Skip to content

DynamiteNSM

Introduction
About
About
- Project Goals
- Architechture
- Event Data Model
  Event Data Model
  - Data Model Overview
  - Sample Logs
    Sample Logs
    
    Suricata Alert
    
    Zeek Connection
    
    Zeek DHCP
    
    Zeek DNS
    
    Zeek Files
    
    Zeek HTTP
    
    Zeek Portable Executables
    
    Zeek SSH
    
    Zeek SSL
    
    Zeek Weird
    
    Zeek X509
Requirements
Requirements
Installation
Installation
- Installation Overview
- Agent
  Agent
- Monitor
  Monitor
Configuration
Configuration
- Configuration Overview
- Agent
  Agent
- Monitor
  Monitor
  - Elasticsearch
  - Kibana
Services
Services
- Setup
- Authentication
- Updates
- Monitor
- Agent
- Elasticsearch
- Logstash
- Kibana
- Kibana Package Manager
- Zeek
- Suricata
- Filebeat
Guides
Guides
- Quick Start
- Remote Management
- Navigating Kibana
  Navigating Kibana
  - Overview
  - Alert
  - Conversations
  - Hosts
  - Protocols
  - Pivot Fields Pivot Fields
    Table of contents
    
    Types of Pivot Fields
- Working with Kibana Package Manager
- Software Developer Guides
  Software Developer Guides
  - Overview
  - Create a Commandline Utility
  - Create a Kibana Package
  - Software Development Kit
    Software Development Kit
    
    Overview
    
    cmd
    cmd
    
    base_interface
    
    inspection_helpers
    
    config_object_interfaces
    
    service_interfaces
    
    services
    services
    
    base
    base
    
    install
    
    config
    
    config_objects
    config_objects
    
    generic.py
    
    filebeat
    filebeat
    
    misc.py
    
    targets.py
    
    suricata
    suricata
    
    misc.py
    
    rules.py
    
    zeek
    zeek
    
    node.py
    
    local_site.py
    
    local_network.py
    
    bpf_filter.py
    
    logs
    
    process
    
    profile
    
    monitor
    monitor
    
    install
    
    process
    
    agent
    agent
    
    install
    
    process
    
    filebeat
    filebeat
    
    install
    
    config
    
    logs
    
    process
    
    profile
    
    suricata
    suricata
    
    install
    
    config
    
    logs
    
    process
    
    profile
    
    zeek
    zeek
    
    install
    
    config
    
    logs
    
    process
    
    profile
    
    elasticsearch
    elasticsearch
    
    install
    
    config
    
    process
    
    profile
    
    logstash
    logstash
    
    install
    
    config
    
    process
    
    profile
    
    kibana
    kibana
    
    install
    
    config
    
    process
    
    profile
Resources
Resources
- Contributing Guide
- Coding Guidelines

Pivot Fields

Pivot fields are special fields that can be used to dynamically apply specific views and filters.

Types of Pivot Fields

Community Id Pivots - These pivots rely on a common id that exist within every event and alert generated by the agent. They typically return between 1 and 3.
IP Address Pivots - These pivots work on the source.ip and destination.ip fields. There is no upper limit to the number of events that can be returned by this pivot.