diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-10-02 19:29:14 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-10-02 19:29:14 +0200 |
| commit | 76e1ea05987aaf49329e259a121e90fb1b890051 (patch) | |
| tree | e8ac8f462c09d174d8cc170bbbedcbcef68155bb | |
| parent | 0e792ba3011faba982e8d6bd06fb6d5e7c5a8378 (diff) | |
Updated Grafana dashboard.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | examples/c-influxd/grafana-dashboard-simple.json | 7592 |
1 files changed, 3825 insertions, 3767 deletions
diff --git a/examples/c-influxd/grafana-dashboard-simple.json b/examples/c-influxd/grafana-dashboard-simple.json index 6b04e37a8..2070e975d 100644 --- a/examples/c-influxd/grafana-dashboard-simple.json +++ b/examples/c-influxd/grafana-dashboard-simple.json @@ -16,7 +16,742 @@ "description": "" } ], - "__elements": {}, + "__elements": { + "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5": { + "name": "Risk", + "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5", + "kind": 1, + "model": { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ + { + "id": "displayName", + "value": "XSS Attack" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SQL Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RCE Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary App Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Self signed Cert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fully Encrypted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_54_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary Transfer Attempt" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_55_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Probing Attempt" + } + ] + } + ] + }, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Risk", + "type": "gauge" + } + } + }, "__requires": [ { "type": "panel", @@ -1782,7 +2517,7 @@ "type": "stat" }, { - "collapsed": true, + "collapsed": false, "gridPos": { "h": 1, "w": 24, @@ -1790,4129 +2525,3452 @@ "y": 19 }, "id": 6, - "panels": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + "panels": [], + "title": "Flow", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_breed_acceptable_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Acceptable" - } - ] - }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_dangerous_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Dangerous" - } - ] - }, + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_breed_acceptable_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_fun_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fun" - } - ] - }, + "id": "displayName", + "value": "Acceptable" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_dangerous_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_potentially_dangerous_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Potentially Dangerous" - } - ] - }, + "id": "displayName", + "value": "Dangerous" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_fun_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_safe_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Safe" - } - ] - }, + "id": "displayName", + "value": "Fun" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_potentially_dangerous_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_tracker_ads_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Tracker/Ads" - } - ] - }, + "id": "displayName", + "value": "Potentially Dangerous" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_safe_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_unknown_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } - } - ] - }, + "id": "displayName", + "value": "Safe" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_tracker_ads_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_breed_unrated_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unrated" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "Tracker/Ads" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" }, { - "matcher": { - "id": "byName", - "options": "flow_breed_unsafe_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unsafe" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - } - ] + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unrated_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unrated" }, { - "matcher": { - "id": "byName", - "options": "flow_breed_dangerous_count" - }, - "properties": [ - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "dark-red", - "value": 1 - } - ] - } - } - ] + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unsafe_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe" }, { - "matcher": { - "id": "byName", - "options": "flow_breed_potentially_dangerous_count" - }, - "properties": [ - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "dark-orange", - "value": 1 - } - ] + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 } - } - ] + ] + } } ] }, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 3 - }, - "id": 4, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_breed_dangerous_count" }, - "showThresholdLabels": false, - "showThresholdMarkers": false + "properties": [ + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-red", + "value": 1 + } + ] + } + } + ] }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", - "refId": "A" - } + { + "matcher": { + "id": "byName", + "options": "flow_breed_potentially_dangerous_count" + }, + "properties": [ + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-orange", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 4, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "Breed", - "type": "gauge" + "fields": "", + "values": false }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_active_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Active Flows" - } - ] + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", + "refId": "A" + } + ], + "title": "Breed", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null } ] - }, - "gridPos": { - "h": 6, - "w": 2, - "x": 12, - "y": 3 - }, - "id": 8, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_active_count" }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", - "refId": "A" - } + "properties": [ + { + "id": "displayName", + "value": "Active Flows" + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 2, + "x": 12, + "y": 20 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "Active", - "type": "stat" + "fields": "", + "values": false }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_guessed_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Guessed" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - } - ] + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "A" + } + ], + "title": "Active", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" }, { - "matcher": { - "id": "byName", - "options": "flow_not_detected_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Not Detected" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 } - } - ] + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" }, { - "matcher": { - "id": "byName", - "options": "flow_detected_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Detected" - } - ] + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } } ] }, - "gridPos": { - "h": 8, - "w": 10, - "x": 14, - "y": 3 - }, - "id": 9, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" }, - "showThresholdLabels": false, - "showThresholdMarkers": false - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", - "refId": "A" - } + "properties": [ + { + "id": "displayName", + "value": "Detected" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 14, + "y": 20 + }, + "id": 9, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "Detection", - "type": "gauge" + "fields": "", + "values": false }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "#EAB839", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_category_adult_content_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Adult Content" - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_category_advertisment_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Advertisment" - } - ] + "color": "green", + "value": null }, { - "matcher": { - "id": "byName", - "options": "flow_category_allowed_site_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Allowed Site" - } - ] - }, + "color": "#EAB839", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_category_adult_content_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_antimalware_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Anti Malware" - } - ] - }, + "id": "displayName", + "value": "Adult Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_advertisment_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_banned_site_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Banned Site" - } - ] - }, + "id": "displayName", + "value": "Advertisment" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_allowed_site_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_chat_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Chat" - } - ] - }, + "id": "displayName", + "value": "Allowed Site" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_antimalware_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_cloud_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Cloud" - } - ] - }, + "id": "displayName", + "value": "Anti Malware" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_banned_site_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_collaborative_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Collaborative" - } - ] - }, + "id": "displayName", + "value": "Banned Site" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_chat_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_conn_check_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Connection Check" - } - ] - }, + "id": "displayName", + "value": "Chat" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_cloud_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_crypto_currency_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Crypto Currency" - } - ] - }, + "id": "displayName", + "value": "Cloud" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_collaborative_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_cybersecurity_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Cybersecurity" - } - ] - }, + "id": "displayName", + "value": "Collaborative" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_conn_check_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_data_transfer_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Data Transfer" - } - ] - }, + "id": "displayName", + "value": "Connection Check" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_crypto_currency_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_database_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Database" - } - ] - }, + "id": "displayName", + "value": "Crypto Currency" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_cybersecurity_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_download_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Download" - } - ] - }, + "id": "displayName", + "value": "Cybersecurity" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_data_transfer_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_email_count" - }, - "properties": [ - { - "id": "displayName", - "value": "E-Mail" - } - ] - }, + "id": "displayName", + "value": "Data Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_database_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_file_sharing_count" - }, - "properties": [ - { - "id": "displayName", - "value": "File Sharing" - } - ] - }, + "id": "displayName", + "value": "Database" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_download_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_gambling_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Gambling" - } - ] - }, + "id": "displayName", + "value": "Download" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_email_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_game_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Game" - } - ] - }, + "id": "displayName", + "value": "E-Mail" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_file_sharing_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_iot_scada_count" - }, - "properties": [ - { - "id": "displayName", - "value": "IoT/Scada" - } - ] - }, + "id": "displayName", + "value": "File Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_gambling_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_malware_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malware" - } - ] - }, + "id": "displayName", + "value": "Gambling" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_game_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_media_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Media" - } - ] - }, + "id": "displayName", + "value": "Game" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_iot_scada_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_mining_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Mining" - } - ] - }, + "id": "displayName", + "value": "IoT/Scada" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_malware_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_music_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Music" - } - ] - }, + "id": "displayName", + "value": "Malware" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_media_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_network_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Network" - } - ] - }, + "id": "displayName", + "value": "Media" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_mining_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_productivity_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Productivity" - } - ] - }, + "id": "displayName", + "value": "Mining" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_music_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_remote_access_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Remote Access" - } - ] - }, + "id": "displayName", + "value": "Music" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_network_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_rpc_count" - }, - "properties": [ - { - "id": "displayName", - "value": "RPC" - } - ] - }, + "id": "displayName", + "value": "Network" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_productivity_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_shopping_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Shopping" - } - ] - }, + "id": "displayName", + "value": "Productivity" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_remote_access_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_site_unavail_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Site Unavailable" - } - ] - }, + "id": "displayName", + "value": "Remote Access" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_rpc_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_social_network_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Social Network" - } - ] - }, + "id": "displayName", + "value": "RPC" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_shopping_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_software_update_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Software Update" - } - ] - }, + "id": "displayName", + "value": "Shopping" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_site_unavail_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_streaming_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Streaming" - } - ] - }, + "id": "displayName", + "value": "Site Unavailable" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_social_network_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_system_count" - }, - "properties": [ - { - "id": "displayName", - "value": "System" - } - ] - }, + "id": "displayName", + "value": "Social Network" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_software_update_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_unknown_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown" - } - ] - }, + "id": "displayName", + "value": "Software Update" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_streaming_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_unspecified_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unspecified" - } - ] - }, + "id": "displayName", + "value": "Streaming" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_system_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_video_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Video" - } - ] - }, + "id": "displayName", + "value": "System" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_unknown_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_virt_assistant_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Virtual Assistant" - } - ] - }, + "id": "displayName", + "value": "Unknown" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_unspecified_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_voip_count" - }, - "properties": [ - { - "id": "displayName", - "value": "VoIP" - } - ] - }, + "id": "displayName", + "value": "Unspecified" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_video_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_vpn_count" - }, - "properties": [ - { - "id": "displayName", - "value": "VPN" - } - ] - }, + "id": "displayName", + "value": "Video" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_virt_assistant_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_category_web_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Web" - } - ] + "id": "displayName", + "value": "Virtual Assistant" } ] }, - "gridPos": { - "h": 27, - "w": 12, - "x": 0, - "y": 9 + { + "matcher": { + "id": "byName", + "options": "flow_category_voip_count" + }, + "properties": [ + { + "id": "displayName", + "value": "VoIP" + } + ] }, - "id": 10, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_category_vpn_count" }, - "showThresholdLabels": false, - "showThresholdMarkers": false + "properties": [ + { + "id": "displayName", + "value": "VPN" + } + ] }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )", - "refId": "A" - } + { + "matcher": { + "id": "byName", + "options": "flow_category_web_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Web" + } + ] + } + ] + }, + "gridPos": { + "h": 27, + "w": 12, + "x": 0, + "y": 26 + }, + "id": 10, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "Category", - "type": "gauge" + "fields": "", + "values": false }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_state_finished" - }, - "properties": [ - { - "id": "displayName", - "value": "Finished" - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )", + "refId": "A" + } + ], + "title": "Category", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_state_info" - }, - "properties": [ - { - "id": "displayName", - "value": "Processing" - } - ] + "color": "green", + "value": null } ] - }, - "gridPos": { - "h": 11, - "w": 2, - "x": 12, - "y": 9 - }, - "id": 13, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_state_finished" }, - "textMode": "auto" + "properties": [ + { + "id": "displayName", + "value": "Finished" + } + ] }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )", - "refId": "A" - } + { + "matcher": { + "id": "byName", + "options": "flow_state_info" + }, + "properties": [ + { + "id": "displayName", + "value": "Processing" + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 2, + "x": 12, + "y": 26 + }, + "id": 13, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "State", - "type": "stat" + "fields": "", + "values": false }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_confidence_by_ip" - }, - "properties": [ - { - "id": "displayName", - "value": "By IP" - }, - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )", + "refId": "A" + } + ], + "title": "State", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_confidence_by_port" - }, - "properties": [ - { - "id": "displayName", - "value": "By Port" - }, - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_confidence_by_ip" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_confidence_dpi" - }, - "properties": [ - { - "id": "displayName", - "value": "DPI" - }, - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "By IP" }, { - "matcher": { - "id": "byName", - "options": "flow_confidence_dpi_aggressive" - }, - "properties": [ - { - "id": "displayName", - "value": "DPI Aggressive" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } - } - ] - }, + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_by_port" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_confidence_dpi_cache" - }, - "properties": [ - { - "id": "displayName", - "value": "DPI Cache" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-green", - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "By Port" }, { - "matcher": { - "id": "byName", - "options": "flow_confidence_dpi_partial" - }, - "properties": [ - { - "id": "displayName", - "value": "DPI Partial" - }, - { - "id": "color", - "value": { - "fixedColor": "light-green", - "mode": "fixed" - } - } - ] - }, + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_confidence_dpi_partial_cache" - }, - "properties": [ - { - "id": "displayName", - "value": "DPI Partial Cache" - }, - { - "id": "color", - "value": { - "fixedColor": "super-light-green", - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "DPI" }, { - "matcher": { - "id": "byName", - "options": "flow_confidence_nbpf" - }, - "properties": [ - { - "id": "displayName", - "value": "nBPF" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } - } - ] - }, + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_aggressive" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_confidence_unknown" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "DPI Aggressive" }, { - "matcher": { - "id": "byName", - "options": "flow_confidence_custom_rule" - }, - "properties": [ - { - "id": "displayName", - "value": "Custom Rule" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } - } - ] + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } } ] }, - "gridPos": { - "h": 14, - "w": 10, - "x": 14, - "y": 11 - }, - "id": 14, - "options": { - "displayMode": "gradient", - "minVizHeight": 10, - "minVizWidth": 0, - "namePlacement": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_cache" }, - "showUnfilled": true, - "valueMode": "color" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + "properties": [ + { + "id": "displayName", + "value": "DPI Cache" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )", - "refId": "A" - } - ], - "title": "Confidence", - "type": "bargauge" - }, - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 2, - "x": 12, - "y": 20 - }, - "id": 18, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_partial" }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + "properties": [ + { + "id": "displayName", + "value": "DPI Partial" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", - "refId": "A" - } - ], - "title": "Total Risks", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true + { + "id": "color", + "value": { + "fixedColor": "light-green", + "mode": "fixed" + } } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + ] }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_severity_critical" - }, - "properties": [ - { - "id": "displayName", - "value": "Critical" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] - }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_partial_cache" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_severity_emergency" - }, - "properties": [ - { - "id": "displayName", - "value": "Emergency" - }, - { - "id": "color", - "value": { - "fixedColor": "red", - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "DPI Partial Cache" }, { - "matcher": { - "id": "byName", - "options": "flow_severity_high" - }, - "properties": [ - { - "id": "displayName", - "value": "High" - }, - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, + "id": "color", + "value": { + "fixedColor": "super-light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_nbpf" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_severity_low" - }, - "properties": [ - { - "id": "displayName", - "value": "Low" - }, - { - "id": "color", - "value": { - "fixedColor": "light-green", - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "nBPF" }, { - "matcher": { - "id": "byName", - "options": "flow_severity_medium" - }, - "properties": [ - { - "id": "displayName", - "value": "Medium" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-green", - "mode": "fixed" - } - } - ] - }, + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_unknown" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_severity_severe" - }, - "properties": [ - { - "id": "displayName", - "value": "Severe" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-orange", - "mode": "fixed" - } - } - ] + "id": "displayName", + "value": "Unknown" }, { - "matcher": { - "id": "byName", - "options": "flow_severity_unknown" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } - } - ] + "id": "color", + "value": { + "mode": "fixed" + } } ] }, - "gridPos": { - "h": 11, - "w": 12, - "x": 12, - "y": 25 - }, - "id": 11, - "options": { - "displayMode": "gradient", - "minVizHeight": 10, - "minVizWidth": 0, - "namePlacement": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_confidence_custom_rule" }, - "showUnfilled": true, - "valueMode": "color" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + "properties": [ + { + "id": "displayName", + "value": "Custom Rule" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )", - "refId": "A" - } + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 10, + "x": 14, + "y": 28 + }, + "id": 14, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "Risk Severity", - "type": "bargauge" + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )", + "refId": "A" } ], - "title": "Flow", - "type": "row" + "title": "Confidence", + "type": "bargauge" }, { - "collapsed": true, + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 20 + "h": 5, + "w": 2, + "x": 12, + "y": 37 }, - "id": 32, - "panels": [ + "id": 18, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_risk_1_count" - }, - "properties": [ - { - "id": "displayName", - "value": "XSS Attack" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_2_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SQL Injection" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_3_count" - }, - "properties": [ - { - "id": "displayName", - "value": "RCE Injection" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_4_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Binary App Transfer" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_5_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Known Proto on Non Std Port" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_6_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Self signed Cert" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_7_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Obsolete TLS v1.1 or older" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_8_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Weak TLS Cipher" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_9_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Expired" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_10_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Mismatch" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_11_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious User Agent" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_12_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Numeric IP Address" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_13_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious URL" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_14_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious Header" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_15_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS probably Not Carrying HTTPS" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_16_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious DGA Domain name" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_17_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malformed Packet" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_18_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SSH Obsolete Client Version/Cipher" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_19_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SSH Obsolete Server Version/Cipher" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_20_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SMB Insecure Version" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_21_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Suspicious ESNI Usage" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_22_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unsafe Protocol" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_23_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious DNS Traffic" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_24_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Missing SNI TLS Extension" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_25_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious Content" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_26_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Risky ASN" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_27_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Risky Domain Name" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_28_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malicious JA3 Fingerprint" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_29_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malicious SSL Cert/SHA1 Fingerprint" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_30_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Desktop/File-Sharing" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_31_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Uncommon TLS ALPN" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_32_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Validity Too Long" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_33_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Suspicious Extension" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_34_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Fatal Alert" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_35_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious Entropy" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_36_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Clear Text Credentials" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_37_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Large DNS Packet" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_38_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fragmented DNS Message" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_39_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Text With Non Printable Chars" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_40_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Possible Exploit" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_risk_41_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert About To Expire" - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Total Risks", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_42_count" - }, - "properties": [ - { - "id": "displayName", - "value": "IDN Domain Name" - } - ] - }, + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_severity_critical" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_43_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Error Code" - } - ] + "id": "displayName", + "value": "Critical" }, { - "matcher": { - "id": "byName", - "options": "flow_risk_44_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Crawler/Bot" - } - ] - }, + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_emergency" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_45_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Anonymous Subscriber" - } - ] + "id": "displayName", + "value": "Emergency" }, { - "matcher": { - "id": "byName", - "options": "flow_risk_46_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unidirectional Traffic" - } - ] - }, + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_high" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_47_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Obsolete Server" - } - ] + "id": "displayName", + "value": "High" }, { - "matcher": { - "id": "byName", - "options": "flow_risk_48_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Periodic Flow" - } - ] - }, + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_low" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_49_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Minor Issues" - } - ] + "id": "displayName", + "value": "Low" }, { - "matcher": { - "id": "byName", - "options": "flow_risk_50_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TCP Connection Issues" - } - ] - }, + "id": "color", + "value": { + "fixedColor": "light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_medium" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_51_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fully Encrypted" - } - ] + "id": "displayName", + "value": "Medium" }, { - "matcher": { - "id": "byName", - "options": "flow_risk_52_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Invalid ALPN/SNI combination" - } - ] - }, + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_severe" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_53_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malware Host Contacted" - } - ] + "id": "displayName", + "value": "Severe" }, { - "matcher": { - "id": "byName", - "options": "flow_risk_unknown_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown Risk" - } - ] + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } } ] }, - "gridPos": { - "h": 24, - "w": 24, - "x": 0, - "y": 4 - }, - "id": 12, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + { + "matcher": { + "id": "byName", + "options": "flow_severity_unknown" }, - "showThresholdLabels": false, - "showThresholdMarkers": false - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + "properties": [ + { + "id": "displayName", + "value": "Unknown" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", - "refId": "A" - } + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 12, + "x": 12, + "y": 42 + }, + "id": 11, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" ], - "title": "Risk", - "type": "gauge" + "fields": "", + "values": false }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_risk_1_count" - }, - "properties": [ - { - "id": "displayName", - "value": "XSS Attack" - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )", + "refId": "A" + } + ], + "title": "Risk Severity", + "type": "bargauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 53 + }, + "id": 32, + "panels": [], + "title": "Risks", + "type": "row" + }, + { + "gridPos": { + "h": 24, + "w": 24, + "x": 0, + "y": 54 + }, + "id": 12, + "libraryPanel": { + "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5", + "name": "Risk" + } + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_2_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SQL Injection" - } - ] + "color": "green", + "value": null }, { - "matcher": { - "id": "byName", - "options": "flow_risk_3_count" - }, - "properties": [ - { - "id": "displayName", - "value": "RCE Injection" - } - ] - }, + "color": "yellow", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_4_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Binary App Transfer" - } - ] - }, + "id": "displayName", + "value": "XSS Attack" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_5_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Known Proto on Non Std Port" - } - ] - }, + "id": "displayName", + "value": "SQL Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_6_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Self signed Cert" - } - ] - }, + "id": "displayName", + "value": "RCE Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_7_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Obsolete TLS v1.1 or older" - } - ] - }, + "id": "displayName", + "value": "Binary App Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_8_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Weak TLS Cipher" - } - ] - }, + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_9_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Expired" - } - ] - }, + "id": "displayName", + "value": "Self signed Cert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_10_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Mismatch" - } - ] - }, + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_11_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious User Agent" - } - ] - }, + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_12_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Numeric IP Address" - } - ] - }, + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_13_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious URL" - } - ] - }, + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_14_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious Header" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_15_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS probably Not Carrying HTTPS" - } - ] - }, + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_16_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious DGA Domain name" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_17_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malformed Packet" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_18_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SSH Obsolete Client Version/Cipher" - } - ] - }, + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_19_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SSH Obsolete Server Version/Cipher" - } - ] - }, + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_20_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SMB Insecure Version" - } - ] - }, + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_21_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Suspicious ESNI Usage" - } - ] - }, + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_22_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unsafe Protocol" - } - ] - }, + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_23_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious DNS Traffic" - } - ] - }, + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_24_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Missing SNI TLS Extension" - } - ] - }, + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_25_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious Content" - } - ] - }, + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_26_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Risky ASN" - } - ] - }, + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_27_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Risky Domain Name" - } - ] - }, + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_28_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malicious JA3 Fingerprint" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_29_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malicious SSL Cert/SHA1 Fingerprint" - } - ] - }, + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_30_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Desktop/File-Sharing" - } - ] - }, + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_31_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Uncommon TLS ALPN" - } - ] - }, + "id": "displayName", + "value": "Malicious JA3 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_32_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Validity Too Long" - } - ] - }, + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_33_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Suspicious Extension" - } - ] - }, + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_34_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Fatal Alert" - } - ] - }, + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_35_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious Entropy" - } - ] - }, + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_36_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Clear Text Credentials" - } - ] - }, + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_37_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Large DNS Packet" - } - ] - }, + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_38_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fragmented DNS Message" - } - ] - }, + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_39_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Text With Non Printable Chars" - } - ] - }, + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_40_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Possible Exploit" - } - ] - }, + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_41_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert About To Expire" - } - ] - }, + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_42_count" - }, - "properties": [ - { - "id": "displayName", - "value": "IDN Domain Name" - } - ] - }, + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_43_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Error Code" - } - ] - }, + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_44_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Crawler/Bot" - } - ] - }, + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_45_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Anonymous Subscriber" - } - ] - }, + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_46_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unidirectional Traffic" - } - ] - }, + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_47_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Obsolete Server" - } - ] - }, + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_48_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Periodic Flow" - } - ] - }, + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_49_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Minor Issues" - } - ] - }, + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_50_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TCP Connection Issues" - } - ] - }, + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_51_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fully Encrypted" - } - ] - }, + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_52_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Invalid ALPN/SNI combination" - } - ] - }, + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_53_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malware Host Contacted" - } - ] - }, + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_unknown_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown Risk" - } - ] + "id": "displayName", + "value": "Fully Encrypted" } ] }, - "gridPos": { - "h": 10, - "w": 24, - "x": 0, - "y": 28 + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] }, - "id": 34, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", - "refId": "A" - } - ], - "title": "Risk", - "type": "timeseries" + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 78 + }, + "id": 34, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" } ], - "title": "Risks", - "type": "row" + "title": "Risk", + "type": "timeseries" }, { - "collapsed": true, + "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 21 + "y": 88 }, "id": 29, - "panels": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + "panels": [], + "title": "Flow (Simplified / Historic)", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "log": 2, - "type": "log" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/flow_breed_.*/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": true, - "tooltip": true, - "viz": true - } - } - ] - }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "Legit" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] + "color": "green", + "value": null }, { - "matcher": { - "id": "byName", - "options": "Caution Advised" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "red", - "mode": "fixed" - } - } - ] - }, + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/flow_breed_.*/" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "Dont Know" - }, - "properties": [ - { - "id": "color", - "value": { - "mode": "fixed" - } - } - ] + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": true + } } ] }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 5 - }, - "id": 30, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", - "refId": "A" - } - ], - "title": "Breed", - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "Caution Advised", - "mode": "reduceRow", - "reduce": { - "include": [ - "flow_breed_potentially_dangerous_count breed", - "flow_breed_unsafe_count breed", - "flow_breed_dangerous_count breed" - ], - "reducer": "sum" - }, - "replaceFields": false + { + "matcher": { + "id": "byName", + "options": "Legit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Caution Advised" }, - { - "id": "calculateField", - "options": { - "alias": "Legit", - "mode": "reduceRow", - "reduce": { - "include": [ - "flow_breed_acceptable_count breed", - "flow_breed_fun_count breed", - "flow_breed_safe_count breed" - ], - "reducer": "sum" + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" } } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Dont Know" }, - { - "id": "calculateField", - "options": { - "alias": "Dont Know", - "mode": "reduceRow", - "reduce": { - "include": [ - "flow_breed_unrated_count breed", - "flow_breed_unknown_count breed" - ], - "reducer": "sum" + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed" } } - } - ], - "type": "timeseries" + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 89 + }, + "id": 30, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "fillOpacity": 70, - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineWidth": 1 - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_detected_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Detected" - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", + "refId": "A" + } + ], + "title": "Breed", + "transformations": [ + { + "id": "calculateField", + "options": { + "alias": "Caution Advised", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_potentially_dangerous_count breed", + "flow_breed_unsafe_count breed", + "flow_breed_dangerous_count breed" + ], + "reducer": "sum" + }, + "replaceFields": false + } + }, + { + "id": "calculateField", + "options": { + "alias": "Legit", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_acceptable_count breed", + "flow_breed_fun_count breed", + "flow_breed_safe_count breed" + ], + "reducer": "sum" + } + } + }, + { + "id": "calculateField", + "options": { + "alias": "Dont Know", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_unrated_count breed", + "flow_breed_unknown_count breed" + ], + "reducer": "sum" + } + } + } + ], + "type": "timeseries" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineWidth": 1 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_guessed_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Guessed" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - } - ] + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detected" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" }, { - "matcher": { - "id": "byName", - "options": "flow_not_detected_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Not Detected" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 } - } - ] + ] + } } ] }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 5 - }, - "id": 31, - "options": { - "colWidth": 0.9, - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "rowHeight": 0.9, - "showValue": "auto", - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", - "refId": "A" - } - ], - "title": "Detection", - "type": "status-history" + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 89 + }, + "id": 31, + "options": { + "colWidth": 0.9, + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false }, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "fillOpacity": 70, - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineWidth": 0, - "spanNulls": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_risk_1_count" - }, - "properties": [ - { - "id": "displayName", - "value": "XSS Attack" - } - ] - }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "type": "status-history" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineWidth": 0, + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_2_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SQL Injection" - } - ] + "color": "green", + "value": null }, { - "matcher": { - "id": "byName", - "options": "flow_risk_3_count" - }, - "properties": [ - { - "id": "displayName", - "value": "RCE Injection" - } - ] - }, + "color": "yellow", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_4_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Binary App Transfer" - } - ] - }, + "id": "displayName", + "value": "XSS Attack" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_5_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Known Proto on Non Std Port" - } - ] - }, + "id": "displayName", + "value": "SQL Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_6_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Self signed Cert" - } - ] - }, + "id": "displayName", + "value": "RCE Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_7_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Obsolete TLS v1.1 or older" - } - ] - }, + "id": "displayName", + "value": "Binary App Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_8_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Weak TLS Cipher" - } - ] - }, + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_9_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Expired" - } - ] - }, + "id": "displayName", + "value": "Self signed Cert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_10_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Mismatch" - } - ] - }, + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_11_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious User Agent" - } - ] - }, + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_12_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Numeric IP Address" - } - ] - }, + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_13_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious URL" - } - ] - }, + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_14_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious Header" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_15_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS probably Not Carrying HTTPS" - } - ] - }, + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_16_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious DGA Domain name" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_17_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malformed Packet" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_18_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SSH Obsolete Client Version/Cipher" - } - ] - }, + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_19_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SSH Obsolete Server Version/Cipher" - } - ] - }, + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_20_count" - }, - "properties": [ - { - "id": "displayName", - "value": "SMB Insecure Version" - } - ] - }, + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_21_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Suspicious ESNI Usage" - } - ] - }, + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_22_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unsafe Protocol" - } - ] - }, + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_23_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious DNS Traffic" - } - ] - }, + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_24_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Missing SNI TLS Extension" - } - ] - }, + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_25_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Suspicious Content" - } - ] - }, + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_26_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Risky ASN" - } - ] - }, + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_27_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Risky Domain Name" - } - ] - }, + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_28_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malicious JA3 Fingerprint" - } - ] - }, + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_29_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malicious SSL Cert/SHA1 Fingerprint" - } - ] - }, + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_30_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Desktop/File-Sharing" - } - ] - }, + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_31_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Uncommon TLS ALPN" - } - ] - }, + "id": "displayName", + "value": "Malicious Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_32_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert Validity Too Long" - } - ] - }, + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_33_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Suspicious Extension" - } - ] - }, + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_34_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Fatal Alert" - } - ] - }, + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_35_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Suspicious Entropy" - } - ] - }, + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_36_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Clear Text Credentials" - } - ] - }, + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_37_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Large DNS Packet" - } - ] - }, + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_38_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fragmented DNS Message" - } - ] - }, + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_39_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Text With Non Printable Chars" - } - ] - }, + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_40_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Possible Exploit" - } - ] - }, + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_41_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TLS Cert About To Expire" - } - ] - }, + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_42_count" - }, - "properties": [ - { - "id": "displayName", - "value": "IDN Domain Name" - } - ] - }, + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_43_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Error Code" - } - ] - }, + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_44_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Crawler/Bot" - } - ] - }, + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_45_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Anonymous Subscriber" - } - ] - }, + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_46_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unidirectional Traffic" - } - ] - }, + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_47_count" - }, - "properties": [ - { - "id": "displayName", - "value": "HTTP Obsolete Server" - } - ] - }, + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_48_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Periodic Flow" - } - ] - }, + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_49_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Minor Issues" - } - ] - }, + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_50_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TCP Connection Issues" - } - ] - }, + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_51_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Fully Encrypted" - } - ] - }, + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_52_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Invalid ALPN/SNI combination" - } - ] - }, + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_53_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Malware Host Contacted" - } - ] - }, + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ { - "matcher": { - "id": "byName", - "options": "flow_risk_unknown_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown Risk" - } - ] + "id": "displayName", + "value": "Fully Encrypted" } ] }, - "gridPos": { - "h": 24, - "w": 24, - "x": 0, - "y": 13 + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] }, - "id": 33, - "options": { - "alignValue": "left", - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "mergeValues": true, - "rowHeight": 0.9, - "showValue": "auto", - "tooltip": { - "mode": "single", - "sort": "none" - } + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "${DS_INFLUXDB}" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", - "refId": "A" - } - ], - "title": "Risk", - "type": "state-timeline" + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_54_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary Transfer Attempt" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_55_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Probing Attempt" + } + ] + } + ] + }, + "gridPos": { + "h": 24, + "w": 24, + "x": 0, + "y": 97 + }, + "id": 33, + "options": { + "alignValue": "left", + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "mergeValues": true, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" } ], - "title": "Flow (Simplified / Historic)", - "type": "row" + "title": "Risk", + "type": "state-timeline" }, { "collapsed": false, @@ -5920,7 +5978,7 @@ "h": 1, "w": 24, "x": 0, - "y": 22 + "y": 121 }, "id": 15, "panels": [], @@ -6023,7 +6081,7 @@ "h": 8, "w": 12, "x": 0, - "y": 23 + "y": 122 }, "id": 16, "options": { @@ -6159,7 +6217,7 @@ "h": 8, "w": 12, "x": 12, - "y": 23 + "y": 122 }, "id": 17, "options": { @@ -6215,13 +6273,13 @@ ] }, "time": { - "from": "now-30m", + "from": "now-15m", "to": "now" }, "timepicker": {}, "timezone": "", "title": "nDPId", "uid": "e57b37c0-d0ba-4f50-9b2d-f83e71ae8c27", - "version": 88, + "version": 101, "weekStart": "" }
\ No newline at end of file |