search

StamusNetworks / KTS7

Kibana 7 Templates for Suricata IDPS Threat Hunting
GNU General Public License v3.0
38 stars 11 forks source link

Errors loading objects #3

Closed alphaDev23 closed 3 years ago

alphaDev23 commented 3 years ago

Received errors loading objects. Please advise.

{"success":true,"successCount":22}{"success":false,"successCount":23,"errors":[{"id":"fed9ba80-7319-11ea-b5dd-05bd1e5fbf82","type":"index-pattern","title":"logstash-anomaly-","error":{"type":"conflict"}},{"id":"e2f3d2c0-73e0-11ea-abd9-295bc1fa20bb","type":"index-pattern","title":"logstash-snmp-","error":{"type":"conflict"}},{"id":"cc5489c0-06e2-11eb-bd80-0b9cf2e814b3","type":"index-pattern","title":"logstash-mqtt-","error":{"type":"conflict"}},{"id":"84c3b570-c190-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-dhcp-","error":{"type":"conflict"}},{"id":"06e1e3c0-c1c7-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-smb-","error":{"type":"conflict"}},{"id":"35f3ece0-cae5-11e8-9f69-c36de0ada098","type":"index-pattern","title":"logstash-nfs-","error":{"type":"conflict"}},{"id":"de695070-74c3-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-rfb-","error":{"type":"conflict"}},{"id":"defa6c90-cae7-11e8-9f69-c36de0ada098","type":"index-pattern","title":"logstash-krb5-","error":{"type":"conflict"}},{"id":"770c39b0-c1c8-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-tftp-","error":{"type":"conflict"}},{"id":"769209d0-c18a-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-ikev2-","error":{"type":"conflict"}},{"id":"logstash-alert-","type":"index-pattern","title":"logstash-alert-","error":{"type":"conflict"}},{"id":"logstash-","type":"index-pattern","title":"logstash-","error":{"type":"conflict"}},{"id":"logstash-dns-","type":"index-pattern","title":"logstash-dns-","error":{"type":"conflict"}},{"id":"logstash-fileinfo-","type":"index-pattern","title":"logstash-fileinfo-","error":{"type":"conflict"}},{"id":"logstash-flow-","type":"index-pattern","title":"logstash-flow-","error":{"type":"conflict"}},{"id":"logstash-http-","type":"index-pattern","title":"logstash-http-","error":{"type":"conflict"}},{"id":"logstash-smtp-","type":"index-pattern","title":"logstash-smtp-","error":{"type":"conflict"}},{"id":"logstash-ssh-","type":"index-pattern","title":"logstash-ssh-","error":{"type":"conflict"}},{"id":"logstash-tls-","type":"index-pattern","title":"logstash-tls-","error":{"type":"conflict"}},{"id":"699cedb0-d31b-11e8-8a07-17cc065d3fe1","type":"index-pattern","title":"logstash-dnp3-","error":{"type":"conflict"}},{"id":"92edee20-74c4-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-sip-","error":{"type":"conflict"}},{"id":"036d9030-74eb-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-rdp-","error":{"type":"conflict"}}]}{"success":false,"successCount":390,"errors":[{"id":"92edee20-74c4-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-sip-","error":{"type":"conflict"}},{"id":"06e1e3c0-c1c7-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-smb-","error":{"type":"conflict"}},{"id":"770c39b0-c1c8-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-tftp-","error":{"type":"conflict"}},{"id":"de695070-74c3-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-rfb-","error":{"type":"conflict"}},{"id":"e2f3d2c0-73e0-11ea-abd9-295bc1fa20bb","type":"index-pattern","title":"logstash-snmp-","error":{"type":"conflict"}},{"id":"35f3ece0-cae5-11e8-9f69-c36de0ada098","type":"index-pattern","title":"logstash-nfs-","error":{"type":"conflict"}},{"id":"84c3b570-c190-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-dhcp-","error":{"type":"conflict"}},{"id":"036d9030-74eb-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-rdp-","error":{"type":"conflict"}},{"id":"defa6c90-cae7-11e8-9f69-c36de0ada098","type":"index-pattern","title":"logstash-krb5-","error":{"type":"conflict"}},{"id":"cc5489c0-06e2-11eb-bd80-0b9cf2e814b3","type":"index-pattern","title":"logstash-mqtt-","error":{"type":"conflict"}},{"id":"fed9ba80-7319-11ea-b5dd-05bd1e5fbf82","type":"index-pattern","title":"logstash-anomaly-","error":{"type":"conflict"}},{"id":"logstash-flow-","type":"index-pattern","title":"logstash-flow-","error":{"type":"conflict"}},{"id":"logstash-fileinfo-","type":"index-pattern","title":"logstash-fileinfo-","error":{"type":"conflict"}},{"id":"699cedb0-d31b-11e8-8a07-17cc065d3fe1","type":"index-pattern","title":"logstash-dnp3-","error":{"type":"conflict"}},{"id":"logstash-tls-","type":"index-pattern","title":"logstash-tls-","error":{"type":"conflict"}},{"id":"logstash-alert-","type":"index-pattern","title":"logstash-alert-","error":{"type":"conflict"}},{"id":"logstash-ssh-","type":"index-pattern","title":"logstash-ssh-","error":{"type":"conflict"}},{"id":"logstash-http-","type":"index-pattern","title":"logstash-http-","error":{"type":"conflict"}},{"id":"769209d0-c18a-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-ikev2-","error":{"type":"conflict"}},{"id":"logstash-smtp-","type":"index-pattern","title":"logstash-smtp-","error":{"type":"conflict"}},{"id":"logstash-","type":"index-pattern","title":"logstash-","error":{"type":"conflict"}},{"id":"logstash-dns-","type":"index-pattern","title":"logstash-dns-","error":{"type":"conflict"}}]}{"success":false,"successCount":28,"errors":[{"id":"06e1e3c0-c1c7-11e8-9888-3f5bc9c31629","type":"index-pattern","title":"logstash-smb-","error":{"type":"conflict"}},{"id":"fab31360-c1c8-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-EventsOverTime","error":{"type":"conflict"}},{"id":"13b4a300-c1ca-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Top20DestPort","error":{"type":"conflict"}},{"id":"c8657640-c1c9-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Top20DestIP","error":{"type":"conflict"}},{"id":"fd1577f0-c1c9-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Top20SrcPort","error":{"type":"conflict"}},{"id":"e41ad0b0-c1c9-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Top20SrcIP","error":{"type":"conflict"}},{"id":"ec437ac0-c1ca-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Function","error":{"type":"conflict"}},{"id":"01acef80-c1cc-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-KerberosSnames","error":{"type":"conflict"}},{"id":"65d35270-c1cb-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-ClientDialect","error":{"type":"conflict"}},{"id":"2b23dd60-c1cc-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-NtlmsspDomain","error":{"type":"conflict"}},{"id":"40d1f1b0-c1cc-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-NtlmsspUser","error":{"type":"conflict"}},{"id":"561165b0-c1cc-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-NtlmsspHost","error":{"type":"conflict"}},{"id":"b9784930-c1cb-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-ServerGUID","error":{"type":"conflict"}},{"id":"49460e90-c1cb-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Dialect","error":{"type":"conflict"}},{"id":"80f4d150-c1cb-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Status","error":{"type":"conflict"}},{"id":"ae4b74f0-c1cc-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Filename","error":{"type":"conflict"}},{"id":"8fc3c0a0-c1cc-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-Share","error":{"type":"conflict"}},{"id":"19f31700-c1d0-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-SMB-GeoIP","error":{"type":"conflict"}},{"id":"7dbcee70-c2f5-11e8-9eb1-af8fa48f4c1b","type":"visualization","title":"SN-SMB-Total","error":{"type":"conflict"}},{"id":"2d3f4020-c1c8-11e8-9888-3f5bc9c31629","type":"search","title":"SN-SMB-EventsList","error":{"type":"conflict"}},{"id":"e2f3d2c0-73e0-11ea-abd9-295bc1fa20bb","type":"index-pattern","title":"logstash-snmp-","error":{"type":"conflict"}},{"id":"64d48d40-73f3-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-TotalCount","error":{"type":"conflict"}},{"id":"bbf76020-73f3-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-EventsOverTime","error":{"type":"conflict"}},{"id":"97436e00-73f2-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Top100-SrcIP","error":{"type":"conflict"}},{"id":"ae49bf50-73f2-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Top100-DestIP","error":{"type":"conflict"}},{"id":"d45f0ba0-73f2-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Top100-SrcPort","error":{"type":"conflict"}},{"id":"18409990-73f5-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Version","error":{"type":"conflict"}},{"id":"c6659f50-73f2-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Top100-DestPort","error":{"type":"conflict"}},{"id":"d6358e70-73f4-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Usm","error":{"type":"conflict"}},{"id":"640f7da0-73f5-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Community","error":{"type":"conflict"}},{"id":"eafe1a30-73f3-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-ByVlan","error":{"type":"conflict"}},{"id":"995f5e40-73f4-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Vars","error":{"type":"conflict"}},{"id":"04e045d0-73f5-11ea-abd9-295bc1fa20bb","type":"visualization","title":"SN-SNMP-Pdu","error":{"type":"conflict"}},{"id":"16f5d170-73f2-11ea-abd9-295bc1fa20bb","type":"search","title":"SN-SNMP-EventsList","error":{"type":"conflict"}},{"id":"logstash-","type":"index-pattern","title":"logstash-","error":{"type":"conflict"}},{"id":"SN-Mean-flow-age-and-count","type":"visualization","title":"SN-Mean flow age and count","error":{"type":"conflict"}},{"id":"SN-Application-protocol","type":"visualization","title":"SN-Application protocol","error":{"type":"conflict"}},{"id":"logstash-flow-","type":"index-pattern","title":"logstash-flow-","error":{"type":"conflict"}},{"id":"SN-FLOW-EventsList","type":"search","title":"SN-FLOW-EventsList","error":{"type":"conflict"}},{"id":"logstash-tls-","type":"index-pattern","title":"logstash-tls-","error":{"type":"conflict"}},{"id":"SN-TLS-versions","type":"visualization","title":"SN-TLS versions","error":{"type":"conflict"}},{"id":"SN-TLS-TCP-ports","type":"visualization","title":"SN-TLS TCP ports","error":{"type":"conflict"}},{"id":"logstash-dns-","type":"index-pattern","title":"logstash-dns-","error":{"type":"conflict"}},{"id":"SN-DNS-Rrname","type":"visualization","title":"SN-DNS-Rrname","error":{"type":"conflict"}},{"id":"SN-TLS-BySni","type":"visualization","title":"SN-TLS-BySni","error":{"type":"conflict"}},{"id":"d2061990-7d8c-11ea-af8c-954c77eacc8f","type":"visualization","title":"SN-TLS-ByJa3SHash","error":{"type":"conflict"}},{"id":"2cf8aef0-cb44-11e8-8e2b-bf314673d4bf","type":"visualization","title":"SN-TLS-ByJa3Hash","error":{"type":"conflict"}},{"id":"logstash-http-","type":"index-pattern","title":"logstash-http-","error":{"type":"conflict"}},{"id":"SN-HTTP-Top-user-agents","type":"visualization","title":"SN-HTTP Top user agents","error":{"type":"conflict"}},{"id":"fed9ba80-7319-11ea-b5dd-05bd1e5fbf82","type":"index-pattern","title":"logstash-anomaly-","error":{"type":"conflict"}},{"id":"5f1a83f0-7d8f-11ea-af8c-954c77eacc8f","type":"visualization","title":"SN-ANOMALY-EventType","error":{"type":"conflict"}},{"id":"SN-HTTP-Top-hostnames","type":"visualization","title":"SN-HTTP Top hostnames","error":{"type":"conflict"}},{"id":"SN-HTTP-Servers","type":"visualization","title":"SN-HTTP-Servers","error":{"type":"conflict"}},{"id":"a987de80-1cdf-11ea-9ee1-11f0d2cd99c4","type":"visualization","title":"SN-ThreatHunt-HTTP-PossibleC2Beacons-BySrcIP","error":{"type":"conflict"}},{"id":"logstash-alert-","type":"index-pattern","title":"logstash-alert-","error":{"type":"conflict"}},{"id":"2e044410-3dc3-11ea-9663-b39dc1f7db8b","type":"visualization","title":"SN-ThreatHunt-ALERTS-MutlipleUniqueAlertOnSrcIP","error":{"type":"conflict"}},{"id":"428c5020-38fb-11ea-9ee1-11f0d2cd99c4","type":"visualization","title":"SN-ThreatHunt-ALERTS-MutlipleUniqueAlertOnDestIP","error":{"type":"conflict"}},{"id":"SN-ALERT-EventsList","type":"search","title":"SN-ALERT-EventsList","error":{"type":"conflict"}},{"id":"logstash-fileinfo-","type":"index-pattern","title":"logstash-fileinfo-","error":{"type":"conflict"}},{"id":"acba4210-c1d6-11e8-9888-3f5bc9c31629","type":"visualization","title":"SN-FILE-ByAppProto","error":{"type":"conflict"}},{"id":"SN-FILE-ByTypeOverTime","type":"visualization","title":"SN-FILE-ByTypeOverTime","error":{"type":"conflict"}},{"id":"SN-FILE-EventsList","type":"search","title":"SN-FILE-EventsList","error":{"type":"conflict"}},{"id":"036d9030-74eb-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-rdp-","error":{"type":"conflict"}},{"id":"3ee767e0-74ef-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-RDP-ClientCookie","error":{"type":"conflict"}},{"id":"logstash-ssh-","type":"index-pattern","title":"logstash-ssh-","error":{"type":"conflict"}},{"id":"35c3bd80-0621-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-SSH-ByServerHashByServerIPByPort","error":{"type":"conflict"}},{"id":"8451e8a0-0621-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-SSH-ByClientHashByClientIPByPort","error":{"type":"conflict"}},{"id":"SN-HTTP-EventsList","type":"search","title":"SN-HTTP-EventsList","error":{"type":"conflict"}},{"id":"92edee20-74c4-11ea-bb42-278f04c43ada","type":"index-pattern","title":"logstash-sip-","error":{"type":"conflict"}},{"id":"574dce20-74de-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-TotalEvents","error":{"type":"conflict"}},{"id":"34a287d0-74de-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-EventsOverTime","error":{"type":"conflict"}},{"id":"d5c45630-74dd-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-Top100-SrcIP","error":{"type":"conflict"}},{"id":"00c602c0-74de-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-Top100-DestIP","error":{"type":"conflict"}},{"id":"c3997530-74dd-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-Top100-SrcPort","error":{"type":"conflict"}},{"id":"00dbb830-74df-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-SipVersion","error":{"type":"conflict"}},{"id":"8e02e410-74dd-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-Top100-DestPort","error":{"type":"conflict"}},{"id":"e67a7c10-74de-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-SipCode","error":{"type":"conflict"}},{"id":"4a915930-74df-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-SipUri","error":{"type":"conflict"}},{"id":"15d06790-74df-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-SipMethod","error":{"type":"conflict"}},{"id":"8c64b280-74df-11ea-bb42-278f04c43ada","type":"visualization","title":"SN-SIP-SipReason","error":{"type":"conflict"}},{"id":"e55e2180-74dc-11ea-bb42-278f04c43ada","type":"search","title":"SN-SIP-EventsList","error":{"type":"conflict"}},{"id":"cc5489c0-06e2-11eb-bd80-0b9cf2e814b3","type":"index-pattern","title":"logstash-mqtt-","error":{"type":"conflict"}},{"id":"2a0d0b20-0817-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-Total","error":{"type":"conflict"}},{"id":"995b2750-0817-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-MqttOverTime","error":{"type":"conflict"}},{"id":"7012e330-081a-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-Top20SrcIP","error":{"type":"conflict"}},{"id":"6195c7f0-081a-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-Top20SrcPort","error":{"type":"conflict"}},{"id":"79bdb5e0-081a-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-Top20DestIP","error":{"type":"conflict"}},{"id":"7f717a40-0819-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-Top20DestPort","error":{"type":"conflict"}},{"id":"3cc02790-081a-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-ConnProtoString","error":{"type":"conflict"}},{"id":"e4aa4cb0-081a-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-ConnUsernames","error":{"type":"conflict"}},{"id":"13c631e0-081a-11eb-bd80-0b9cf2e814b3","type":"visualization","title":"SN-MQTT-ConnProtoVersion","error":{"type":"conflict"}},{"id":"1a67b1a0-0819-11eb-bd80-0b9cf2e814b3","type":"search","title":"SN-MQTT-EventsList","error":{"type":"conflict"}},{"id":"de

pevma commented 3 years ago

Can you please share how did you load the visualizations/dashboards? What ELK stack do you use etc.

alphaDev23 commented 3 years ago

ELK stack is 7.9.1 in 4 containers (Elasticsearch is in a 2 node cluster). Both Elasticsearch and Kibana are unmodified images from docker.elasticsearch.co.

I use the following to load the visualizations/dashboards:

cd API-KIBANA7 curl -X POST ":5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form file=@index-pattern.ndjson curl -X POST ":5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form file=@search.ndjson curl -X POST ":5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form file=@visualization.ndjson curl -X POST ":5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form file=@dashboard.ndjson curl -X POST ":5601/api/saved_objects/_import" -H 'kbn-xsrf: true' --form file=@query.ndjson service kibana restart

alphaDev23 commented 3 years ago

Any update on the above?

pevma commented 3 years ago

I think ti says something about a conflict - "error":{"type":"conflict"} - something that already exists. Maybe you can try loading those from the Kibana GUI interface itself with an overwrite option. Maybe try to remove/clean any existing first then load those? I suggest you try this in QA/Test set up first.

alphaDev23 commented 3 years ago

This issue is resolved. A volume, which was expected to be deleted via ansible scripts, was not being deleted.

pevma commented 3 years ago

Thank you for updating the issue and the feedback.