logstash/x-pack/modules/arcsight/configuration/kibana/5.x/search/7a2fc9c0-454d-11e7-86b6-95298e9da6dc.json

{
  "title": "Endpoint - OS Events [ArcSight]",
  "description": "",
  "hits": 0,
  "columns": [
    "deviceVendor",
    "deviceProduct",
    "name",
    "deviceEventClassId",
    "deviceEventCategory",
    "sourceUserName",
    "destinationUserName",
    "destinationHostName",
    "categoryBehavior",
    "categoryOutcome",
    "sourceNtDomain",
    "destinationNTDomain"
  ],
  "sort": [
    "deviceReceiptTime",
    "desc"
  ],
  "version": 1,
  "kibanaSavedObjectMeta": {
    "searchSourceJSON": "{\"index\":\"arcsight-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"categoryDeviceGroup:\\\"/Operating System\\\"\",\"analyze_wildcard\":true}}}"
  }
}