www.ctrl-click.fr

par **admin** » 17 oct. 2025, 05:13

Sur votre poste Windows, ou ELK est installé :

: 6.png (155.12 Kio) Vu 4984 fois

Vous devez obtenir quelque chose comme ça, si tout est correct :

: 5.png (152.42 Kio) Vu 4984 fois

1) cliquez sur "Discover" sous "Logs"
Vous devriez avoir ceci :
(DEBUT ETAPE 1)

: 4.png (211.92 Kio) Vu 4984 fois

1) Choisissez ici le champ (par ex "destination.ip"
2) Vous avez ici le récupératif.

: 3.png (196.93 Kio) Vu 4984 fois

: 2.png (109.07 Kio) Vu 4984 fois

1) Voici la configuration par défaut.
2) Cliquez sur "Camembert", qui est la meilleure représentation pour "destination.ip"

: 1.png (151.97 Kio) Vu 4984 fois

1) Voici ici, votre représentation en camembert des adresses IP de destination
2) Vous pouvez faire quelques réglages ici
3) Et ici…
4) Réglez enfin la durée de l'échantillon,
5) Et appliquez pour voir le graphique en fonction.
6) Finalement, cliquez sur "Enregistrer"

: 7.png (442.12 Kio) Vu 4968 fois

Comme il s'agit de notre premier tableau de bord, renseignez comme décrit, puis, cliquez sur "Enregistrer et accéder au tableau de bord"
(FIN DE L'ETAPE 1)

: 17.png (441.33 Kio) Vu 4968 fois

: 16.png (417.14 Kio) Vu 4968 fois

Donnez le nom que vous voulez à votre dashboard.

: 15.png (358.96 Kio) Vu 4968 fois

On va rajouter d'autres tableaux

: 14.png (472.12 Kio) Vu 4968 fois

(Appliquez l'ETAPE 1, jusqu’à la FIN de l'ETAPE 1.)
Vous devez avoir ceci à la fin de l'ETAPE 1 :

: 13.png (412.06 Kio) Vu 4968 fois

Ajoutez des DashBoards de votre choix. Je vous mets ici, ceux que je préfère :

- destination.ip
- sources.ip
- event.type
- rule.name
- suricata.eve.event_type
- @timestamp
- source.geo.location & destination.geo.location

Je vous mets ici le code .NDJSON de ces dashboards. Il faut créer un fichier que vous nommez "export_mon.ndjson", et marquer ceci à l'intérieur (vous devez l'inspecter minutieusement, pour le modifier pour votre version : IPs et autres) :

Code : Tout sélectionner

	{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{\"destination.ip\":{\"count\":1},\"GeoIP\":{}}","fieldFormatMap":"{}","fields":"[]","name":"apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":".alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2025-09-18T14:28:42.565Z","id":"security-solution-default","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-09-28T03:57:37.278Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzU0OCwyNl0="}
	{"attributes":{"description":"Les adresses IP de destination de mon Rpi4","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"da1e752b-995b-4565-9a9a-0f80c9ce3abd":{"columnOrder":["d8a9d5fe-96b1-4241-894c-ae5e4f0c149f","dd051280-1de5-48c5-abc4-97c770514208"],"columns":{"d8a9d5fe-96b1-4241-894c-ae5e4f0c149f":{"dataType":"ip","isBucketed":true,"label":"5  valeurs les plus élevées de destination.ip","operationType":"terms","params":{"accuracyMode":false,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dd051280-1de5-48c5-abc4-97c770514208","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"destination.ip"},"dd051280-1de5-48c5-abc4-97c770514208":{"dataType":"number","isBucketed":false,"label":"Nombre d'enregistrements","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","colorMapping":{"assignments":[],"colorMode":{"type":"categorical"},"paletteId":"default","specialAssignments":[{"color":{"type":"loop"},"rule":{"type":"other"},"touched":false}]},"layerId":"da1e752b-995b-4565-9a9a-0f80c9ce3abd","layerType":"data","legendDisplay":"default","metrics":["dd051280-1de5-48c5-abc4-97c770514208"],"nestedLegend":false,"numberDisplay":"percent","primaryGroups":["d8a9d5fe-96b1-4241-894c-ae5e4f0c149f"]}],"shape":"pie"}},"title":"adresses IP de destination","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2025-09-26T06:00:26.465Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"6a24d0ec-55ff-4d57-add3-9a0c80fde7be","managed":false,"references":[{"id":"security-solution-default","name":"indexpattern-datasource-layer-da1e752b-995b-4565-9a9a-0f80c9ce3abd","type":"index-pattern"}],"type":"lens","typeMigrationVersion":"8.9.0","updated_at":"2025-09-26T06:00:26.465Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzE2NSwyMV0="}
	{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"72e638be-ecce-4c0b-851a-63069cd086e5":{"columnOrder":["a4d0c34c-2e8b-4552-bded-45003d200fa8","a6eae0e2-6448-45f0-8d93-c4af27abbff0"],"columns":{"a4d0c34c-2e8b-4552-bded-45003d200fa8":{"dataType":"ip","isBucketed":true,"label":"5  valeurs les plus élevées de source.ip","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a6eae0e2-6448-45f0-8d93-c4af27abbff0","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"source.ip"},"a6eae0e2-6448-45f0-8d93-c4af27abbff0":{"dataType":"number","isBucketed":false,"label":"Nombre d'enregistrements","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","colorMapping":{"assignments":[],"colorMode":{"type":"categorical"},"paletteId":"default","specialAssignments":[{"color":{"type":"loop"},"rule":{"type":"other"},"touched":false}]},"layerId":"72e638be-ecce-4c0b-851a-63069cd086e5","layerType":"data","legendDisplay":"default","metrics":["a6eae0e2-6448-45f0-8d93-c4af27abbff0"],"nestedLegend":false,"numberDisplay":"percent","primaryGroups":["a4d0c34c-2e8b-4552-bded-45003d200fa8"]}],"shape":"pie"}},"title":"Adresses IP sources","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2025-09-28T19:46:30.051Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"c5719451-405d-4161-8331-3cd5c3ca77fe","managed":false,"references":[{"id":"security-solution-default","name":"indexpattern-datasource-layer-72e638be-ecce-4c0b-851a-63069cd086e5","type":"index-pattern"}],"type":"lens","typeMigrationVersion":"8.9.0","updated_at":"2025-09-28T19:46:30.051Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzU1MywyN10="}
	{"attributes":{"allowHidden":false,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"filebeat-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"filebeat-*"},"coreMigrationVersion":"8.8.0","created_at":"2025-09-27T22:13:39.441Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2025-09-27T22:13:39.441Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzM3OCwyNl0="}
	{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"title\":\"destination.ip (top 5 des adresses IP de destination)\",\"panelRefName\":\"panel_10590ae1-7c15-4beb-ba45-395acde31916\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"description\":\"Les adresses IP de destination de mon Rpi4\",\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"searchSessionId\":\"80b8ce2c-6ae2-453b-af82-b2a2ca5b3055\",\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}},\"panelIndex\":\"10590ae1-7c15-4beb-ba45-395acde31916\",\"gridData\":{\"i\":\"10590ae1-7c15-4beb-ba45-395acde31916\",\"y\":0,\"x\":0,\"w\":24,\"h\":15}},{\"type\":\"lens\",\"title\":\"sources.ip (top 5 des Adresses IP sources)\",\"panelRefName\":\"panel_aff77645-ed33-4bbe-a102-2a654e3516ff\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"searchSessionId\":\"80b8ce2c-6ae2-453b-af82-b2a2ca5b3055\",\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}},\"panelIndex\":\"aff77645-ed33-4bbe-a102-2a654e3516ff\",\"gridData\":{\"i\":\"aff77645-ed33-4bbe-a102-2a654e3516ff\",\"y\":0,\"x\":24,\"w\":24,\"h\":15}},{\"type\":\"lens\",\"title\":\"rule.name (Alerte de signature)\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"searchSessionId\":\"80b8ce2c-6ae2-453b-af82-b2a2ca5b3055\",\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"Alerte de signature\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"54b16c28-d7d1-4369-a89b-9b1a9f091b3e\",\"name\":\"indexpattern-datasource-layer-4aae2da0-fd53-49ca-a5b4-4d502ad769f4\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"Linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"4aae2da0-fd53-49ca-a5b4-4d502ad769f4\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"0291a397-ec10-475b-a909-9841ef11e826\",\"accessors\":[\"d6eda76d-2ed0-4e5b-ab0e-900c76df6c18\"],\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4aae2da0-fd53-49ca-a5b4-4d502ad769f4\":{\"columns\":{\"0291a397-ec10-475b-a909-9841ef11e826\":{\"label\":\"5  valeurs les plus élevées de suricata.eve.alert.signature\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"suricata.eve.alert.signature\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"d6eda76d-2ed0-4e5b-ab0e-900c76df6c18\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"d6eda76d-2ed0-4e5b-ab0e-900c76df6c18\":{\"label\":\"Nombre d'enregistrements\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"0291a397-ec10-475b-a909-9841ef11e826\",\"d6eda76d-2ed0-4e5b-ab0e-900c76df6c18\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"a7cba12d-9b6f-484c-beb1-56c8fb3d7a6c\",\"gridData\":{\"i\":\"a7cba12d-9b6f-484c-beb1-56c8fb3d7a6c\",\"y\":15,\"x\":24,\"w\":24,\"h\":15}},{\"type\":\"lens\",\"title\":\"event.type (le nombre de log par type (alert, flow, dns, hhtp...))\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"searchSessionId\":\"80b8ce2c-6ae2-453b-af82-b2a2ca5b3055\",\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"Event Type (le nombre de log par type (alert, flow, dns, hhtp...)\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"54b16c28-d7d1-4369-a89b-9b1a9f091b3e\",\"name\":\"indexpattern-datasource-layer-be42fa47-06cf-4b6a-856c-e91554659e73\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"Linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"be42fa47-06cf-4b6a-856c-e91554659e73\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"4b251617-4d68-4831-959f-c2e60fccbc5f\",\"accessors\":[\"38a5193d-8c13-48d6-861c-c14f4f35dce6\"],\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"be42fa47-06cf-4b6a-856c-e91554659e73\":{\"columns\":{\"4b251617-4d68-4831-959f-c2e60fccbc5f\":{\"label\":\"5  valeurs les plus élevées de suricata.eve.event_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"suricata.eve.event_type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"38a5193d-8c13-48d6-861c-c14f4f35dce6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"38a5193d-8c13-48d6-861c-c14f4f35dce6\":{\"label\":\"Nombre d'enregistrements\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"4b251617-4d68-4831-959f-c2e60fccbc5f\",\"38a5193d-8c13-48d6-861c-c14f4f35dce6\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"ad325f9e-ec72-4bff-96df-b680175e2ed1\",\"gridData\":{\"i\":\"ad325f9e-ec72-4bff-96df-b680175e2ed1\",\"y\":15,\"x\":0,\"w\":24,\"h\":15}},{\"type\":\"lens\",\"title\":\"IP générant le plus d'alertes (ou évenements)\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"searchSessionId\":\"80b8ce2c-6ae2-453b-af82-b2a2ca5b3055\",\"filters\":[{\"meta\":{\"index\":\"7d863d25-6330-432b-90ec-daed68b9fbe8\",\"type\":\"phrases\",\"key\":\"source.ip\",\"params\":[\"192.168.5.6\",\"192.168.5.44\",\"192.168.5.10\",\"192.168.5.45\",\"192.168.5.7\"],\"negate\":true,\"value\":[\"192.168.5.6\",\"192.168.5.44\",\"192.168.5.10\",\"192.168.5.45\",\"192.168.5.7\"],\"disabled\":false},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source.ip\":\"192.168.5.6\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.44\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.10\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.45\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"6027bfc8-6b8c-4b8c-ad7b-c378837f71e9\",\"type\":\"phrases\",\"key\":\"suricata.eve.event_type\",\"params\":[\"flow\",\"tls\",\"dns\"],\"negate\":true,\"value\":[\"flow\",\"tls\",\"dns\"],\"disabled\":false},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"suricata.eve.event_type\":\"flow\"}},{\"match_phrase\":{\"suricata.eve.event_type\":\"tls\"}},{\"match_phrase\":{\"suricata.eve.event_type\":\"dns\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"Valeurs générant le plus d'alertes (ou évenements)\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"54b16c28-d7d1-4369-a89b-9b1a9f091b3e\",\"name\":\"indexpattern-datasource-layer-261a9478-cac6-45f6-bdb4-9ef49770043f\"},{\"type\":\"index-pattern\",\"name\":\"7d863d25-6330-432b-90ec-daed68b9fbe8\",\"id\":\"54b16c28-d7d1-4369-a89b-9b1a9f091b3e\"},{\"type\":\"index-pattern\",\"name\":\"6027bfc8-6b8c-4b8c-ad7b-c378837f71e9\",\"id\":\"54b16c28-d7d1-4369-a89b-9b1a9f091b3e\"}],\"state\":{\"visualization\":{\"layerId\":\"261a9478-cac6-45f6-bdb4-9ef49770043f\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"131580aa-85ea-4b05-8440-347f520bce19\"},{\"columnId\":\"45455046-2cc8-441e-8f26-452c95fab53b\"},{\"columnId\":\"a424ccae-c150-4a97-a5c4-6d549b92809c\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"7d863d25-6330-432b-90ec-daed68b9fbe8\",\"type\":\"phrases\",\"key\":\"source.ip\",\"params\":[\"192.168.5.6\",\"192.168.5.44\",\"192.168.5.10\",\"192.168.5.45\",\"192.168.5.7\"],\"negate\":true,\"value\":[\"192.168.5.6\",\"192.168.5.44\",\"192.168.5.10\",\"192.168.5.45\",\"192.168.5.7\"],\"disabled\":false},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"source.ip\":\"192.168.5.6\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.44\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.10\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.5\"}},{\"match_phrase\":{\"source.ip\":\"192.168.5.6\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"6027bfc8-6b8c-4b8c-ad7b-c378837f71e9\",\"type\":\"phrases\",\"key\":\"suricata.eve.event_type\",\"params\":[\"flow\",\"tls\",\"dns\"],\"negate\":true,\"value\":[\"flow\",\"tls\",\"dns\"],\"disabled\":false},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"suricata.eve.event_type\":\"flow\"}},{\"match_phrase\":{\"suricata.eve.event_type\":\"tls\"}},{\"match_phrase\":{\"suricata.eve.event_type\":\"dns\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"261a9478-cac6-45f6-bdb4-9ef49770043f\":{\"columns\":{\"131580aa-85ea-4b05-8440-347f520bce19\":{\"label\":\"11  valeurs les plus élevées de source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":11,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a424ccae-c150-4a97-a5c4-6d549b92809c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"45455046-2cc8-441e-8f26-452c95fab53b\":{\"label\":\"8  valeurs les plus élevées de suricata.eve.event_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"suricata.eve.event_type\",\"isBucketed\":true,\"params\":{\"size\":8,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a424ccae-c150-4a97-a5c4-6d549b92809c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"a424ccae-c150-4a97-a5c4-6d549b92809c\":{\"label\":\"Nombre d'enregistrements\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"131580aa-85ea-4b05-8440-347f520bce19\",\"45455046-2cc8-441e-8f26-452c95fab53b\",\"a424ccae-c150-4a97-a5c4-6d549b92809c\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"e7e8f1e0-5f2a-48e7-b0a4-fd80968bd607\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"e7e8f1e0-5f2a-48e7-b0a4-fd80968bd607\"}},{\"type\":\"lens\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"searchSessionId\":\"80b8ce2c-6ae2-453b-af82-b2a2ca5b3055\",\"filters\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"attributes\":{\"title\":\"Évolution des alertes dans le temps (@timestamp)\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"54b16c28-d7d1-4369-a89b-9b1a9f091b3e\",\"name\":\"indexpattern-datasource-layer-222ed61e-f82f-4c40-9767-9b32d35ff2a1\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"Linear\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"222ed61e-f82f-4c40-9767-9b32d35ff2a1\",\"seriesType\":\"bar\",\"xAccessor\":\"fe7e6131-9faf-4850-9f67-ff2f0b6f497c\",\"accessors\":[\"0aa67621-ed99-4a6c-be1b-29645d586914\"],\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"default\",\"colorMode\":{\"type\":\"categorical\"}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"222ed61e-f82f-4c40-9767-9b32d35ff2a1\":{\"columns\":{\"fe7e6131-9faf-4850-9f67-ff2f0b6f497c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"0aa67621-ed99-4a6c-be1b-29645d586914X0\":{\"label\":\"Partie de count()\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"0aa67621-ed99-4a6c-be1b-29645d586914\":{\"label\":\"count()\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"0aa67621-ed99-4a6c-be1b-29645d586914X0\"]}},\"columnOrder\":[\"fe7e6131-9faf-4850-9f67-ff2f0b6f497c\",\"0aa67621-ed99-4a6c-be1b-29645d586914\",\"0aa67621-ed99-4a6c-be1b-29645d586914X0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}}},\"panelIndex\":\"a32e9d47-3e61-4cfc-a5de-13e99d905506\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"a32e9d47-3e61-4cfc-a5de-13e99d905506\"}},{\"type\":\"map\",\"title\":\"source.geo.location (carte des sources IP, selon géolocalisation)\",\"embeddableConfig\":{\"attributes\":{\"title\":\"source.geo.location (géo localisation des IP)\",\"description\":\"\",\"layerListJSON\":\"[{\\\"locale\\\":\\\"autoselect\\\",\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true,\\\"lightModeDefault\\\":\\\"road_map_desaturated_v9\\\"},\\\"id\\\":\\\"412907da-a6a3-4384-8315-35296dae8fb0\\\",\\\"label\\\":\\\"\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"color\\\":\\\"\\\"},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"EMS_VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":true},{\\\"id\\\":\\\"d04f60cf-f413-49be-9014-13061dfa9ead\\\",\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"source.geo.location\\\",\\\"id\\\":\\\"236d3b87-7d82-4135-a560-9de2ae98d585\\\",\\\"label\\\":\\\"filebeat-*\\\",\\\"scalingType\\\":\\\"MVT\\\",\\\"tooltipProperties\\\":[\\\"source.geo.location\\\"],\\\"type\\\":\\\"ES_SEARCH\\\",\\\"indexPatternRefName\\\":\\\"layer_1_source_index_pattern\\\"},\\\"type\\\":\\\"MVT_VECTOR\\\",\\\"visible\\\":true,\\\"style\\\":{},\\\"label\\\":\\\"\\\"},{\\\"sourceDescriptor\\\":{\\\"geoField\\\":\\\"destination.geo.location\\\",\\\"scalingType\\\":\\\"MVT\\\",\\\"id\\\":\\\"a22c9fb6-5e7f-420c-9bf0-5c690a7f379d\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"applyForceRefresh\\\":true,\\\"filterByMapBounds\\\":true,\\\"tooltipProperties\\\":[\\\"destination.geo.location\\\"],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsGroupByTimeseries\\\":false,\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1,\\\"indexPatternRefName\\\":\\\"layer_2_source_index_pattern\\\"},\\\"id\\\":\\\"7dd9192e-72eb-4ad1-80cc-6e809092c1d6\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#EE72A6\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#119793\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":0}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelZoomRange\\\":{\\\"options\\\":{\\\"useLayerZoomRange\\\":true,\\\"minZoom\\\":0,\\\"maxZoom\\\":24}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}},\\\"labelPosition\\\":{\\\"options\\\":{\\\"position\\\":\\\"CENTER\\\"}}},\\\"isTimeAware\\\":true},\\\"includeInFitToBounds\\\":true,\\\"type\\\":\\\"MVT_VECTOR\\\",\\\"joins\\\":[],\\\"disableTooltips\\\":false}]\",\"mapStateJSON\":\"{\\\"adHocDataViews\\\":[],\\\"zoom\\\":3.06,\\\"center\\\":{\\\"lon\\\":-56.8233,\\\"lat\\\":44.84288},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":60000},\\\"query\\\":{\\\"language\\\":\\\"kuery\\\",\\\"query\\\":\\\"\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"transparent\\\",\\\"customIcons\\\":[],\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"keydownScrollZoom\\\":false,\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"showTimesliderToggleButton\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"description\":\"\",\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapBuffer\":{\"minLon\":-180,\"minLat\":0,\"maxLon\":45,\"maxLat\":66.51326},\"mapCenter\":{\"lon\":-56.8233,\"lat\":44.84288,\"zoom\":2.01},\"openTOCDetails\":[]},\"panelIndex\":\"1c08cb9c-9b21-45cd-b0c5-17c10043819f\",\"gridData\":{\"x\":0,\"y\":45,\"w\":24,\"h\":15,\"i\":\"1c08cb9c-9b21-45cd-b0c5-17c10043819f\"}}]","refreshInterval":{"pause":true,"value":60000},"timeFrom":"now-15d","timeRestore":true,"timeTo":"now","title":"Tableau de bord de mon Rpi400","version":3},"coreMigrationVersion":"8.8.0","created_at":"2025-09-26T06:37:05.286Z","created_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","id":"e680df64-fc66-44f8-84f2-aaa5053963e6","managed":false,"references":[{"id":"6a24d0ec-55ff-4d57-add3-9a0c80fde7be","name":"10590ae1-7c15-4beb-ba45-395acde31916:panel_10590ae1-7c15-4beb-ba45-395acde31916","type":"lens"},{"id":"c5719451-405d-4161-8331-3cd5c3ca77fe","name":"aff77645-ed33-4bbe-a102-2a654e3516ff:panel_aff77645-ed33-4bbe-a102-2a654e3516ff","type":"lens"},{"id":"security-solution-default","name":"10590ae1-7c15-4beb-ba45-395acde31916:indexpattern-datasource-layer-da1e752b-995b-4565-9a9a-0f80c9ce3abd","type":"index-pattern"},{"id":"security-solution-default","name":"aff77645-ed33-4bbe-a102-2a654e3516ff:indexpattern-datasource-layer-72e638be-ecce-4c0b-851a-63069cd086e5","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"a7cba12d-9b6f-484c-beb1-56c8fb3d7a6c:indexpattern-datasource-layer-4aae2da0-fd53-49ca-a5b4-4d502ad769f4","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"ad325f9e-ec72-4bff-96df-b680175e2ed1:indexpattern-datasource-layer-be42fa47-06cf-4b6a-856c-e91554659e73","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"e7e8f1e0-5f2a-48e7-b0a4-fd80968bd607:indexpattern-datasource-layer-261a9478-cac6-45f6-bdb4-9ef49770043f","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"e7e8f1e0-5f2a-48e7-b0a4-fd80968bd607:7d863d25-6330-432b-90ec-daed68b9fbe8","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"e7e8f1e0-5f2a-48e7-b0a4-fd80968bd607:6027bfc8-6b8c-4b8c-ad7b-c378837f71e9","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"a32e9d47-3e61-4cfc-a5de-13e99d905506:indexpattern-datasource-layer-222ed61e-f82f-4c40-9767-9b32d35ff2a1","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"1c08cb9c-9b21-45cd-b0c5-17c10043819f:layer_1_source_index_pattern","type":"index-pattern"},{"id":"54b16c28-d7d1-4369-a89b-9b1a9f091b3e","name":"1c08cb9c-9b21-45cd-b0c5-17c10043819f:layer_2_source_index_pattern","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2025-09-29T18:07:52.830Z","updated_by":"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0","version":"WzczMCwyOF0="}
	{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":5,"missingRefCount":0,"missingReferences":[]}

Sauvegardez\Fermez le fichier. Ensuite :

: 12.png (388.46 Kio) Vu 4968 fois

1) Cliquez ici pour revenir au début (page d'accueil)

: 11.png (381.93 Kio) Vu 4968 fois

1) Cliquez ici pour afficher le menu.
2) Défilez jusqu'à tout en bas, et cliquez sur [Management].

: 10.png (366.49 Kio) Vu 4968 fois

1) Dans le nouveau menu, défilez jusqu'à tout en bas, et choisissez [Objets enregistrés]

: 9.png (389.51 Kio) Vu 4968 fois

1) Cliquez sur [Importer], puis suivez les instructions d'importation, normalement, vous devrez avoir un nouvel DashBoard qui va apparaître, s'appelant "Tableau de bord de mon Rpi400"

Voilà comment l'afficher :

: 8.png (367.24 Kio) Vu 4968 fois

1) Revenez à la page d'accueil
2) Choisissez [Analytique]

: 20.png (474.41 Kio) Vu 4968 fois

: 19.png (371.1 Kio) Vu 4968 fois

1) Normalement, il est apparu dans la liste de Dashboards. Cliquez dessus.

: 18.png (381.02 Kio) Vu 4968 fois

Voici les DashBoards qui s'affichent.

Voilà. Pour ce qu'on a fait, le tuto est déjà lourd… Rdv dans un prochain tuto.

Source : ChatGPT, et doc ELK.

www.ctrl-click.fr

3. Les tableaux de bord d'ELK

Répondre

Étendre la vue Revue du sujet : 3. Les tableaux de bord d'ELK

3. Les tableaux de bord d'ELK