logstash/x-pack/modules/arcsight/configuration/kibana/5.x/search/1d9ba830-3e47-11e7-af78-9fc514b4e118.json

{
  "title": "Endpoint Event Explorer [ArcSight]",
  "description": "",
  "hits": 0,
  "columns": [
    "categoryDeviceGroup",
    "categoryTechnique",
    "categoryOutcome",
    "categorySignificance",
    "categoryObject",
    "categoryBehavior",
    "categoryDeviceType"
  ],
  "sort": [
    "deviceReceiptTime",
    "desc"
  ],
  "version": 1,
  "kibanaSavedObjectMeta": {
    "searchSourceJSON": "{\"index\":\"arcsight-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"categoryDeviceGroup:\\\"/Operating System\\\" OR categoryDeviceGroup:\\\"/IDS/Host\\\" OR categoryDeviceGroup:\\\"/Application\\\"\",\"analyze_wildcard\":true}}}"
  }
}