HELP! Kibana suricata attack map with attack lines?


I am trying to build some cool looking maps, but I am a bit stumped.


I also have GeoIp data on those Ip addresses. (Lat, long etc)

I can get the little circle and heat maps on the map, but I am stumped on the "lines"/"attack path" that connect the dots together with a line.

I was doing some reading on the Polygon Style properties, but don't know if that is the correct path to go down.

- running (system specifics)
  - elasticsearch 7.3 (dockered)
  - Kibana 7.3 (dockered)

Hi @iukea,

Have you tried to load the demo data from here? It should give you an idea of what parameters are used to create such a visualization at least. This demo data is from Elastic Maps for Geospatial Analysis webinar that you can also watch I believe.


Thank you very much! I will try this out here tonight!

interesting getting

{"statusCode":400,"error":"Bad Request","message":"child "id" fails because ["id" is not allowed to be empty]","validation":{"source":"params","keys":["id"]}}

when i run the command

curl -X POST 'http://localhost:5601/api/saved_objects/map/' -H 'Content-Type: application/json' -H "kbn-xsrf: true" -d "@Suricata_Events_Dark.json"

Hi @iukea, I just updated the instructions for 7.3. This includes both a map and a dashboard with the map embedded. Check out the latest instructions here. Feel free to reach out if you run into any other issues!