A powerful, easily deployable network traffic analysis tool suite for network security monitoring
OpenSearch Dashboards
OpenSearch Dashboards is an open-source fork of Kibana, which is no longer open-source software.
Adding new visualizations and dashboards
Visualizations and dashboards can be easily created in OpenSearch Dashboards using its drag-and-drop WYSIWIG tools. Assuming users have created a new dashboard to package with Malcolm, the dashboard and its visualization components can be exported using the dashboard export API:
-
Identify the ID of the dashboard (found in the URL: e.g., for
/dashboards/app/dashboards#/view/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxthe ID would bexxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) -
Using a web browser, enter the URL https://localhost/mapi/dashboard-export/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, replacing
localhostwith the IP address or hostname of your Malcolm instance and the placeholder dashboard ID with the ID you identified in the previous step. Save the raw JSON document returned as./dashboards/dashboards/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json(using the actual ID) under your Malcolm directory.
OR
- Using the command line, export the dashboard with that ID and save it in the
./dashboards/dashboards/directory with the following command:
export DASHID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx && \
docker compose exec api curl -sSL -XGET "http://localhost:5000/mapi/dashboard-export/$DASHID" > \
./dashboards/dashboards/$DASHID.json
- Include the new dashboard either by using a bind mount for the
./dashboards/dashboards/directory or by rebuilding thedashboards-helperimage. Dashboards are imported the first time Malcolm starts up.
OpenSearch Dashboards plugins
The dashboards.Dockerfile installs the OpenSearch Dashboards plugins used by Malcolm (search for opensearch-dashboards-plugin install in that file). Additional Dashboards plugins could be installed by modifying this Dockerfile and rebuilding the dashboards image.