# Application-level permissions [] access = read : [ * ], write : [ power ] ### EVENT TYPES [eventtypes] export = system ### PROPS [props] export = system ### TRANSFORMS [transforms] export = system ### LOOKUPS [lookups] export = system ### VIEWSTATES: even normal users should be able to create shared viewstates [viewstates] access = read : [ * ], write : [ * ] export = system ### Merged from local.meta [app/install/install_source_checksum] version = 9.2.1 modtime = 1720713316.788815000 [macros/sandfly_search] access = read : [ * ], write : [ power ] export = system owner = nobody version = 8.2.4 modtime = 1663868543.893133000 [macros/sandfly_search_alarms] access = read : [ * ], write : [ power ] export = system owner = nobody version = 8.2.4 modtime = 1663868555.663400000 [macros/sandfly_search_all] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724740.158161000 [savedsearches/SSH%20Keys%20-%20Hosts%20with%20Immutable%20authorized_keys%20File] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411166.103541000 [savedsearches/SSH%20Keys%20-%20Number%20of%20Hosts%20with%20SSH%20Key] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411166.118178000 [savedsearches/SSH%20Keys%20-%20User%20Names%20Associated%20with%20SSH%20Key] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411166.117641000 [savedsearches/Host%20with%20Immutable%20authorized_keys%20File] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411278.473326000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Last%20Accessed] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411166.158629000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Accessed%20Today] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666555833.747574000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Modified%20Today] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411166.157267000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Created%20Today] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666411166.119154000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Created%20Last%2024%20Hours] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666556352.053036000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Created%20Last%2048%20Hours] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666556352.053602000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Created%20Last%2072%20Hours] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666556352.054306000 [savedsearches/SSH%20Keys%20-%20authorized_keys%20File%20Created%20Last%207%20Days] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1666556352.031136000 [macros/sandfly_search_sshkeys] access = read : [ * ], write : [ power ] export = system owner = nobody version = 8.2.4 modtime = 1667793463.018565000 [views/sandfly_security__ssh_authorized_keys_file_report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722377597.474483000 [views/sandfly_security__ssh_authorized_keys_file_created] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722377020.526258000 [savedsearches/SSH%20Hunter%20-%20Keys%20Last%20Seen%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1668380524.918861000 [savedsearches/SSH%20Hunter%20-%20Keys%20First%20Seen%20This%20Week] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1668837847.074182000 [savedsearches/SSH%20Hunter%20-%20Keys%20First%20Seen%20Today] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1668837814.726082000 [views/ssh_hunter__key_investigation] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722526547.156539000 [views/ssh_hunter__key_summary] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722526584.308831000 [views/ssh_hunter__key_details] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722022787.722940000 [views/ssh_hunter__user_investigation] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1668380547.435677000 [views/ssh_hunter__user_summary] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1669955805.814088000 [views/ssh_hunter__host_investigation] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1724167087.901061000 [views/ssh_hunter__host_summary] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722451034.473814000 [macros/sandfly_search_sandflies] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724669.517221000 [savedsearches/Sandflies%20to%20Lookup%20File] export = none owner = nobody version = 9.2.1 modtime = 1692149513.664108000 [savedsearches/Sandfly%20Hosts%20to%20Asset%20Lookup] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1669078115.878208000 [savedsearches/Sandfly%20Hosts%20to%20Hosts%20Lookup] access = read : [ * ], write : [ power ] export = none owner = nobody version = 8.2.4 modtime = 1669078115.865452000 [macros/sandfly_search_ssh_hunter] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724800.727439000 [macros/sandfly_search_hosts] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724822.363216000 [macros/sandfly_search_hosts_details] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724835.200972000 [macros/sandfly_search_hosts_summary] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724856.168139000 [views/sandfly_security__hosts] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1723748587.026413000 [views/sandfly_security_daily_snapshot] version = 9.2.1 modtime = 1723760263.954430000 [views/sandfly_security__host_details] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1724358696.090953000 [views/sandfly_security_sandfly_investigation] version = 9.2.1 modtime = 1722376492.055276000 [savedsearches/Count%20of%20Sandflies] version = 9.2.1 modtime = 1692149025.799528000 [savedsearches/Events%20by%20Host%20with%20Description] version = 9.2.1 modtime = 1692149080.269226000 [savedsearches/Top%2010%20Sandflies%20over%20Time%20Range] version = 9.2.1 modtime = 1692149130.629711000 [macros/sandfly_search_audit] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724515.837008000 [macros/sandfly_search_errors] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724545.315803000 [macros/sandfly_search_errors_detailed] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724620.073445000 [macros/sandfly_search_errors_summary] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1720724660.723474000 [savedsearches/Sandfly%20TA%20Internal%20Errors] version = 9.2.1 modtime = 1720725613.350340000 [savedsearches/Sandfly%20TA%20Internal%20Logs] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1720725744.336042000 [savedsearches/Inactive%20Hosts%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1723752786.976985000 [views/audit_logs_overview] owner = nobody version = 9.2.1 modtime = 1722441028.614437000 [views/audit_logs_authentication] owner = nobody version = 9.2.1 modtime = 1720736710.674339000 [savedsearches/Audit%20Log%20Authentication%20Events] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1720736816.447209000 [views/audit_logs_user_accounts] owner = nobody version = 9.2.1 modtime = 1720800779.343723000 [views/audit_logs_license_errors] owner = nobody version = 9.2.1 modtime = 1720815873.896914000 [views/audit_logs_system_changes] owner = nobody version = 9.2.1 modtime = 1720808660.726981000 [views/error_logs_overview] owner = nobody version = 9.2.1 modtime = 1722528326.063782000 [savedsearches/Scanning%20Error%20Log%20Alert] owner = nobody version = 9.2.1 modtime = 1721054313.619636000 [savedsearches/Username%20root%20UID%20But%20Not%20Root] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721074537.237468000 [savedsearches/Logins%20by%20Username] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721077085.325903000 [savedsearches/Usernames%20with%20SSH%20Authorized%20Keys%20Present] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721081594.147755000 [savedsearches/Usernames%20with%20Password%20Hash%20Present] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721082097.951888000 [savedsearches/Usernames%20with%20Blank%20Password%20Fields] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721082418.335550000 [savedsearches/Usernames%20Valid%20Logins%20From%20Hostname] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721142115.862382000 [savedsearches/Usernames%20Valid%20Logins%20by%20Username] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721142263.438629000 [savedsearches/Usernames%20Valid%20Logins%20Against%20Hostname] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721142530.589625000 [savedsearches/Usernames%20Present%20on%20Host] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721142941.358842000 [savedsearches/Usernames%20Bad%20Logins%20From%20Hostname] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721143384.103557000 [savedsearches/Usernames%20Bad%20Logins%20By%20Username] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721143582.953626000 [savedsearches/Usernames%20Bad%20Logins%20Against%20Hostname] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721143842.124444000 [savedsearches/Username%20Password%20Hash%20Types] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721144231.447325000 [savedsearches/Username%20Login%20Shells%20In%20Use] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721144546.563169000 [savedsearches/Username%20Logged%20In] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721144868.477988000 [savedsearches/User%20Successful%20Logins%20Over%20Time] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721145781.308448000 [savedsearches/User%20Failed%20Logins%20Over%20Time] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721146000.052938000 [savedsearches/Processes%20With%20Network%20Ports%20Operating] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721149934.812594000 [savedsearches/Processes%20With%20Network%20Ports%20Listening] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721150114.077526000 [savedsearches/Operating%20System%20Uptime%20in%20Days] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721151096.984856000 [savedsearches/Operating%20System%20Product%20Name] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721151388.742200000 [savedsearches/Operating%20System%20Machine%20Type] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721151533.367079000 [savedsearches/Operating%20System%20Linux%20Version] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721151763.234463000 [savedsearches/Operating%20System%20Linux%20Kernel%20Release%20Version] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721151867.053366000 [savedsearches/Operating%20System%20CPU%20Model%20Name] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721152608.509242000 [savedsearches/Operating%20System%20CPU%20Architecture] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721152753.521619000 [savedsearches/Operating%20System%20Bogo%20MIPS%20Rating] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721152845.355625000 [savedsearches/Operating%20System%20BIOS%20Version] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721152947.820249000 [savedsearches/Operating%20System%20BIOS%20Vendor] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721153051.788915000 [savedsearches/At%20Jobs%20by%20Username] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721153315.704571000 [savedsearches/Crontabs%20by%20Username] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721153492.809842000 [savedsearches/Intrusion%20Detection%20High%20Entropy%20Process] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721154503.410490000 [savedsearches/Intrusion%20Detection%20Immutable%20Process%20Binary%20Running] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721154424.289641000 [savedsearches/Intrusion%20Detection%20Process%20Running%20As%20Sniffer] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721155143.795218000 [savedsearches/Intrusion%20Detection%20Process%20Running%20From%20%2Fdev%2Fshm] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721155389.722476000 [savedsearches/Intrusion%20Detection%20Process%20Running%20from%20Public%20HTML%20Directory] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721155552.766450000 [savedsearches/Intrusion%20Detection%20Process%20Running%20From%20Temp%20Directory] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721155771.683697000 [savedsearches/SSH%20Hunter%20-%20Banned%20Keys%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721945726.836922000 [savedsearches/SSH%20Hunter%20-%20Banned%20Keys%20Details] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721940986.778346000 [savedsearches/SSH%20Hunter%20-%20Banned%20Keys%20by%20Host%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721946360.769218000 [savedsearches/SSH%20Hunter%20-%20Banned%20Keys%20by%20User%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721946456.897810000 [savedsearches/SSH%20Hunter%20-%20Banned%20Keys%20by%20Zone%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1721947566.898704000 [savedsearches/SSH%20Hunter%20-%20Banned%20Keys%20Daily%20Report] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1722011045.291943000 [views/ssh_hunter_-_security_zones] owner = nobody version = 9.2.1 modtime = 1722031458.567988000 [views/ssh_hunter_-_security_zone_details] owner = nobody version = 9.2.1 modtime = 1722452068.254255000 [views/sandfly_security_sourcetype_review] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1724163918.664172000 [views/sandfly_security_host_alerts] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.3 modtime = 1727368161.614105000 [savedsearches/Active%20Hosts%20Report%20by%20Last%20Scan%20Date] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1723754281.390676000 [savedsearches/Hosts%20Last%20Scan%20Greater%20Than%2024%20Hours%20Ago] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1723759923.368009000 [savedsearches/Hosts%20Last%20Scan%20Older%20Than%20Last%20Seen] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1723759896.576359000 [savedsearches/Sandfly%20Server%20-%20Logins%20by%20Username] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1723821810.702111000 [views/sandfly_security_whitelist_rules] owner = nobody version = 9.2.1 modtime = 1724187331.114265000 [macros/sandfly_search_whitelist] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.1 modtime = 1723837205.931642000 [views/sandfly_security_whitelist_rule_details] owner = nobody version = 9.2.1 modtime = 1724351847.316159000 [views/sandfly_security__hosts_by_tags] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.1 modtime = 1724356422.833660000 [lookups/mitre_tactics.csv] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.3 modtime = 1727367845.229674000 [lookups/mitre_techniques.csv] access = read : [ * ], write : [ power ] export = system owner = nobody version = 9.2.3 modtime = 1727367838.720058000 [views/mitre_attack_tactics_and_techniques] owner = nobody version = 9.2.3 modtime = 1727377670.275815000 [views/mitre_attack_techniques_sandflies] owner = nobody version = 9.2.3 modtime = 1727388495.516773000 [views/mitre_attack_techniques_detection] owner = nobody version = 9.2.3 modtime = 1727388420.662988000 [views/mitre_attck_tactics_detection] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.3 modtime = 1727376998.774484000 [views/mitre_attck_tactics_sandflies] access = read : [ * ], write : [ power ] export = none owner = nobody version = 9.2.3 modtime = 1727377025.394058000 [macros/sandfly_search_drift] access = read : [ * ], write : [ power ] export = system owner = nobody version = 10.0.1 modtime = 1762895535.776022000 [views/sandfly_security_-_drift_detection] owner = nobody version = 10.0.1 modtime = 1770752614.930217000 [macros/sandfly_search_results_whitelisted] access = read : [ * ], write : [ power ] export = system owner = nobody version = 10.0.1 modtime = 1770750334.883648000 [views/sandfly_security_-_whitelisted_results] owner = nobody version = 10.0.1 modtime = 1770752563.562543000