Remove CEF module until we test more (#7455)

We discussed removing this module until we do end-end testing
2025-04-22 05:37:21 -04:00 · 2017-06-14 17:20:15 -07:00 · 2017-06-14 17:20:15 -07:00 · e939c6a085
commit e939c6a085
parent d4183aa043
83 changed files with 0 additions and 1227 deletions
--- a/modules/cef/configuration/elasticsearch/cef.json
+++ b/modules/cef/configuration/elasticsearch/cef.json
@ -1,216 +0,0 @@
-{
-  "order": 0,
-  "template": "cef-*",
-  "mappings": {
-    "_default_": {
-      "_meta": {
-        "version": "5.5.0"
-      },
-      "dynamic": true,
-      "dynamic_templates": [
-        {
-          "string_fields": {
-            "mapping": {
-              "type": "keyword"
-            },
-            "match_mapping_type": "string",
-            "match": "*"
-          }
-        }
-      ],
-      "_all": {
-        "enabled": true
-      },
-      "properties": {
-        "destinationPort": {
-          "type": "integer"
-        },
-        "flexDate1": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "sourcePort": {
-          "type": "integer"
-        },
-        "baseEventCount": {
-          "type": "integer"
-        },
-        "destinationAddress": {
-          "type": "ip"
-        },
-        "destinationProcessId": {
-          "type": "integer"
-        },
-        "oldFileSize": {
-          "type": "integer"
-        },
-        "destination": {
-          "dynamic": false,
-          "type": "object",
-          "properties": {
-            "city_name": {
-              "type": "keyword"
-            },
-            "country_name": {
-              "type": "keyword"
-            },
-            "location": {
-              "type": "geo_point"
-            },
-            "region_name": {
-              "type": "keyword"
-            }
-          }
-        },
-        "source": {
-          "dynamic": false,
-          "type": "object",
-          "properties": {
-            "city_name": {
-              "type": "keyword"
-            },
-            "country_name": {
-              "type": "keyword"
-            },
-            "location": {
-              "type": "geo_point"
-            },
-            "region_name": {
-              "type": "keyword"
-            }
-          }
-        },
-        "deviceReceiptTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "destinationTranslatedPort": {
-          "type": "integer"
-        },
-        "deviceTranslatedAddress": {
-          "type": "ip"
-        },
-        "deviceAddress": {
-          "type": "ip"
-        },
-        "agentReceiptTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "startTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "sourceProcessId": {
-          "type": "integer"
-        },
-        "bytesIn": {
-          "type": "integer"
-        },
-        "bytesOut": {
-          "type": "integer"
-        },
-        "severity": {
-          "type": "keyword"
-        },
-        "deviceProcessId": {
-          "type": "integer"
-        },
-        "agentAddress": {
-          "type": "ip"
-        },
-        "sourceAddress": {
-          "type": "ip"
-        },
-        "sourceTranslatedPort": {
-          "type": "integer"
-        },
-        "deviceCustomDate2": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "deviceCustomDate1": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "flexNumber1": {
-          "type": "long"
-        },
-        "deviceCustomFloatingPoint1": {
-          "type": "float"
-        },
-        "oldFileModificationTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "deviceCustomFloatingPoint2": {
-          "type": "float"
-        },
-        "oldFileCreateTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "deviceCustomFloatingPoint3": {
-          "type": "float"
-        },
-        "sourceTranslatedAddress": {
-          "type": "ip"
-        },
-        "deviceCustomFloatingPoint4": {
-          "type": "float"
-        },
-        "flexNumber2": {
-          "type": "long"
-        },
-        "fileCreateTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "fileModificationTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "fileSize": {
-          "type": "integer"
-        },
-        "destinationTranslatedAddress": {
-          "type": "ip"
-        },
-        "endTime": {
-          "format": "epoch_millis||epoch_second||date_time||MMM dd YYYY HH:mm:ss z||MMM dd yyyy HH:mm:ss",
-          "type": "date"
-        },
-        "deviceCustomNumber1": {
-          "type": "long"
-        },
-        "deviceDirection": {
-          "type": "integer"
-        },
-        "device": {
-          "dynamic": false,
-          "type": "object",
-          "properties": {
-            "city_name": {
-              "type": "keyword"
-            },
-            "country_name": {
-              "type": "keyword"
-            },
-            "location": {
-              "type": "geo_point"
-            },
-            "region_name": {
-              "type": "keyword"
-            }
-          }
-        },
-        "deviceCustomNumber3": {
-          "type": "long"
-        },
-        "deviceCustomNumber2": {
-          "type": "long"
-        }
-      }
-    }
-  }
-}
--- a/modules/cef/configuration/kibana/dashboard/37af0b40-398d-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/dashboard/37af0b40-398d-11e7-ae19-21fb91585845.json
@ -1,20 +0,0 @@
-{
-  "title": "[CEF] Network Overview Dashboard",
-  "hits": 0,
-  "description": "",
-  "panelsJSON": "[{\"col\":1,\"id\":\"77cb1470-3989-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":1,\"row\":12,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":6,\"id\":\"801fff70-395a-11e7-ae19-21fb91585845\",\"panelIndex\":2,\"row\":23,\"size_x\":7,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"45387480-3989-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":3,\"row\":30,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"d6d526f0-395b-11e7-ae19-21fb91585845\",\"panelIndex\":5,\"row\":17,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"f57ea930-395d-11e7-ae19-21fb91585845\",\"panelIndex\":6,\"row\":20,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"161e27e0-3988-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":7,\"row\":1,\"size_x\":7,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"7008cd50-3988-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":8,\"row\":23,\"size_x\":5,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"75582a90-3987-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":9,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":4,\"id\":\"9d317890-3988-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":10,\"row\":3,\"size_x\":9,\"size_y\":1,\"type\":\"visualization\"},{\"col\":5,\"id\":\"e9c3ee00-3978-11e7-ae19-21fb91585845\",\"panelIndex\":11,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"35ce1310-3989-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":12,\"row\":30,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ad802c10-3973-11e7-ae19-21fb91585845\",\"panelIndex\":13,\"row\":8,\"size_x\":8,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"ec926660-396f-11e7-ae19-21fb91585845\",\"panelIndex\":15,\"row\":8,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"154ff7e0-3987-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":16,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"5acb74d0-398b-11e7-ae19-21fb91585845\",\"panelIndex\":17,\"row\":14,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"7a043760-3990-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":18,\"row\":26,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"fd70bca0-398f-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":19,\"row\":26,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":11,\"id\":\"ed2f5570-3d5b-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":20,\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"31b85570-454a-11e7-86b6-95298e9da6dc\",\"panelIndex\":21,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"}]",
-  "optionsJSON": "{\"darkTheme\":false}",
-  "uiStateJSON": "{\"P-11\":{\"vis\":{\"colors\":{\"/Attempt\":\"#0A50A1\",\"/Failure\":\"#BF1B00\",\"/Success\":\"#629E51\"}}},\"P-12\":{\"mapCenter\":[0,0.3515625],\"mapZoom\":1},\"P-13\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-15\":{\"vis\":{\"defaultColors\":{\"0% - 17%\":\"rgb(255,255,204)\",\"17% - 34%\":\"rgb(255,230,146)\",\"34% - 50%\":\"rgb(254,191,90)\",\"50% - 67%\":\"rgb(253,141,60)\",\"67% - 84%\":\"rgb(244,61,37)\",\"84% - 100%\":\"rgb(202,8,35)\"}}},\"P-16\":{\"vis\":{\"colors\":{\"Anti-Virus\":\"#EF843C\",\"Content Security\":\"#7EB26D\",\"Firewall\":\"#E24D42\",\"Integrated Security\":\"#962D82\",\"Network-based IDS/IPS\":\"#1F78C1\",\"Operating System\":\"#1F78C1\",\"VPN\":\"#EAB839\"}}},\"P-18\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-3\":{\"mapCenter\":[9.795677582829743,11.42578125],\"mapZoom\":2},\"P-7\":{\"vis\":{\"defaultColors\":{\"0% - 17%\":\"rgb(255,255,204)\",\"17% - 34%\":\"rgb(255,230,146)\",\"34% - 50%\":\"rgb(254,191,90)\",\"50% - 67%\":\"rgb(253,141,60)\",\"67% - 84%\":\"rgb(244,61,37)\",\"84% - 100%\":\"rgb(202,8,35)\"}}},\"P-9\":{\"vis\":{\"colors\":{\"/Attempt\":\"#0A50A1\",\"/Failure\":\"#BF1B00\",\"/Success\":\"#629E51\"}}}}",
-  "version": 1,
-  "timeRestore": true,
-  "timeTo": "now",
-  "timeFrom": "now-24h",
-  "refreshInterval": {
-    "display": "Off",
-    "pause": false,
-    "value": 0
-  },
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
-  }
-}
--- a/modules/cef/configuration/kibana/dashboard/64c92510-4555-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/dashboard/64c92510-4555-11e7-83ea-67cb6920446d.json
@ -1,20 +0,0 @@
-{
-  "title": "[CEF] Endpoint OS Activity Dashboard",
-  "hits": 0,
-  "description": "",
-  "panelsJSON": "[{\"col\":1,\"id\":\"8bdaafe0-454e-11e7-86b6-95298e9da6dc\",\"panelIndex\":2,\"row\":4,\"size_x\":12,\"size_y\":1,\"type\":\"visualization\"},{\"col\":1,\"id\":\"c9e333a0-4550-11e7-86b6-95298e9da6dc\",\"panelIndex\":3,\"row\":9,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":4,\"id\":\"463fc740-454e-11e7-86b6-95298e9da6dc\",\"panelIndex\":4,\"row\":1,\"size_x\":7,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"8f8d6230-454f-11e7-86b6-95298e9da6dc\",\"panelIndex\":5,\"row\":9,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"f0664070-4551-11e7-86b6-95298e9da6dc\",\"panelIndex\":7,\"row\":5,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"d8314510-454f-11e7-86b6-95298e9da6dc\",\"panelIndex\":8,\"row\":16,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2b369910-4553-11e7-83ea-67cb6920446d\",\"panelIndex\":9,\"row\":13,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"9141cc20-4553-11e7-83ea-67cb6920446d\",\"panelIndex\":10,\"row\":13,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"31b85570-454a-11e7-86b6-95298e9da6dc\",\"panelIndex\":11,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":11,\"id\":\"0e4558b0-4552-11e7-86b6-95298e9da6dc\",\"panelIndex\":12,\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"47c2a140-454f-11e7-86b6-95298e9da6dc\",\"panelIndex\":13,\"row\":5,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"68180c80-4556-11e7-83ea-67cb6920446d\",\"panelIndex\":14,\"row\":19,\"size_x\":3,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"08ee04d0-4556-11e7-83ea-67cb6920446d\",\"panelIndex\":15,\"row\":25,\"size_x\":3,\"size_y\":7,\"type\":\"visualization\"},{\"col\":4,\"id\":\"b897ce70-4556-11e7-83ea-67cb6920446d\",\"panelIndex\":16,\"row\":24,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"93531890-4556-11e7-83ea-67cb6920446d\",\"panelIndex\":17,\"row\":29,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"a8ce0ef0-4556-11e7-83ea-67cb6920446d\",\"panelIndex\":18,\"row\":19,\"size_x\":9,\"size_y\":5,\"type\":\"visualization\"},{\"col\":4,\"id\":\"82caeb10-4556-11e7-83ea-67cb6920446d\",\"panelIndex\":19,\"row\":27,\"size_x\":9,\"size_y\":2,\"type\":\"visualization\"},{\"size_x\":9,\"size_y\":1,\"panelIndex\":20,\"type\":\"visualization\",\"id\":\"9d317890-3988-11e7-8b9d-ddc45b5f6d00\",\"col\":4,\"row\":3}]",
-  "optionsJSON": "{\"darkTheme\":false}",
-  "uiStateJSON": "{\"P-13\":{\"vis\":{\"colors\":{\"Destination Users\":\"#E24D42\",\"Event Count\":\"#6ED0E0\"}}},\"P-3\":{\"vis\":{\"colors\":{\"Count\":\"#6ED0E0\",\"Destination User Names\":\"#E24D42\",\"Event Types\":\"#EF843C\"}}},\"P-5\":{\"vis\":{\"defaultColors\":{\"0 - 9,000\":\"rgb(255,255,204)\",\"9,000 - 18,000\":\"rgb(255,241,170)\",\"18,000 - 27,000\":\"rgb(254,225,135)\",\"27,000 - 36,000\":\"rgb(254,201,101)\",\"36,000 - 45,000\":\"rgb(254,171,73)\",\"45,000 - 54,000\":\"rgb(253,141,60)\",\"54,000 - 63,000\":\"rgb(252,91,46)\",\"63,000 - 72,000\":\"rgb(237,47,34)\",\"72,000 - 81,000\":\"rgb(212,16,32)\",\"81,000 - 90,000\":\"rgb(176,0,38)\"}}},\"P-8\":{\"vis\":{\"colors\":{\"/Attempt\":\"#447EBC\",\"/Failure\":\"#E24D42\",\"/Success\":\"#7EB26D\"}}},\"P-9\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}",
-  "version": 1,
-  "timeRestore": true,
-  "timeTo": "now",
-  "timeFrom": "now-24h",
-  "refreshInterval": {
-    "display": "Off",
-    "pause": false,
-    "value": 0
-  },
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
-  }
-}
--- a/modules/cef/configuration/kibana/dashboard/82051450-3e56-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/dashboard/82051450-3e56-11e7-96c4-0d3a291ec93a.json
@ -1,20 +0,0 @@
-{
-  "title": "[CEF] Network Suspicious Activity Dashboard",
-  "hits": 0,
-  "description": "",
-  "panelsJSON": "[{\"col\":1,\"id\":\"aa2ff0a0-3e4a-11e7-96c4-0d3a291ec93a\",\"panelIndex\":1,\"row\":9,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"992c7bd0-3e4e-11e7-96c4-0d3a291ec93a\",\"panelIndex\":2,\"row\":12,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"f99c22e0-3e4e-11e7-96c4-0d3a291ec93a\",\"panelIndex\":3,\"row\":12,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":11,\"id\":\"ed2f5570-3d5b-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":4,\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"e3888410-3e50-11e7-96c4-0d3a291ec93a\",\"panelIndex\":5,\"row\":4,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"161e27e0-3988-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":8,\"row\":1,\"size_x\":7,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"75582a90-3987-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":9,\"row\":6,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"0bdbb5a0-3e55-11e7-96c4-0d3a291ec93a\",\"panelIndex\":11,\"row\":6,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"afdba840-3e55-11e7-96c4-0d3a291ec93a\",\"panelIndex\":12,\"row\":15,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"bfa45650-3e55-11e7-96c4-0d3a291ec93a\",\"panelIndex\":13,\"row\":15,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"cd462cc0-3e55-11e7-96c4-0d3a291ec93a\",\"panelIndex\":14,\"row\":12,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"31b85570-454a-11e7-86b6-95298e9da6dc\",\"panelIndex\":15,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"size_x\":9,\"size_y\":1,\"panelIndex\":16,\"type\":\"visualization\",\"id\":\"9d317890-3988-11e7-8b9d-ddc45b5f6d00\",\"col\":4,\"row\":3}]",
-  "optionsJSON": "{\"darkTheme\":false}",
-  "uiStateJSON": "{\"P-1\":{\"vis\":{\"colors\":{\"Destination Addresses\":\"#E0752D\",\"Destination Ports\":\"#E24D42\"}}},\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-9\":{\"vis\":{\"colors\":{\"/Success\":\"#629E51\",\"/Failure\":\"#BF1B00\",\"/Attempt\":\"#0A50A1\"}}}}",
-  "version": 1,
-  "timeRestore": true,
-  "timeTo": "now",
-  "timeFrom": "now-24h",
-  "refreshInterval": {
-    "display": "Off",
-    "pause": false,
-    "value": 0
-  },
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
-  }
-}
--- a/modules/cef/configuration/kibana/dashboard/cef.json
+++ b/modules/cef/configuration/kibana/dashboard/cef.json
@ -1,7 +0,0 @@
-[
-  "37af0b40-398d-11e7-ae19-21fb91585845",
-  "64c92510-4555-11e7-83ea-67cb6920446d",
-  "82051450-3e56-11e7-96c4-0d3a291ec93a",
-  "d2fa5030-3e5d-11e7-b212-897f1496dc0e",
-  "f6970130-4549-11e7-86b6-95298e9da6dc"
-]
--- a/modules/cef/configuration/kibana/dashboard/d2fa5030-3e5d-11e7-b212-897f1496dc0e.json
+++ b/modules/cef/configuration/kibana/dashboard/d2fa5030-3e5d-11e7-b212-897f1496dc0e.json
@ -1,20 +0,0 @@
-{
-  "title": "[CEF] Endpoint Overview Dashboard",
-  "hits": 0,
-  "description": "",
-  "panelsJSON": "[{\"col\":11,\"id\":\"c53825b0-3e4b-11e7-af78-9fc514b4e118\",\"panelIndex\":1,\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"e301a830-3e4d-11e7-af78-9fc514b4e118\",\"panelIndex\":2,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"9de87d40-3e4e-11e7-af78-9fc514b4e118\",\"panelIndex\":3,\"row\":7,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"2a33c810-3e4d-11e7-af78-9fc514b4e118\",\"panelIndex\":4,\"row\":16,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"96af5bf0-3e50-11e7-af78-9fc514b4e118\",\"panelIndex\":5,\"row\":13,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ff476320-3e4a-11e7-af78-9fc514b4e118\",\"panelIndex\":6,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"b74e59b0-3e5f-11e7-899c-f940f646009b\",\"panelIndex\":7,\"row\":1,\"size_x\":7,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"7c6875e0-3e61-11e7-899c-f940f646009b\",\"panelIndex\":8,\"row\":10,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"categoryDeviceGroup\",\"categoryTechnique\",\"categoryOutcome\",\"categorySignificance\",\"categoryObject\",\"categoryBehavior\",\"categoryDeviceType\"],\"id\":\"1d9ba830-3e47-11e7-af78-9fc514b4e118\",\"panelIndex\":9,\"row\":19,\"size_x\":12,\"size_y\":2,\"sort\":[\"deviceReceiptTime\",\"desc\"],\"type\":\"search\"},{\"col\":7,\"id\":\"cc8affd0-3e65-11e7-899c-f940f646009b\",\"panelIndex\":10,\"row\":13,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"1bde8be0-3e68-11e7-899c-f940f646009b\",\"panelIndex\":11,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"7c414c90-3e66-11e7-899c-f940f646009b\",\"panelIndex\":12,\"row\":16,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"6fb90a30-3e6b-11e7-9d4a-89ea81333ea4\",\"panelIndex\":14,\"row\":4,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"31b85570-454a-11e7-86b6-95298e9da6dc\",\"panelIndex\":15,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"9d317890-3988-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":16,\"row\":3,\"size_x\":9,\"size_y\":1,\"type\":\"visualization\"}]",
-  "optionsJSON": "{\"darkTheme\":false}",
-  "uiStateJSON": "{\"P-11\":{\"vis\":{\"colors\":{\"Anti-Virus\":\"#EAB839\",\"Database\":\"#629E51\",\"Host-based IDS/IPS\":\"#E0752D\",\"Operating System\":\"#BF1B00\",\"Security Mangement\":\"#64B0C8\"}}},\"P-12\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-14\":{\"vis\":{\"colors\":{\"/Attempt\":\"#0A50A1\",\"/Failure\":\"#BF1B00\",\"/Informational\":\"#7EB26D\",\"/Informational/Warning\":\"#EF843C\",\"/Success\":\"#629E51\",\"Anti-Virus\":\"#EAB839\",\"Database\":\"#629E51\",\"Host-based IDS/IPS\":\"#E0752D\",\"Log Consolidator\":\"#E0F9D7\",\"Operating System\":\"#BF1B00\",\"Recon\":\"#BF1B00\",\"Security Mangement\":\"#64B0C8\"}}},\"P-2\":{\"vis\":{\"colors\":{\"/Attempt\":\"#0A50A1\",\"/Failure\":\"#BF1B00\",\"/Success\":\"#629E51\"}}},\"P-3\":{\"vis\":{\"colors\":{\"/Attempt\":\"#0A50A1\",\"/Failure\":\"#BF1B00\",\"/Success\":\"#629E51\"}}},\"P-4\":{\"mapCenter\":[43.45291889355465,-57.216796875],\"mapZoom\":3},\"P-8\":{\"vis\":{\"colors\":{\"/Attempt\":\"#0A50A1\",\"/Failure\":\"#BF1B00\",\"/Success\":\"#629E51\"}}}}",
-  "version": 1,
-  "timeRestore": true,
-  "timeTo": "now",
-  "timeFrom": "now-24h",
-  "refreshInterval": {
-    "display": "Off",
-    "pause": false,
-    "value": 0
-  },
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
-  }
-}
--- a/modules/cef/configuration/kibana/dashboard/f6970130-4549-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/dashboard/f6970130-4549-11e7-86b6-95298e9da6dc.json
@ -1,20 +0,0 @@
-{
-  "title": "[CEF] DNS Overview Dashboard",
-  "hits": 0,
-  "description": "",
-  "panelsJSON": "[{\"col\":11,\"id\":\"f23438c0-4548-11e7-a94a-5d0a73686c64\",\"panelIndex\":1,\"row\":1,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"6bb7d0e0-4548-11e7-a94a-5d0a73686c64\",\"panelIndex\":2,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ec576ff0-4546-11e7-a94a-5d0a73686c64\",\"panelIndex\":3,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":4,\"id\":\"c6db4140-4544-11e7-a94a-5d0a73686c64\",\"panelIndex\":4,\"row\":1,\"size_x\":7,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"49953800-4547-11e7-a94a-5d0a73686c64\",\"panelIndex\":5,\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":6,\"id\":\"6414e6b0-4549-11e7-86b6-95298e9da6dc\",\"panelIndex\":6,\"row\":11,\"size_x\":7,\"size_y\":5,\"type\":\"visualization\"},{\"col\":7,\"id\":\"039815b0-4548-11e7-a94a-5d0a73686c64\",\"panelIndex\":7,\"row\":8,\"size_x\":6,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"4ff86ee0-4549-11e7-86b6-95298e9da6dc\",\"panelIndex\":8,\"row\":11,\"size_x\":5,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"id\":\"31b85570-454a-11e7-86b6-95298e9da6dc\",\"panelIndex\":9,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"9d317890-3988-11e7-8b9d-ddc45b5f6d00\",\"panelIndex\":10,\"row\":3,\"size_x\":9,\"size_y\":1,\"type\":\"visualization\"}]",
-  "optionsJSON": "{\"darkTheme\":false}",
-  "uiStateJSON": "{\"P-2\":{\"vis\":{\"defaultColors\":{\"0 - 33\":\"rgb(255,255,204)\",\"33 - 65\":\"rgb(254,217,118)\",\"65 - 98\":\"rgb(253,141,60)\",\"98 - 130\":\"rgb(227,27,28)\"}}}}",
-  "version": 1,
-  "timeRestore": true,
-  "timeTo": "now",
-  "timeFrom": "now-24h",
-  "refreshInterval": {
-    "display": "Off",
-    "pause": false,
-    "value": 0
-  },
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}"
-  }
-}
--- a/modules/cef/configuration/kibana/index-pattern/cef.json
+++ b/modules/cef/configuration/kibana/index-pattern/cef.json
--- a/modules/cef/configuration/kibana/search/16a72e70-4543-11e7-9510-4b0b4978ab0e.json
+++ b/modules/cef/configuration/kibana/search/16a72e70-4543-11e7-9510-4b0b4978ab0e.json
@ -1,35 +0,0 @@
-{
-  "title": "DNS Events",
-  "description": "",
-  "hits": 0,
-  "columns": [
-    "deviceVendor",
-    "deviceProduct",
-    "applicationProtocol",
-    "categoryBehavior",
-    "categoryOutcome",
-    "destinationAddress",
-    "destinationDnsDomain",
-    "destinationPort",
-    "deviceCustomString1Label",
-    "deviceCustomString1",
-    "deviceCustomString3Label",
-    "deviceCustomString3",
-    "deviceCustomString4Label",
-    "deviceCustomString4",
-    "deviceEventCategory",
-    "deviceHostName",
-    "deviceSeverity",
-    "sourceAddress",
-    "sourcePort",
-    "transportProtocol"
-  ],
-  "sort": [
-    "deviceReceiptTime",
-    "desc"
-  ],
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"index\":\"cef-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"deviceEventCategory:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/search/1d9ba830-3e47-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/search/1d9ba830-3e47-11e7-af78-9fc514b4e118.json
@ -1,22 +0,0 @@
-{
-  "title": "Endpoint Events",
-  "description": "",
-  "hits": 0,
-  "columns": [
-    "categoryDeviceGroup",
-    "categoryTechnique",
-    "categoryOutcome",
-    "categorySignificance",
-    "categoryObject",
-    "categoryBehavior",
-    "categoryDeviceType"
-  ],
-  "sort": [
-    "deviceReceiptTime",
-    "desc"
-  ],
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"index\":\"cef-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"categoryDeviceGroup:\\\"/Operating System\\\" OR categoryDeviceGroup:\\\"/IDS/Host\\\" OR categoryDeviceGroup:\\\"/Application\\\"\",\"analyze_wildcard\":true}}}"
-  }
-}
--- a/modules/cef/configuration/kibana/search/6315e7a0-34be-11e7-95dc-4f6090d732f6.json
+++ b/modules/cef/configuration/kibana/search/6315e7a0-34be-11e7-95dc-4f6090d732f6.json
@ -1,30 +0,0 @@
-{
-  "title": "Network Events",
-  "description": "",
-  "hits": 0,
-  "columns": [
-    "priority",
-    "name",
-    "sourceAddress",
-    "sourcePort",
-    "destinationAddress",
-    "destinationPort",
-    "applicationProtocol",
-    "message",
-    "categoryBehavior",
-    "categoryOutcome",
-    "deviceAddress",
-    "deviceProduct",
-    "deviceVendor",
-    "categoryDeviceGroup",
-    "categoryDeviceType"
-  ],
-  "sort": [
-    "deviceReceiptTime",
-    "desc"
-  ],
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"index\":\"cef-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"categoryDeviceGroup:\\\"/Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/search/7a2fc9c0-454d-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/search/7a2fc9c0-454d-11e7-86b6-95298e9da6dc.json
@ -1,27 +0,0 @@
-{
-  "title": "EndPoint - OS Events",
-  "description": "",
-  "hits": 0,
-  "columns": [
-    "deviceVendor",
-    "deviceProduct",
-    "name",
-    "deviceEventClassId",
-    "deviceEventCategory",
-    "sourceUserName",
-    "destinationUserName",
-    "destinationHostName",
-    "categoryBehavior",
-    "categoryOutcome",
-    "sourceNtDomain",
-    "destinationNTDomain"
-  ],
-  "sort": [
-    "deviceReceiptTime",
-    "desc"
-  ],
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"index\":\"cef-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"categoryDeviceGroup:\\\"/Operating System\\\"\",\"analyze_wildcard\":true}}}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/039815b0-4548-11e7-a94a-5d0a73686c64.json
+++ b/modules/cef/configuration/kibana/visualization/039815b0-4548-11e7-a94a-5d0a73686c64.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Destination Domains by Source Address",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source Address(es)\",\"field\":\"sourceAddress\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination Domain(s)\",\"field\":\"destinationDnsDomain\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source Address(es)\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"title\":\"Top Destination Domains by Source Address\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "16a72e70-4543-11e7-9510-4b0b4978ab0e",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/08ee04d0-4556-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/08ee04d0-4556-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination User Mapping",
-  "visState": "{\"title\":\"Destination User Mapping\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceUserName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Users\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationUserName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Users\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/08f8cf10-3e57-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/08f8cf10-3e57-11e7-96c4-0d3a291ec93a.json
@ -1,10 +0,0 @@
-{
-  "title": "Firewall - Navigation",
-  "visState": "{\"title\":\"Firewall - Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### **Navigation Pane** ###\\n\\n[Firewall Devices Overview](#/dashboard/37af0b40-398d-11e7-ae19-21fb91585845)\\n\\n[Firewall Suspicious Activities](#/dashboard/82051450-3e56-11e7-96c4-0d3a291ec93a)\\n\\n[Endopint Overview](#dashboard/d2fa5030-3e5d-11e7-b212-897f1496dc0e)\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/0bdbb5a0-3e55-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/0bdbb5a0-3e55-11e7-96c4-0d3a291ec93a.json
@ -1,10 +0,0 @@
-{
-  "title": "Event Averages by Top Source Addresses",
-  "visState": "{\"title\":\"Event Averages by Top Source Addresses\",\"type\":\"metrics\",\"params\":{\"id\":\"e1a58ab0-3957-11e7-ae19-21fb91585845\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8f58a280-395a-11e7-ae19-21fb91585845\",\"color\":\"rgba(211,49,21,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8f58a281-395a-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"sigma\":\"\",\"id\":\"140cf490-395b-11e7-ae19-21fb91585845\",\"type\":\"moving_average\",\"field\":\"8f58a281-395a-11e7-ae19-21fb91585845\"}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\" \",\"terms_field\":\"deviceHostName\",\"terms_order_by\":null,\"label\":\"Moving Average\",\"steps\":0,\"value_template\":\"{{value}} /s\"},{\"id\":\"3bb711b0-395b-11e7-ae19-21fb91585845\",\"color\":\"rgba(104,188,0,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"3bb711b1-395b-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"4b515cc0-395b-11e7-ae19-21fb91585845\",\"type\":\"moving_average\",\"field\":\"3bb711b1-395b-11e7-ae19-21fb91585845\"}],\"seperate_axis\":1,\"axis_position\":\"left\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.5\",\"stacked\":\"none\",\"terms_field\":\"sourceAddress\",\"terms_size\":\"10\",\"label\":\"Top Source Addresses\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"e4772140-3957-11e7-ae19-21fb91585845\"}],\"background_color\":null,\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\" \",\"background_color_rules\":[{\"id\":\"837bfbb0-395a-11e7-ae19-21fb91585845\"}],\"gauge_color_rules\":[{\"id\":\"8970f250-395a-11e7-ae19-21fb91585845\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/0e4558b0-4552-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/0e4558b0-4552-11e7-86b6-95298e9da6dc.json
@ -1,10 +0,0 @@
-{
-  "title": "Endpoint - OS Average EPS",
-  "visState": "{\"title\":\"Endpoint - OS Average EPS\",\"type\":\"metrics\",\"params\":{\"id\":\"3f2cf630-3e4b-11e7-af78-9fc514b4e118\",\"type\":\"gauge\",\"series\":[{\"id\":\"3f2cf631-3e4b-11e7-af78-9fc514b4e118\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3f2cf632-3e4b-11e7-af78-9fc514b4e118\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"linear\",\"id\":\"5abdb1a0-3e4b-11e7-af78-9fc514b4e118\",\"type\":\"moving_average\",\"field\":\"3f2cf632-3e4b-11e7-af78-9fc514b4e118\"},{\"script\":\"params.mvgAvg !=0 ? params.mvgAvg / 60 : params.mvgAvg\",\"id\":\"5b6e46a0-4693-11e7-8116-65b4628ff93f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"5db04760-4693-11e7-8116-65b4628ff93f\",\"name\":\"mvgAvg\",\"field\":\"5abdb1a0-3e4b-11e7-af78-9fc514b4e118\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Event Throughput\",\"offset_time\":\"1m\",\"value_template\":\"{{value}} / s\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"527ca820-3e4b-11e7-af78-9fc514b4e118\"}],\"gauge_color_rules\":[{\"id\":\"52cee6d0-3e4b-11e7-af78-9fc514b4e118\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"filter\":\"categoryDeviceGroup:\\\"/Operating System\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/1439a5e0-3e69-11e7-899c-f940f646009b.json
+++ b/modules/cef/configuration/kibana/visualization/1439a5e0-3e69-11e7-899c-f940f646009b.json
@ -1,10 +0,0 @@
-{
-  "title": "Endpoint - Navigation",
-  "visState": "{\"title\":\"Endpoint - Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### **Navigation Pane** ###\\n\\n[Endopint Overview](#dashboard/d2fa5030-3e5d-11e7-b212-897f1496dc0e)\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/154ff7e0-3987-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/154ff7e0-3987-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Device Type Breakdown",
-  "visState": "{\"title\":\"Device Type Breakdown\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryDeviceType\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Firewall Types\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/161e27e0-3988-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/161e27e0-3988-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Device Metrics Overview",
-  "visState": "{\"title\":\"Device Metrics Overview\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"30\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceHostName\",\"customLabel\":\"Devices\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceAddress\",\"customLabel\":\"Sources\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationAddress\",\"customLabel\":\"Destinations\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationPort\",\"customLabel\":\"Ports\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/1bde8be0-3e68-11e7-899c-f940f646009b.json
+++ b/modules/cef/configuration/kibana/visualization/1bde8be0-3e68-11e7-899c-f940f646009b.json
@ -1,11 +0,0 @@
-{
-  "title": "Device Types by Vendor",
-  "visState": "{\"title\":\"Device Types by Vendor\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryDeviceType\",\"exclude\":\"Network-based IDS/IPS\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"deviceVendor\",\"exclude\":\"\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/2a33c810-3e4d-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/visualization/2a33c810-3e4d-11e7-af78-9fc514b4e118.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination Location",
-  "visState": "{\"title\":\"Destination Location\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/2b369910-4553-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/2b369910-4553-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "OS Event Types Breakdown",
-  "visState": "{\"title\":\"OS Event Types Breakdown\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"categoryBehavior\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Types\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceUserName\",\"customLabel\":\"Source Users\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationUserName\",\"customLabel\":\"Destination Users\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceHostName\",\"customLabel\":\"Source Hosts\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationHostName\",\"customLabel\":\"Destination Hosts\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/31b85570-454a-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/31b85570-454a-11e7-86b6-95298e9da6dc.json
@ -1,10 +0,0 @@
-{
-  "title": "Navigation",
-  "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### **Dashboards** ###\\n\\n[Network Overview](#/dashboard/37af0b40-398d-11e7-ae19-21fb91585845)\\n\\n[Network Suspicious Activity](#/dashboard/82051450-3e56-11e7-96c4-0d3a291ec93a)\\n\\n[Endpoint Overview](#dashboard/d2fa5030-3e5d-11e7-b212-897f1496dc0e)\\n\\n[Endpoint OS Activity](#/dashboard/64c92510-4555-11e7-83ea-67cb6920446d)\\n\\n[DNS Overview](#/dashboard/f6970130-4549-11e7-86b6-95298e9da6dc)\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/35ce1310-3989-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/35ce1310-3989-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Source Locations",
-  "visState": "{\"title\":\"Source Locations\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Source Location\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/45387480-3989-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/45387480-3989-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination Locations",
-  "visState": "{\"title\":\"Destination Locations\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Destination Location\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/463fc740-454e-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/463fc740-454e-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Endpoint OS Metrics Overview",
-  "visState": "{\"title\":\"Endpoint OS Metrics Overview\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"30\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Events\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceHostName\",\"customLabel\":\"Devices\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"categoryBehavior\",\"customLabel\":\"Event Types\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"categoryOutcome\",\"customLabel\":\"Event Outcomes\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/47c2a140-454f-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/47c2a140-454f-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Events over Time by Unique Source and Destination Users",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Event Count\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"customLabel\":\"Timestamp\",\"extended_bounds\":{},\"field\":\"deviceReceiptTime\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Source Users\",\"field\":\"sourceUserName\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination Users\",\"field\":\"destinationUserName\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Event Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Source Users\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":3,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-2\"},{\"data\":{\"id\":\"4\",\"label\":\"Destination Users\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":3,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-2\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Event Count\"},\"type\":\"value\"},{\"id\":\"ValueAxis-2\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"RightAxis-1\",\"position\":\"right\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"title\":\"Events over Time by Unique Source and Destination Users\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/49953800-4547-11e7-a94a-5d0a73686c64.json
+++ b/modules/cef/configuration/kibana/visualization/49953800-4547-11e7-a94a-5d0a73686c64.json
@ -1,10 +0,0 @@
-{
-  "title": "Top Destination Domains",
-  "visState": "{\"title\":\"Top Destination Domains\",\"type\":\"metrics\",\"params\":{\"id\":\"45479ab0-4545-11e7-a94a-5d0a73686c64\",\"type\":\"top_n\",\"series\":[{\"id\":\"45479ab1-4545-11e7-a94a-5d0a73686c64\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"45479ab2-4545-11e7-a94a-5d0a73686c64\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.3\",\"stacked\":\"none\",\"label\":\"Top Destination Domains\",\"terms_field\":\"destinationDnsDomain\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"deviceEventCategory:\\\"dns\\\"\",\"background_color_rules\":[{\"id\":\"efe6b130-4546-11e7-a94a-5d0a73686c64\"}],\"bar_color_rules\":[{\"id\":\"f596fdb0-4546-11e7-a94a-5d0a73686c64\"}]},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/4cf91f90-3d5c-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/4cf91f90-3d5c-11e7-8b9d-ddc45b5f6d00.json
@ -1,10 +0,0 @@
-{
-  "title": "Firewall - Devices - Top EPS by Category Device Type",
-  "visState": "{\"title\":\"Firewall - Devices - Top EPS by Category Device Type\",\"type\":\"metrics\",\"params\":{\"id\":\"429af7e0-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"top_n\",\"series\":[{\"id\":\"429af7e1-3d5b-11e7-8b9d-ddc45b5f6d00\",\"color\":\"rgba(252,220,0,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"429af7e2-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"linear\",\"unit\":\"\",\"id\":\"112da8a0-3d5c-11e7-8b9d-ddc45b5f6d00\",\"type\":\"moving_average\",\"field\":\"429af7e2-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Top EPS contributors by Category Device Type\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"categoryDeviceType\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\",\"bar_color_rules\":[{\"id\":\"77dd4e80-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"background_color_rules\":[{\"id\":\"798c5e10-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"gauge_color_rules\":[{\"value\":0,\"id\":\"988f35d0-3d5b-11e7-8b9d-ddc45b5f6d00\",\"gauge\":null}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/4ff86ee0-4549-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/4ff86ee0-4549-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Source Address",
-  "visState": "{\"title\":\"Top Source Address\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":11,\"maxFontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceAddress\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Addresses\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "16a72e70-4543-11e7-9510-4b0b4978ab0e",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/5acacad0-3986-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/5acacad0-3986-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Firewall - Devices - Event Outcome over Time",
-  "visState": "{\"title\":\"Firewall - Devices - Event Outcome over Time\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Time\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"deviceReceiptTime\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"categoryOutcome\",\"size\":2,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Outcome\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"colors\":{\"/Failure\":\"#BF1B00\",\"/Success\":\"#629E51\"}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/5acb74d0-398b-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/5acb74d0-398b-11e7-ae19-21fb91585845.json
@ -1,10 +0,0 @@
-{
-  "title": "Events Average by Device Types",
-  "visState": "{\"title\":\"Events Average by Device Types\",\"type\":\"metrics\",\"params\":{\"id\":\"e1a58ab0-3957-11e7-ae19-21fb91585845\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8f58a280-395a-11e7-ae19-21fb91585845\",\"color\":\"rgba(211,49,21,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8f58a281-395a-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"sigma\":\"\",\"id\":\"140cf490-395b-11e7-ae19-21fb91585845\",\"type\":\"moving_average\",\"field\":\"8f58a281-395a-11e7-ae19-21fb91585845\"}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"\",\"terms_field\":\"deviceHostName\",\"terms_order_by\":null,\"label\":\"Moving Average Event Count\",\"steps\":0,\"split_filters\":[{\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\",\"label\":\"Firewall\",\"color\":\"rgba(244,78,59,1)\",\"id\":\"e403ef60-4684-11e7-8ffc-b5cec7c0edbb\"}]},{\"id\":\"3bb711b0-395b-11e7-ae19-21fb91585845\",\"color\":\"rgba(251,158,0,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"3bb711b1-395b-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"4b515cc0-395b-11e7-ae19-21fb91585845\",\"type\":\"moving_average\",\"field\":\"3bb711b1-395b-11e7-ae19-21fb91585845\"}],\"seperate_axis\":1,\"axis_position\":\"left\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"terms_field\":\"categoryDeviceType\",\"terms_size\":\"10\",\"label\":\"Top Device Types by Mvg Averages\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"e4772140-3957-11e7-ae19-21fb91585845\"}],\"background_color\":null,\"filter\":\"categoryDeviceType:\\\"Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\"\",\"background_color_rules\":[{\"id\":\"837bfbb0-395a-11e7-ae19-21fb91585845\"}],\"gauge_color_rules\":[{\"id\":\"8970f250-395a-11e7-ae19-21fb91585845\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/6414e6b0-4549-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/6414e6b0-4549-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Destination Domain",
-  "visState": "{\"title\":\"Top Destination Domain\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":11,\"maxFontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationDnsDomain\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"DNS Domains\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "16a72e70-4543-11e7-9510-4b0b4978ab0e",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/68180c80-4556-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/68180c80-4556-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination Host Mapping",
-  "visState": "{\"title\":\"Destination Host Mapping\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceHostName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Host\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationHostName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Host\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/6bb7d0e0-4548-11e7-a94a-5d0a73686c64.json
+++ b/modules/cef/configuration/kibana/visualization/6bb7d0e0-4548-11e7-a94a-5d0a73686c64.json
@ -1,11 +0,0 @@
-{
-  "title": "Query Type by Device",
-  "visState": "{\"title\":\"Query Type by Device\",\"type\":\"heatmap\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Yellow to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"deviceHostName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"DNS Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"deviceCustomString1\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"DNS Query Types\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 33\":\"rgb(255,255,204)\",\"33 - 65\":\"rgb(254,217,118)\",\"65 - 98\":\"rgb(253,141,60)\",\"98 - 130\":\"rgb(227,27,28)\"}}}",
-  "description": "",
-  "savedSearchId": "16a72e70-4543-11e7-9510-4b0b4978ab0e",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/6dfc0e30-3958-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/6dfc0e30-3958-11e7-ae19-21fb91585845.json
@ -1,10 +0,0 @@
-{
-  "title": "Firewall - Devices - Top Devices by Event Count",
-  "visState": "{\"title\":\"Firewall - Devices - Top Devices by Event Count\",\"type\":\"metrics\",\"params\":{\"id\":\"e1a58ab0-3957-11e7-ae19-21fb91585845\",\"type\":\"top_n\",\"series\":[{\"id\":\"e1a58ab1-3957-11e7-ae19-21fb91585845\",\"color\":\"rgba(174,161,255,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"e1a58ab2-3957-11e7-ae19-21fb91585845\",\"type\":\"count\",\"field\":\"deviceHostName\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Top Firewall Devices\",\"terms_field\":\"deviceHostName\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"e4772140-3957-11e7-ae19-21fb91585845\"}],\"background_color\":null,\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/6fb90a30-3e6b-11e7-9d4a-89ea81333ea4.json
+++ b/modules/cef/configuration/kibana/visualization/6fb90a30-3e6b-11e7-9d4a-89ea81333ea4.json
@ -1,11 +0,0 @@
-{
-  "title": "Event Techniques by Outcome and Significance",
-  "visState": "{\"title\":\"Event Techniques by Outcome and Significance\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryDeviceType\",\"exclude\":\"Network-based IDS/IPS\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryOutcome\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categorySignificance\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryTechnique\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"colors\":{\"/Informational\":\"#7EB26D\",\"/Informational/Warning\":\"#EF843C\",\"/Success\":\"#64B0C8\",\"Anti-Virus\":\"#B7DBAB\",\"Host-based IDS/IPS\":\"#629E51\",\"Log Consolidator\":\"#E0F9D7\",\"Operating System\":\"#3F6833\",\"Recon\":\"#BF1B00\",\"Security Mangement\":\"#CFFAFF\"},\"legendOpen\":true}}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/7008cd50-3988-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/7008cd50-3988-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Bandwidth Overview",
-  "visState": "{\"title\":\"Bandwidth Overview\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"25\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytesIn\",\"customLabel\":\"Incoming\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytesOut\",\"customLabel\":\"Outgoing\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/75582a90-3987-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/75582a90-3987-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Outcome by Device Type",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Firewall Types\",\"field\":\"categoryDeviceType\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Event Outcome\",\"field\":\"categoryOutcome\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":3},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Firewall Types\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":true,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"percentage\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"title\":\"Outcome by Device Type\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{\"vis\":{\"colors\":{\"/Success\":\"#629E51\",\"/Failure\":\"#BF1B00\"}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/77cb1470-3989-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/77cb1470-3989-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Application Protocols",
-  "visState": "{\"title\":\"Application Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":26,\"maxFontSize\":72,\"hideLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"applicationProtocol\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/7a043760-3990-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/7a043760-3990-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Source Countries Breakdown",
-  "visState": "{\"title\":\"Source Countries Breakdown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.country_name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceAddress\",\"customLabel\":\"Source Addresses\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationAddress\",\"customLabel\":\"Destination Addresses\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationPort\",\"customLabel\":\"Destination Ports\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/7c414c90-3e66-11e7-899c-f940f646009b.json
+++ b/modules/cef/configuration/kibana/visualization/7c414c90-3e66-11e7-899c-f940f646009b.json
@ -1,11 +0,0 @@
-{
-  "title": "Source Country Breakdown",
-  "visState": "{\"title\":\"Source Country Breakdown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.country_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceAddress\",\"customLabel\":\"Source Addresses\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationAddress\",\"customLabel\":\"Destination Addresses\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationPort\",\"customLabel\":\"Destination Ports\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/7c6875e0-3e61-11e7-899c-f940f646009b.json
+++ b/modules/cef/configuration/kibana/visualization/7c6875e0-3e61-11e7-899c-f940f646009b.json
@ -1,11 +0,0 @@
-{
-  "title": "Outcomes by Device Type",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"categoryDeviceType\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"categoryOutcome\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"categoryDeviceType: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"title\":\"Outcomes by Device Type\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{\"vis\":{\"colors\":{\"/Failure\":\"#BF1B00\"},\"legendOpen\":true}}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/801fff70-395a-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/801fff70-395a-11e7-ae19-21fb91585845.json
@ -1,10 +0,0 @@
-{
-  "title": "Bandwidth Utilization",
-  "visState": "{\"title\":\"Bandwidth Utilization\",\"type\":\"metrics\",\"params\":{\"id\":\"e1a58ab0-3957-11e7-ae19-21fb91585845\",\"type\":\"timeseries\",\"series\":[{\"id\":\"e1a58ab1-3957-11e7-ae19-21fb91585845\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e1a58ab2-3957-11e7-ae19-21fb91585845\",\"type\":\"sum\",\"field\":\"bytesIn\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Inbound Bandwidth\",\"terms_field\":\"deviceHostName\",\"terms_order_by\":\"_count\",\"override_index_pattern\":1,\"series_index_pattern\":\"cef-*\",\"series_time_field\":\"deviceReceiptTime\"},{\"id\":\"67c18da0-3959-11e7-ae19-21fb91585845\",\"color\":\"rgba(244,78,59,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"67c18da1-3959-11e7-ae19-21fb91585845\",\"type\":\"sum\",\"field\":\"bytesOut\"},{\"script\":\"params.outbound > 0 ? params.outbound * -1 : 0\",\"id\":\"7ec4d1b0-3959-11e7-ae19-21fb91585845\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a9fb70f0-3959-11e7-ae19-21fb91585845\",\"name\":\"outbound\",\"field\":\"67c18da1-3959-11e7-ae19-21fb91585845\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Outbound Bandwidth\",\"override_index_pattern\":1,\"series_index_pattern\":\"cef-*\",\"series_time_field\":\"deviceReceiptTime\",\"steps\":0}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"e4772140-3957-11e7-ae19-21fb91585845\"}],\"background_color\":null,\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\" \"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/82caeb10-4556-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/82caeb10-4556-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "OS Top Source Users",
-  "visState": "{\"title\":\"OS Top Source Users\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceUserName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Users\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/8bdaafe0-454e-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/8bdaafe0-454e-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "OS Source and Destination Overview",
-  "visState": "{\"title\":\"OS Source and Destination Overview\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"25\"},\"aggs\":[{\"id\":\"9\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceHostName\",\"customLabel\":\"Source Hosts\"}},{\"id\":\"10\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationHostName\",\"customLabel\":\"Destination Hosts\"}},{\"id\":\"11\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceUserName\",\"customLabel\":\"Source Users\"}},{\"id\":\"12\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationUserName\",\"customLabel\":\"Destination Users\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/8f8d6230-454f-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/8f8d6230-454f-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Outcome by Event Type",
-  "visState": "{\"title\":\"Outcome by Event Type\",\"type\":\"heatmap\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"enableHover\":true,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":10,\"colorSchema\":\"Yellow to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryBehavior\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"categoryOutcome\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Outcome\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 9,000\":\"rgb(255,255,204)\",\"9,000 - 18,000\":\"rgb(255,241,170)\",\"18,000 - 27,000\":\"rgb(254,225,135)\",\"27,000 - 36,000\":\"rgb(254,201,101)\",\"36,000 - 45,000\":\"rgb(254,171,73)\",\"45,000 - 54,000\":\"rgb(253,141,60)\",\"54,000 - 63,000\":\"rgb(252,91,46)\",\"63,000 - 72,000\":\"rgb(237,47,34)\",\"72,000 - 81,000\":\"rgb(212,16,32)\",\"81,000 - 90,000\":\"rgb(176,0,38)\"}}}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/9141cc20-4553-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/9141cc20-4553-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "OS by Vendors and Products",
-  "visState": "{\"title\":\"OS by Vendors and Products\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"deviceVendor\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"OS Vendor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"deviceProduct\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"OS Product\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/93531890-4556-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/93531890-4556-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "OS Top Destination Users",
-  "visState": "{\"title\":\"OS Top Destination Users\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationUserName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Users\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/96af5bf0-3e50-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/visualization/96af5bf0-3e50-11e7-af78-9fc514b4e118.json
@ -1,10 +0,0 @@
-{
-  "title": "Event Averages",
-  "visState": "{\"title\":\"Event Averages\",\"type\":\"metrics\",\"params\":{\"id\":\"f80221f0-3e4e-11e7-af78-9fc514b4e118\",\"type\":\"timeseries\",\"series\":[{\"id\":\"f80221f1-3e4e-11e7-af78-9fc514b4e118\",\"color\":\"rgba(254,37,37,1)\",\"split_mode\":\"filters\",\"metrics\":[{\"id\":\"f8024900-3e4e-11e7-af78-9fc514b4e118\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"1d93e660-3e4f-11e7-af78-9fc514b4e118\",\"type\":\"moving_average\",\"field\":\"f8024900-3e4e-11e7-af78-9fc514b4e118\"}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":1,\"fill\":\"0\",\"stacked\":\"none\",\"split_filters\":[{\"filter\":\"categoryDeviceGroup:\\\"/Operating System\\\" \",\"label\":\"Operating System\",\"color\":\"rgba(244,78,59,1)\",\"id\":\"725ac7e0-3e4f-11e7-af78-9fc514b4e118\"},{\"filter\":\" categoryDeviceGroup:\\\"/IDS/Host\\\"\",\"label\":\"Host IDS\",\"color\":\"rgba(254,146,0,1)\",\"id\":\"bd6104c0-3e4f-11e7-af78-9fc514b4e118\"},{\"filter\":\"categoryDeviceGroup:\\\"/Application\\\"\",\"label\":\"Application\",\"color\":\"rgba(252,220,0,1)\",\"id\":\"cf5dd0e0-3e4f-11e7-af78-9fc514b4e118\"}],\"label\":\"Moving Average Event Count\"},{\"id\":\"1633f8a0-3e50-11e7-af78-9fc514b4e118\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"1633f8a1-3e50-11e7-af78-9fc514b4e118\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"2b8a9e20-3e50-11e7-af78-9fc514b4e118\",\"type\":\"moving_average\",\"field\":\"1633f8a1-3e50-11e7-af78-9fc514b4e118\"}],\"seperate_axis\":1,\"axis_position\":\"left\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Moving Average by Device HostNames\",\"terms_field\":\"deviceHostName\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"categoryDeviceGroup:\\\"/Operating System\\\" OR categoryDeviceGroup:\\\"/IDS/Host\\\" OR categoryDeviceGroup:\\\"/Application\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/992c7bd0-3e4e-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/992c7bd0-3e4e-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Host Scan",
-  "visState": "{\"title\":\"Host Scan\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationAddress\",\"customLabel\":\"Destination Addresses\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sourceAddress\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Source Address\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/9d317890-3988-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/9d317890-3988-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Overall Time Range",
-  "visState": "{\"title\":\"Overall Time Range\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"15\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceReceiptTime\",\"customLabel\":\"Start Time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceReceiptTime\",\"customLabel\":\"End Time\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/9de87d40-3e4e-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/visualization/9de87d40-3e4e-11e7-af78-9fc514b4e118.json
@ -1,11 +0,0 @@
-{
-  "title": "Event Outcomes Breakdown",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"customLabel\":\"Time\",\"extended_bounds\":{},\"field\":\"deviceReceiptTime\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"categoryOutcome\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Time\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"title\":\"Event Outcomes Breakdown\",\"type\":\"area\"}",
-  "uiStateJSON": "{\"vis\":{\"colors\":{\"/Failure\":\"#BF1B00\",\"/Attempt\":\"#3F2B5B\"},\"legendOpen\":true}}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/a8ce0ef0-4556-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/a8ce0ef0-4556-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "OS Top Source Hosts",
-  "visState": "{\"title\":\"OS Top Source Hosts\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceHostName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hosts\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/aa2ff0a0-3e4a-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/aa2ff0a0-3e4a-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Unique Destinations and Ports by Source",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Destination Addresses\",\"field\":\"destinationAddress\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source Addresses\",\"field\":\"sourceAddress\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination Ports\",\"field\":\"destinationPort\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source Addresses\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Destination Addresses\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Destination Ports\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-2\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Addresses\"},\"type\":\"value\"},{\"id\":\"ValueAxis-2\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"RightAxis-1\",\"position\":\"right\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Ports\"},\"type\":\"value\"}]},\"title\":\"Unique Destinations and Ports by Source\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/ad802c10-3973-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/ad802c10-3973-11e7-ae19-21fb91585845.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Device Bandwidth Utilization",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Device\",\"field\":\"deviceHostName\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Source(s)\",\"field\":\"sourceAddress\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination(s)\",\"field\":\"destinationAddress\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"6\",\"params\":{\"customLabel\":\"Destination Ports\",\"field\":\"destinationPort\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Bandwidth (Incoming)\",\"field\":\"bytesIn\"},\"schema\":\"metric\",\"type\":\"sum\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Bandwidth (Outgoing)\",\"field\":\"bytesOut\"},\"schema\":\"metric\",\"type\":\"sum\"}],\"listeners\":{},\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Top Device Bandwidth Utilization\",\"type\":\"table\"}",
-  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/afdba840-3e55-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/afdba840-3e55-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Source Addresses",
-  "visState": "{\"title\":\"Top Source Addresses\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sourceAddress\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Addresses\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/b74e59b0-3e5f-11e7-899c-f940f646009b.json
+++ b/modules/cef/configuration/kibana/visualization/b74e59b0-3e5f-11e7-899c-f940f646009b.json
@ -1,11 +0,0 @@
-{
-  "title": "Endpoint Metrics Overview",
-  "visState": "{\"title\":\"Endpoint Metrics Overview\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"30\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceHostName\",\"customLabel\":\"Devices\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceAddress\",\"customLabel\":\"Source\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationAddress\",\"customLabel\":\"Destination\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationPort\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/b897ce70-4556-11e7-83ea-67cb6920446d.json
+++ b/modules/cef/configuration/kibana/visualization/b897ce70-4556-11e7-83ea-67cb6920446d.json
@ -1,11 +0,0 @@
-{
-  "title": "OS Top Destination Hosts",
-  "visState": "{\"title\":\"OS Top Destination Hosts\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationHostName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hosts\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/bfa45650-3e55-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/bfa45650-3e55-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Destination Addresses",
-  "visState": "{\"title\":\"Top Destination Addresses\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationAddress\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Addresses\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/c53825b0-3e4b-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/visualization/c53825b0-3e4b-11e7-af78-9fc514b4e118.json
@ -1,10 +0,0 @@
-{
-  "title": "Endpoint -  Average EPS",
-  "visState": "{\"title\":\"Endpoint -  Average EPS\",\"type\":\"metrics\",\"params\":{\"id\":\"3f2cf630-3e4b-11e7-af78-9fc514b4e118\",\"type\":\"gauge\",\"series\":[{\"id\":\"3f2cf631-3e4b-11e7-af78-9fc514b4e118\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3f2cf632-3e4b-11e7-af78-9fc514b4e118\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"5abdb1a0-3e4b-11e7-af78-9fc514b4e118\",\"type\":\"moving_average\",\"field\":\"3f2cf632-3e4b-11e7-af78-9fc514b4e118\"},{\"script\":\"params.mvgAvg != 0 ? params.mvgAvg / 60 : params.mvgAvg\",\"id\":\"f9968410-4692-11e7-8116-65b4628ff93f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"fb9ab880-4692-11e7-8116-65b4628ff93f\",\"name\":\"mvgAvg\",\"field\":\"5abdb1a0-3e4b-11e7-af78-9fc514b4e118\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Event Throughput\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"527ca820-3e4b-11e7-af78-9fc514b4e118\"}],\"gauge_color_rules\":[{\"id\":\"52cee6d0-3e4b-11e7-af78-9fc514b4e118\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"filter\":\"categoryDeviceGroup:\\\"/Operating System\\\" OR categoryDeviceGroup:\\\"/IDS/Host\\\" OR categoryDeviceGroup:\\\"/Application\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/c6db4140-4544-11e7-a94a-5d0a73686c64.json
+++ b/modules/cef/configuration/kibana/visualization/c6db4140-4544-11e7-a94a-5d0a73686c64.json
@ -1,11 +0,0 @@
-{
-  "title": "DNS Metrics Overview",
-  "visState": "{\"title\":\"DNS Metrics Overview\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"25\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceHostName\",\"customLabel\":\"# of DNS Devices\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sourceAddress\",\"customLabel\":\"Source Address(es)\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceCustomString3\",\"customLabel\":\"Connection IDs\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationDnsDomain\",\"customLabel\":\"Domains\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"deviceCustomString1\",\"customLabel\":\"Query Type(s)\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "16a72e70-4543-11e7-9510-4b0b4978ab0e",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/c9e333a0-4550-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/c9e333a0-4550-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Source Users by Event Types and Unique Destination Users",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source Users\",\"field\":\"sourceUserName\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Event Types\",\"field\":\"categoryBehavior\"},\"schema\":\"metric\",\"type\":\"cardinality\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination User Names\",\"field\":\"destinationUserName\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source Users\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Event Types\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-2\"},{\"data\":{\"id\":\"4\",\"label\":\"Destination User Names\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-2\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"},{\"id\":\"ValueAxis-2\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"RightAxis-1\",\"position\":\"right\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"title\":\"Source Users by Event Types and Unique Destination Users\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/cc8affd0-3e65-11e7-899c-f940f646009b.json
+++ b/modules/cef/configuration/kibana/visualization/cc8affd0-3e65-11e7-899c-f940f646009b.json
@ -1,11 +0,0 @@
-{
-  "title": "Source Country",
-  "visState": "{\"title\":\"Source Country\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.country_name\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/cd462cc0-3e55-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/cd462cc0-3e55-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Destination Ports",
-  "visState": "{\"title\":\"Top Destination Ports\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationPort\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Addresses\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/d6d526f0-395b-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/d6d526f0-395b-11e7-ae19-21fb91585845.json
@ -1,10 +0,0 @@
-{
-  "title": "Events Average by Sources",
-  "visState": "{\"title\":\"Events Average by Sources\",\"type\":\"metrics\",\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"background_color\":null,\"background_color_rules\":[{\"id\":\"837bfbb0-395a-11e7-ae19-21fb91585845\"}],\"bar_color_rules\":[{\"id\":\"e4772140-3957-11e7-ae19-21fb91585845\"}],\"filter\":\"categoryDeviceType:\\\"Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\"\",\"gauge_color_rules\":[{\"id\":\"8970f250-395a-11e7-ae19-21fb91585845\"}],\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_width\":10,\"id\":\"e1a58ab0-3957-11e7-ae19-21fb91585845\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"0\",\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\",\"formatter\":\"number\",\"id\":\"8f58a280-395a-11e7-ae19-21fb91585845\",\"label\":\"Moving Average Event Count\",\"line_width\":\"3\",\"metrics\":[{\"id\":\"8f58a281-395a-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"field\":\"8f58a281-395a-11e7-ae19-21fb91585845\",\"id\":\"140cf490-395b-11e7-ae19-21fb91585845\",\"sigma\":\"\",\"type\":\"moving_average\"}],\"point_size\":\"0\",\"seperate_axis\":1,\"split_mode\":\"filters\",\"stacked\":\"none\",\"steps\":0,\"terms_field\":\"deviceHostName\",\"terms_order_by\":null,\"split_filters\":[{\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\",\"label\":\"Firewall Events\",\"color\":\"rgba(244,78,59,1)\",\"id\":\"1fd3fa30-4685-11e7-8ffc-b5cec7c0edbb\"},{\"filter\":\"categoryDeviceGroup:\\\"/IDS/Network\\\"\",\"label\":\"Intrusion Detection Events\",\"color\":\"rgba(254,146,0,1)\",\"id\":\"274111e0-4685-11e7-8ffc-b5cec7c0edbb\"},{\"filter\":\"categoryDeviceGroup:\\\"/VPN\\\"\",\"label\":\"VPN\",\"color\":\"rgba(252,220,0,1)\",\"id\":\"5682a680-468f-11e7-8116-65b4628ff93f\"}]},{\"axis_position\":\"left\",\"chart_type\":\"bar\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"0.5\",\"formatter\":\"number\",\"id\":\"3bb711b0-395b-11e7-ae19-21fb91585845\",\"label\":\"Moving Average by Device Hosts\",\"line_width\":1,\"metrics\":[{\"id\":\"3bb711b1-395b-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"field\":\"3bb711b1-395b-11e7-ae19-21fb91585845\",\"id\":\"4b515cc0-395b-11e7-ae19-21fb91585845\",\"type\":\"moving_average\"}],\"point_size\":1,\"seperate_axis\":1,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"deviceHostName\",\"terms_size\":\"10\",\"split_color_mode\":\"gradient\"}],\"show_legend\":1,\"time_field\":\"deviceReceiptTime\",\"type\":\"timeseries\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/d8314510-454f-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/d8314510-454f-11e7-86b6-95298e9da6dc.json
@ -1,11 +0,0 @@
-{
-  "title": "Behavior Outcome Mapping",
-  "visState": "{\"title\":\"Behavior Outcome Mapping\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryBehavior\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Behavior\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"categoryOutcome\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Outcome\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "7a2fc9c0-454d-11e7-86b6-95298e9da6dc",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/ddef4fc0-3e55-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/ddef4fc0-3e55-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Firewall - Suspicious - Top Application Protocols Word Cloud",
-  "visState": "{\"title\":\"Firewall - Suspicious - Top Application Protocols Word Cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"applicationProtocol\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Addresses\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/e301a830-3e4d-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/visualization/e301a830-3e4d-11e7-af78-9fc514b4e118.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination Ports by Outcomes",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"destinationPort\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":20},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"categoryOutcome\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destinationPort: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"value\"}]},\"title\":\"Destination Ports by Outcomes\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/e3888410-3e50-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/e3888410-3e50-11e7-96c4-0d3a291ec93a.json
@ -1,10 +0,0 @@
-{
-  "title": "Events by Severity",
-  "visState": "{\"title\":\"Events by Severity\",\"type\":\"metrics\",\"params\":{\"id\":\"69a9f020-3e50-11e7-96c4-0d3a291ec93a\",\"type\":\"top_n\",\"series\":[{\"id\":\"69a9f021-3e50-11e7-96c4-0d3a291ec93a\",\"color\":\"#68BC00\",\"split_mode\":\"filters\",\"metrics\":[{\"id\":\"69a9f022-3e50-11e7-96c4-0d3a291ec93a\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"split_filters\":[{\"filter\":\"severity:\\\"Low\\\" OR severity:\\\"0\\\"\",\"label\":\"LOW\",\"color\":\"rgba(104,204,202,1)\",\"id\":\"8819d6b0-3e50-11e7-96c4-0d3a291ec93a\"},{\"filter\":\"severity:\\\"Medium\\\"\",\"label\":\"MEDIUM\",\"color\":\"rgba(252,220,0,1)\",\"id\":\"9a4f6610-3e50-11e7-96c4-0d3a291ec93a\"},{\"filter\":\"severity:\\\"High\\\"\",\"label\":\"HIGH\",\"color\":\"rgba(254,146,0,1)\",\"id\":\"a3de4c50-3e50-11e7-96c4-0d3a291ec93a\"},{\"filter\":\"severity:\\\"Very-High\\\"\",\"label\":\"VERY HIGH\",\"color\":\"rgba(244,78,59,1)\",\"id\":\"a9926960-3e50-11e7-96c4-0d3a291ec93a\"}],\"label\":\"Event by Severities\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"id\":\"6ed9c200-3e50-11e7-96c4-0d3a291ec93a\"}],\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/e9c3ee00-3978-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/e9c3ee00-3978-11e7-ae19-21fb91585845.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination Ports by Outcome",
-  "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Protocols\",\"field\":\"destinationPort\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"field\":\"categoryOutcome\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocols\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"percentage\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Destination Ports by Outcome\",\"type\":\"histogram\"}",
-  "uiStateJSON": "{\"vis\":{\"colors\":{\"/Success\":\"#629E51\",\"/Failure\":\"#BF1B00\"}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/ec576ff0-4546-11e7-a94a-5d0a73686c64.json
+++ b/modules/cef/configuration/kibana/visualization/ec576ff0-4546-11e7-a94a-5d0a73686c64.json
@ -1,10 +0,0 @@
-{
-  "title": "Events over Time by Query Type",
-  "visState": "{\"title\":\"Events over Time by Query Type\",\"type\":\"metrics\",\"params\":{\"id\":\"45479ab0-4545-11e7-a94a-5d0a73686c64\",\"type\":\"timeseries\",\"series\":[{\"id\":\"45479ab1-4545-11e7-a94a-5d0a73686c64\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"45479ab2-4545-11e7-a94a-5d0a73686c64\",\"type\":\"count\"}],\"seperate_axis\":1,\"axis_position\":\"left\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.3\",\"stacked\":\"none\",\"label\":\"Event Count\"},{\"id\":\"afc2ab00-4545-11e7-a94a-5d0a73686c64\",\"color\":\"rgba(22,165,165,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"afc2ab01-4545-11e7-a94a-5d0a73686c64\",\"type\":\"count\"}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":1,\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"Query Types\",\"terms_field\":\"deviceCustomString1\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"deviceEventCategory:\\\"dns\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/ec926660-396f-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/ec926660-396f-11e7-ae19-21fb91585845.json
@ -1,11 +0,0 @@
-{
-  "title": "Top Devices by Outcome",
-  "visState": "{\"title\":\"Top Devices by Outcome\",\"type\":\"heatmap\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"enableHover\":true,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":6,\"colorSchema\":\"Yellow to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":true,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"deviceHostName\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device Host Names\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"categoryOutcome\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Outcome\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0% - 17%\":\"rgb(255,255,204)\",\"17% - 34%\":\"rgb(255,230,146)\",\"34% - 50%\":\"rgb(254,191,90)\",\"50% - 67%\":\"rgb(253,141,60)\",\"67% - 84%\":\"rgb(244,61,37)\",\"84% - 100%\":\"rgb(202,8,35)\"}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/ed2f5570-3d5b-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/ed2f5570-3d5b-11e7-8b9d-ddc45b5f6d00.json
@ -1,10 +0,0 @@
-{
-  "title": "Network - Event Throughput",
-  "visState": "{\"title\":\"Network - Event Throughput\",\"type\":\"metrics\",\"params\":{\"id\":\"429af7e0-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"gauge\",\"series\":[{\"id\":\"429af7e1-3d5b-11e7-8b9d-ddc45b5f6d00\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"429af7e2-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"linear\",\"id\":\"5faf9430-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"moving_average\",\"field\":\"429af7e2-3d5b-11e7-8b9d-ddc45b5f6d00\"},{\"script\":\"params.mvgAvg != 0 ? params.mvgAvg / 60 : params.mvgAvg\",\"id\":\"2e992f10-4692-11e7-8116-65b4628ff93f\",\"type\":\"calculation\",\"variables\":[{\"id\":\"30c47380-4692-11e7-8116-65b4628ff93f\",\"name\":\"mvgAvg\",\"field\":\"5faf9430-3d5b-11e7-8b9d-ddc45b5f6d00\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Event Throughput\",\"value_template\":\"{{value}}  / s\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"categoryDeviceType:\\\"Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\" \",\"bar_color_rules\":[{\"id\":\"77dd4e80-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"background_color_rules\":[{\"id\":\"798c5e10-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"gauge_color_rules\":[{\"value\":0,\"id\":\"988f35d0-3d5b-11e7-8b9d-ddc45b5f6d00\",\"gauge\":null}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/f0664070-4551-11e7-86b6-95298e9da6dc.json
+++ b/modules/cef/configuration/kibana/visualization/f0664070-4551-11e7-86b6-95298e9da6dc.json
@ -1,10 +0,0 @@
-{
-  "title": "Event Count by Outcome",
-  "visState": "{\"title\":\"Event Count by Outcome\",\"type\":\"metrics\",\"params\":{\"id\":\"e10aefa0-4550-11e7-86b6-95298e9da6dc\",\"type\":\"timeseries\",\"series\":[{\"id\":\"1b5b1130-4551-11e7-86b6-95298e9da6dc\",\"color\":\"rgba(244,78,59,1)\",\"split_mode\":\"filters\",\"metrics\":[{\"id\":\"1b5b1131-4551-11e7-86b6-95298e9da6dc\",\"type\":\"count\"}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":1,\"fill\":\"0\",\"stacked\":\"none\",\"terms_field\":\"categoryOutcome\",\"terms_size\":\"3\",\"label\":\"Event Outcomes\",\"hide_in_legend\":0,\"split_filters\":[{\"filter\":\"categoryOutcome:\\\"/Failure\\\"\",\"label\":\"Failure\",\"color\":\"rgba(244,78,59,1)\",\"id\":\"a4c1a0b0-4551-11e7-86b6-95298e9da6dc\"},{\"filter\":\"categoryOutcome:\\\"/Success\\\"\",\"label\":\"Success\",\"color\":\"rgba(104,188,0,1)\",\"id\":\"b51f14b0-4551-11e7-86b6-95298e9da6dc\"},{\"filter\":\"categoryOutcome:\\\"/Attempt\\\"\",\"label\":\"Attempt\",\"color\":\"rgba(251,158,0,1)\",\"id\":\"c4b19790-4551-11e7-86b6-95298e9da6dc\"}]},{\"id\":\"e10aefa1-4550-11e7-86b6-95298e9da6dc\",\"color\":\"rgba(104,204,202,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e10aefa2-4550-11e7-86b6-95298e9da6dc\",\"type\":\"count\"}],\"seperate_axis\":1,\"axis_position\":\"left\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Event Count\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"categoryDeviceGroup:\\\"/Operating System\\\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/f23438c0-4548-11e7-a94a-5d0a73686c64.json
+++ b/modules/cef/configuration/kibana/visualization/f23438c0-4548-11e7-a94a-5d0a73686c64.json
@ -1,10 +0,0 @@
-{
-  "title": "DNS - Moving Average Event Count",
-  "visState": "{\"title\":\"DNS - Moving Average Event Count\",\"type\":\"metrics\",\"params\":{\"id\":\"429af7e0-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"gauge\",\"series\":[{\"id\":\"429af7e1-3d5b-11e7-8b9d-ddc45b5f6d00\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"429af7e2-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"5faf9430-3d5b-11e7-8b9d-ddc45b5f6d00\",\"type\":\"moving_average\",\"field\":\"429af7e2-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Last Event Avg\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"filter\":\"deviceEventCategory:\\\"dns\\\"\",\"bar_color_rules\":[{\"id\":\"77dd4e80-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"background_color_rules\":[{\"id\":\"798c5e10-3d5b-11e7-8b9d-ddc45b5f6d00\"}],\"gauge_color_rules\":[{\"value\":0,\"id\":\"988f35d0-3d5b-11e7-8b9d-ddc45b5f6d00\",\"gauge\":null}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"gauge_max\":\"\",\"ignore_global_filter\":1},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/f57ea930-395d-11e7-ae19-21fb91585845.json
+++ b/modules/cef/configuration/kibana/visualization/f57ea930-395d-11e7-ae19-21fb91585845.json
@ -1,10 +0,0 @@
-{
-  "title": "Event Averages by Outcome",
-  "visState": "{\"title\":\"Event Averages by Outcome\",\"type\":\"metrics\",\"params\":{\"id\":\"e1a58ab0-3957-11e7-ae19-21fb91585845\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8f58a280-395a-11e7-ae19-21fb91585845\",\"color\":\"rgba(211,49,21,1)\",\"split_mode\":\"filter\",\"metrics\":[{\"id\":\"8f58a281-395a-11e7-ae19-21fb91585845\",\"type\":\"count\"},{\"settings\":\"\",\"minimize\":0,\"window\":\"\",\"model\":\"simple\",\"id\":\"4ec00ae0-4686-11e7-8ffc-b5cec7c0edbb\",\"type\":\"moving_average\",\"field\":\"8f58a281-395a-11e7-ae19-21fb91585845\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"(categoryDeviceGroup:\\\"/Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\") AND _exists_:categoryOutcome\",\"terms_field\":\"deviceHostName\",\"terms_order_by\":null,\"label\":\"Mvg Avg Events with Outcomes\",\"steps\":0,\"split_filters\":[{\"filter\":\"categoryDeviceGroup:\\\"/Firewall\\\"\",\"label\":\"Firewall\",\"color\":\"rgba(254,146,0,1)\",\"id\":\"ccf3be70-395c-11e7-ae19-21fb91585845\"}]},{\"id\":\"3bb711b0-395b-11e7-ae19-21fb91585845\",\"color\":\"rgba(104,188,0,1)\",\"split_mode\":\"filters\",\"metrics\":[{\"id\":\"3bb711b1-395b-11e7-ae19-21fb91585845\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"left\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"1\",\"stacked\":\"stacked\",\"terms_field\":\"categoryOutcome\",\"terms_size\":\"3\",\"label\":\"Moving Average by Event Outcome\",\"split_filters\":[{\"filter\":\"categoryOutcome:\\\"/Success\\\"\",\"label\":\"Success\",\"color\":\"rgba(104,188,0,0.35)\",\"id\":\"c3189780-395d-11e7-ae19-21fb91585845\"},{\"filter\":\"categoryOutcome:\\\"/Failure\\\"\",\"label\":\"Failure\",\"color\":\"rgba(244,78,59,1)\",\"id\":\"d37d3770-395d-11e7-ae19-21fb91585845\"},{\"filter\":\"categoryOutcome:\\\"/Attempt\\\"\",\"label\":\"Attempt\",\"color\":\"rgba(0,156,224,1)\",\"id\":\"e59c7440-4685-11e7-8ffc-b5cec7c0edbb\"}]}],\"time_field\":\"deviceReceiptTime\",\"index_pattern\":\"cef-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"bar_color_rules\":[{\"value\":0,\"id\":\"e4772140-3957-11e7-ae19-21fb91585845\",\"bar_color\":null}],\"background_color\":null,\"filter\":\"categoryDeviceType:\\\"Firewall\\\" OR categoryDeviceGroup:\\\"/IDS/Network\\\" OR categoryDeviceGroup:\\\"/VPN\\\"\",\"background_color_rules\":[{\"id\":\"837bfbb0-395a-11e7-ae19-21fb91585845\"}],\"gauge_color_rules\":[{\"id\":\"8970f250-395a-11e7-ae19-21fb91585845\"}],\"gauge_width\":10,\"gauge_inner_width\":10,\"gauge_style\":\"half\",\"drilldown_url\":\"\"},\"aggs\":[],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/f99c22e0-3e4e-11e7-96c4-0d3a291ec93a.json
+++ b/modules/cef/configuration/kibana/visualization/f99c22e0-3e4e-11e7-96c4-0d3a291ec93a.json
@ -1,11 +0,0 @@
-{
-  "title": "Port Scan",
-  "visState": "{\"title\":\"Port Scan\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"destinationPort\",\"customLabel\":\"Destination Ports\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event Count\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sourceAddress\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"2\",\"customLabel\":\"Source Address\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/fd70bca0-398f-11e7-8b9d-ddc45b5f6d00.json
+++ b/modules/cef/configuration/kibana/visualization/fd70bca0-398f-11e7-8b9d-ddc45b5f6d00.json
@ -1,11 +0,0 @@
-{
-  "title": "Source Countries",
-  "visState": "{\"title\":\"Source Countries\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"square root\",\"orientation\":\"single\",\"minFontSize\":26,\"maxFontSize\":72,\"hideLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source.country_name\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "6315e7a0-34be-11e7-95dc-4f6090d732f6",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/kibana/visualization/ff476320-3e4a-11e7-af78-9fc514b4e118.json
+++ b/modules/cef/configuration/kibana/visualization/ff476320-3e4a-11e7-af78-9fc514b4e118.json
@ -1,11 +0,0 @@
-{
-  "title": "Destination Ports",
-  "visState": "{\"title\":\"Destination Ports\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destinationPort\",\"size\":30,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
-  "uiStateJSON": "{}",
-  "description": "",
-  "savedSearchId": "1d9ba830-3e47-11e7-af78-9fc514b4e118",
-  "version": 1,
-  "kibanaSavedObjectMeta": {
-    "searchSourceJSON": "{\"filter\":[]}"
-  }
-}
--- a/modules/cef/configuration/logstash/cef.conf.erb
+++ b/modules/cef/configuration/logstash/cef.conf.erb
@ -1,42 +0,0 @@
-input {
-  tcp {
-    # The delimiter config used is for TCP interpretation
-    codec => cef { delimiter => "\r\n"}
-    port => <%= setting("var.input.tcp.port", 5000) %>
-    type => syslog
-  }
-}
-
-filter {
-  
-  # Map the @timestamp with the event time, as recorded in deviceReceiptTime
-
-  date {
-    match => [ "deviceReceiptTime", "MMM dd yyyy HH:mm:ss", "MMM  d yyyy HH:mm:ss", "UNIX_MS" ]
-  }
-
-  # To map the attacker Geo IP if plausible
-
-  geoip {
-    source => "sourceAddress"
-    target => "source"
-  }
-
-  # To map the target Geo IP if plausible
-
-  geoip {
-    source => "destinationAddress"
-    target => "destination"
-  }
-
-  # To map the log producing device Geo IP if plausible
-
-  geoip {
-    source => "deviceAddress"
-    target => "device"
-  }
-}
-
-output {
-  <%= elasticsearch_output_config('syslog') %>
-}
--- a/modules/cef/lib/logstash_registry.rb
+++ b/modules/cef/lib/logstash_registry.rb
@ -1 +0,0 @@
-LogStash::PLUGIN_REGISTRY.add(:modules, "cef", LogStash::Modules::Scaffold.new("cef", File.join(File.dirname(__FILE__), "..", "configuration")))
				`@ -1 +0,0 @@`
				`LogStash::PLUGIN_REGISTRY.add(:modules, "cef", LogStash::Modules::Scaffold.new("cef", File.join(File.dirname(__FILE__), "..", "configuration")))`