williamzujkowski · November 3, 2025 19:46
diff --git a/suricata-kibana-dashboard-query.json b/suricata-kibana-dashboard-query.json
 {
  "query": {
    "bool": {
      "must": [
        {"match": {"event_type": "alert"}},
        {"range": {"@timestamp": {"gte": "now-1h"}}}
      ]
    }
  },
  "aggs": {
    "top_signatures": {
      "terms": {
        "field": "alert.signature.keyword",
        "size": 10
      }
    },
    "severity_breakdown": {
      "terms": {
        "field": "alert.severity",
        "size": 3
      }
    }
  }
 }
	{
	"query": {
	"bool": {
	"must": [
	{"match": {"event_type": "alert"}},
	{"range": {"@timestamp": {"gte": "now-1h"}}}
	]
	}
	},
	"aggs": {
	"top_signatures": {
	"terms": {
	"field": "alert.signature.keyword",
	"size": 10
	}
	},
	"severity_breakdown": {
	"terms": {
	"field": "alert.severity",
	"size": 3
	}
	}
	}
	}
No results found