata-kibana-dashboard-query.json

Forked from williamzujkowski/suricata-kibana-dashboard-query.json
Created December 3, 2025 11:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save adampielak/d45e8f3b92b0361243295378699a4b87 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save adampielak/d45e8f3b92b0361243295378699a4b87 to your computer and use it in GitHub Desktop.
Download ZIP
Suricata Kibana dashboard visualization query for network traffic analysis alerts
Raw
suricata-kibana-dashboard-query.json
{
"query": {
"bool": {
"must": [
{"match": {"event_type": "alert"}},
{"range": {"@timestamp": {"gte": "now-1h"}}}
]
}
},
"aggs": {
"top_signatures": {
"terms": {
"field": "alert.signature.keyword",
"size": 10
}
},
"severity_breakdown": {
"terms": {
"field": "alert.severity",
"size": 3
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment