diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-01-06 19:32:47 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-01-06 19:32:47 +0100 |
| commit | a007a907daebbf78dc3fead8fa2ad23d1156f732 (patch) | |
| tree | 875e7d55a931ed146d6ca47b94370e7ec24faf6c /examples/c-influxd | |
| parent | 876aef98e10073b26bdd54fd996e4675b36e19c1 (diff) | |
Fixed invalid flow risk aggregation in collectd/influxd examples.
* CI: build single nDPId executable with `-Wall -Wextra -std=gnu99`
* fixed missing error events in influxd example
* added additional test cases for collectd
* extended grafana dashboard
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'examples/c-influxd')
| -rw-r--r-- | examples/c-influxd/c-influxd.c | 25 | ||||
| -rw-r--r-- | examples/c-influxd/grafana-dashboard-simple.json | 7555 |
2 files changed, 4943 insertions, 2637 deletions
diff --git a/examples/c-influxd/c-influxd.c b/examples/c-influxd/c-influxd.c index 55160c2a7..70b23447a 100644 --- a/examples/c-influxd/c-influxd.c +++ b/examples/c-influxd/c-influxd.c @@ -203,7 +203,7 @@ static struct uint64_t flow_guessed_count; uint64_t flow_not_detected_count; - nDPIsrvd_ull flow_risk_count[NDPI_MAX_RISK - 1]; + nDPIsrvd_ull flow_risk_count[NDPI_MAX_RISK - 1 /* NDPI_NO_RISK */]; nDPIsrvd_ull flow_risk_unknown_count; } gauges[2]; /* values after InfluxDB push: gauges[0] -= gauges[1], gauges[1] is zero'd afterwards */ } influxd_statistics = {.rw_lock = PTHREAD_MUTEX_INITIALIZER}; @@ -388,7 +388,8 @@ static int serialize_influx_line(char * buf, size_t siz) INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() - INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT_END(), + INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() + INFLUXDB_FORMAT() INFLUXDB_FORMAT_END(), "events", INFLUXDB_VALUE_COUNTER(flow_new_count), INFLUXDB_VALUE_COUNTER(flow_end_count), @@ -419,7 +420,10 @@ static int serialize_influx_line(char * buf, size_t siz) INFLUXDB_VALUE_COUNTER(error_ip6_size_smaller_than_header), INFLUXDB_VALUE_COUNTER(error_ip6_l4_payload_detection), INFLUXDB_VALUE_COUNTER(error_tcp_packet_too_short), - INFLUXDB_VALUE_COUNTER(error_udp_packet_too_short)); + INFLUXDB_VALUE_COUNTER(error_udp_packet_too_short), + INFLUXDB_VALUE_COUNTER(error_capture_size_smaller_than_packet), + INFLUXDB_VALUE_COUNTER(error_max_flows_to_track), + INFLUXDB_VALUE_COUNTER(error_flow_memory_alloc)); CHECK_SNPRINTF_RET(bytes); bytes = snprintf(buf, @@ -564,7 +568,7 @@ static int serialize_influx_line(char * buf, size_t siz) bytes = snprintf(buf, siz, "%s " INFLUXDB_FORMAT(), "risks", INFLUXDB_VALUE_GAUGE(flow_risk_unknown_count)); CHECK_SNPRINTF_RET(bytes); - for (size_t i = 0; i < NDPI_MAX_RISK - 1; ++i) + for (size_t i = 0; i < NDPI_MAX_RISK - 1 /* NDPI_NO_RISK */; ++i) { bytes = snprintf(buf, siz, @@ -664,7 +668,7 @@ failure: INFLUXD_STATS_GAUGE_SUB(flow_guessed_count); INFLUXD_STATS_GAUGE_SUB(flow_not_detected_count); - for (size_t i = 0; i < NDPI_MAX_RISK - 1; ++i) + for (size_t i = 0; i < NDPI_MAX_RISK - 1 /* NDPI_NO_RISK */; ++i) { INFLUXD_STATS_GAUGE_SUB(flow_risk_count[i]); } @@ -1086,7 +1090,7 @@ static void process_flow_stats(struct nDPIsrvd_socket * const sock, struct nDPIs { size_t numeric_risk_len = 0; char const * const numeric_risk_str = TOKEN_GET_KEY(sock, current, &numeric_risk_len); - nDPIsrvd_ull numeric_risk_value = (nDPIsrvd_ull)-1; + nDPIsrvd_ull numeric_risk_value = 0; char numeric_risk_buf[numeric_risk_len + 1]; if (numeric_risk_len > 0 && numeric_risk_str != NULL) @@ -1151,13 +1155,13 @@ static void process_flow_stats(struct nDPIsrvd_socket * const sock, struct nDPIs { continue; } - if (flow_user_data->risks[i] == numeric_risk_value) + if (flow_user_data->risks[i] == numeric_risk_value - 1) { break; } - INFLUXD_STATS_GAUGE_INC(flow_risk_count[numeric_risk_value]); - flow_user_data->risks[i] = numeric_risk_value; + INFLUXD_STATS_GAUGE_INC(flow_risk_count[numeric_risk_value - 1]); + flow_user_data->risks[i] = numeric_risk_value - 1; break; } } @@ -1545,10 +1549,11 @@ static int parse_options(int argc, char ** argv, struct nDPIsrvd_socket * const static void sighandler(int signum) { - (void)signum; + logger(0, "Received SIGNAL %d", signum); if (main_thread_shutdown == 0) { + logger(0, "%s", "Shutting down .."); main_thread_shutdown = 1; } } diff --git a/examples/c-influxd/grafana-dashboard-simple.json b/examples/c-influxd/grafana-dashboard-simple.json index 38d26702f..78f8c8d6e 100644 --- a/examples/c-influxd/grafana-dashboard-simple.json +++ b/examples/c-influxd/grafana-dashboard-simple.json @@ -1,4 +1,78 @@ { + "__inputs": [ + { + "name": "DS_INFLUXDB", + "label": "InfluxDB", + "description": "", + "type": "datasource", + "pluginId": "influxdb", + "pluginName": "InfluxDB" + }, + { + "name": "VAR_NDPID_DB_NAME", + "type": "constant", + "label": "ndpid_db_name", + "value": "ndpi-daemon", + "description": "" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "panel", + "id": "gauge", + "name": "Gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.2.0" + }, + { + "type": "datasource", + "id": "influxdb", + "name": "InfluxDB", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "state-timeline", + "name": "State timeline", + "version": "" + }, + { + "type": "panel", + "id": "status-history", + "name": "Status history", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], "annotations": { "list": [ { @@ -15,15 +89,15 @@ } ] }, - "editable": false, + "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 1, + "id": null, "links": [], "liveNow": false, "panels": [ { - "collapsed": false, + "collapsed": true, "gridPos": { "h": 1, "w": 24, @@ -31,14 +105,3276 @@ "y": 0 }, "id": 22, - "panels": [], + "panels": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 25 + }, + { + "color": "red", + "value": 50 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "error_ip4_l4_payload_detection" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4 L4 Failed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip4_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4 Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip4_size_smaller_than_header" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4 Header Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip6_l4_payload_detection" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6 L4 Failed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip6_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6 Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip6_size_smaller_than_header" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6 Header Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_packet_header_invalid" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Header Invalid" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_packet_type_unknown" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Type Unknown" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_tcp_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_udp_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "UDP Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_unknown_datalink" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Datalink" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_unknown_l3_protocol" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown L3 Protocol" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_unsupported_datalink" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsupported Datalink" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_analyse_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Analyse" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detections" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_detection_update_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detection Updates" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_end_count" + }, + "properties": [ + { + "id": "displayName", + "value": "End" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 5 + }, + { + "color": "red", + "value": 10 + } + ] + } + }, + { + "id": "color" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_idle_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Idle" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_new_count" + }, + "properties": [ + { + "id": "displayName", + "value": "New" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risky_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_update_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Updates" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "init_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Init" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "packet_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet" + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 25 + }, + { + "color": "red", + "value": 50 + } + ] + } + }, + { + "id": "color", + "value": { + "mode": "thresholds" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "packet_flow_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "reconnect_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Reconnect" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "shutdown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Shutdown" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "status_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Status" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_capture_size_smaller_than_packet" + }, + "properties": [ + { + "id": "displayName", + "value": "Capture Size < Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_flow_memory_alloc" + }, + "properties": [ + { + "id": "displayName", + "value": "Memory Allocation Failed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_max_flows_to_track" + }, + "properties": [ + { + "id": "displayName", + "value": "Max Flows" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 15, + "x": 0, + "y": 1 + }, + "id": 20, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic-by-name" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 3, + "x": 15, + "y": 1 + }, + "id": 19, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", + "refId": "A" + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic-by-name" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 3, + "x": 18, + "y": 1 + }, + "id": 28, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )", + "refId": "A" + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 1 + }, + "id": 27, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )", + "refId": "A" + } + ], + "title": "Packet", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 4 + }, + "id": 26, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 7 + }, + "id": 21, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", + "refId": "A" + } + ], + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + } + ], "title": "Events", "type": "row" }, { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 5, + "panels": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_dst_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Received" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_src_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Transmitted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "json_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total JSON Bytes" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 15, + "x": 0, + "y": 2 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", + "refId": "A" + } + ], + "title": "Data Processed", + "type": "timeseries" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_dst_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Received" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_src_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Transmitted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "json_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total JSON Bytes" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 3, + "x": 15, + "y": 2 + }, + "id": 3, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", + "refId": "A" + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 18, + "y": 2 + }, + "id": 24, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )", + "refId": "A" + } + ], + "title": "Bytes Transmitted", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 21, + "y": 2 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )", + "refId": "A" + } + ], + "title": "JSON Lines", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 18, + "y": 6 + }, + "id": 25, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )", + "refId": "A" + } + ], + "title": "Bytes Received", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 21, + "y": 6 + }, + "id": 23, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )", + "refId": "A" + } + ], + "title": "Total Bytes", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + } + ], + "title": "General", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 2 + }, + "id": 6, + "panels": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_breed_acceptable_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Acceptable" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_dangerous_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Dangerous" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_fun_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fun" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_potentially_dangerous_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Potentially Dangerous" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_safe_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Safe" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_tracker_ads_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Tracker/Ads" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unrated_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unrated" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unsafe_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_dangerous_count" + }, + "properties": [ + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_potentially_dangerous_count" + }, + "properties": [ + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-orange", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 0, + "y": 3 + }, + "id": 4, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", + "refId": "A" + } + ], + "title": "Breed", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_active_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Active Flows" + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 2, + "x": 12, + "y": 3 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "A" + } + ], + "title": "Active", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detected" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 14, + "y": 3 + }, + "id": 9, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_category_adult_content_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Adult Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_advertisment_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Advertisment" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_allowed_site_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Allowed Site" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_antimalware_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anti Malware" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_banned_site_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Banned Site" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_chat_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Chat" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_cloud_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Cloud" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_collaborative_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Collaborative" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_conn_check_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Connection Check" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_crypto_currency_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crypto Currency" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_cybersecurity_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Cybersecurity" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_data_transfer_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Data Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_database_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Database" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_download_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Download" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_email_count" + }, + "properties": [ + { + "id": "displayName", + "value": "E-Mail" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_file_sharing_count" + }, + "properties": [ + { + "id": "displayName", + "value": "File Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_gambling_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Gambling" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_game_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Game" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_iot_scada_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IoT/Scada" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_malware_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_media_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Media" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_mining_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Mining" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_music_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Music" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_network_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Network" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_productivity_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Productivity" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_remote_access_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Remote Access" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_rpc_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RPC" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_shopping_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Shopping" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_site_unavail_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Site Unavailable" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_social_network_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Social Network" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_software_update_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Software Update" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_streaming_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Streaming" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_system_count" + }, + "properties": [ + { + "id": "displayName", + "value": "System" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_unspecified_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unspecified" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_video_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Video" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_virt_assistant_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Virtual Assistant" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_voip_count" + }, + "properties": [ + { + "id": "displayName", + "value": "VoIP" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_vpn_count" + }, + "properties": [ + { + "id": "displayName", + "value": "VPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_web_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Web" + } + ] + } + ] + }, + "gridPos": { + "h": 27, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 10, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )", + "refId": "A" + } + ], + "title": "Category", + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_state_finished" + }, + "properties": [ + { + "id": "displayName", + "value": "Finished" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_state_info" + }, + "properties": [ + { + "id": "displayName", + "value": "Processing" + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 2, + "x": 12, + "y": 9 + }, + "id": 13, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )", + "refId": "A" + } + ], + "title": "State", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_confidence_by_ip" + }, + "properties": [ + { + "id": "displayName", + "value": "By IP" + }, + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_by_port" + }, + "properties": [ + { + "id": "displayName", + "value": "By Port" + }, + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI" + }, + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_aggressive" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Aggressive" + }, + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_cache" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Cache" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_partial" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Partial" + }, + { + "id": "color", + "value": { + "fixedColor": "light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_partial_cache" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Partial Cache" + }, + { + "id": "color", + "value": { + "fixedColor": "super-light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_nbpf" + }, + "properties": [ + { + "id": "displayName", + "value": "nBPF" + }, + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_unknown" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 10, + "x": 14, + "y": 11 + }, + "id": 14, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )", + "refId": "A" + } + ], + "title": "Confidence", + "type": "bargauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 2, + "x": 12, + "y": 20 + }, + "id": 18, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Total Risks", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_severity_critical" + }, + "properties": [ + { + "id": "displayName", + "value": "Critical" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_emergency" + }, + "properties": [ + { + "id": "displayName", + "value": "Emergency" + }, + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_high" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_low" + }, + "properties": [ + { + "id": "displayName", + "value": "Low" + }, + { + "id": "color", + "value": { + "fixedColor": "light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_medium" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_severe" + }, + "properties": [ + { + "id": "displayName", + "value": "Severe" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_unknown" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 12, + "x": 12, + "y": 25 + }, + "id": 11, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )", + "refId": "A" + } + ], + "title": "Risk Severity", + "type": "bargauge" + } + ], + "title": "Flow", + "type": "row" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 3 + }, + "id": 32, + "panels": [], + "title": "Risks", + "type": "row" + }, + { "datasource": { "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { @@ -47,19 +3383,15 @@ }, "mappings": [], "thresholds": { - "mode": "percentage", + "mode": "absolute", "steps": [ { "color": "green", "value": null }, { - "color": "#EAB839", - "value": 25 - }, - { - "color": "red", - "value": 50 + "color": "yellow", + "value": 1 } ] } @@ -68,1987 +3400,660 @@ { "matcher": { "id": "byName", - "options": "error_ip4_l4_payload_detection" + "options": "flow_risk_1_count" }, "properties": [ { "id": "displayName", - "value": "IPv4 L4 Failed" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "XSS Attack" } ] }, { "matcher": { "id": "byName", - "options": "error_ip4_packet_too_short" + "options": "flow_risk_2_count" }, "properties": [ { "id": "displayName", - "value": "IPv4 Packet Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "SQL Injection" } ] }, { "matcher": { "id": "byName", - "options": "error_ip4_size_smaller_than_header" + "options": "flow_risk_3_count" }, "properties": [ { "id": "displayName", - "value": "IPv4 Header Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "RCE Injection" } ] }, { "matcher": { "id": "byName", - "options": "error_ip6_l4_payload_detection" + "options": "flow_risk_4_count" }, "properties": [ { "id": "displayName", - "value": "IPv6 L4 Failed" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Binary App Transfer" } ] }, { "matcher": { "id": "byName", - "options": "error_ip6_packet_too_short" + "options": "flow_risk_5_count" }, "properties": [ { "id": "displayName", - "value": "IPv6 Packet Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Known Proto on Non Std Port" } ] }, { "matcher": { "id": "byName", - "options": "error_ip6_size_smaller_than_header" + "options": "flow_risk_6_count" }, "properties": [ { "id": "displayName", - "value": "IPv6 Header Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Self signed Cert" } ] }, { "matcher": { "id": "byName", - "options": "error_packet_header_invalid" + "options": "flow_risk_7_count" }, "properties": [ { "id": "displayName", - "value": "Packet Header Invalid" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Obsolete TLS v1.1 or older" } ] }, { "matcher": { "id": "byName", - "options": "error_packet_too_short" + "options": "flow_risk_8_count" }, "properties": [ { "id": "displayName", - "value": "Packet Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Weak TLS Cipher" } ] }, { "matcher": { "id": "byName", - "options": "error_packet_type_unknown" + "options": "flow_risk_9_count" }, "properties": [ { "id": "displayName", - "value": "Packet Type Unknown" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "TLS Cert Expired" } ] }, { "matcher": { "id": "byName", - "options": "error_tcp_packet_too_short" + "options": "flow_risk_10_count" }, "properties": [ { "id": "displayName", - "value": "TCP Packet Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "TLS Cert Mismatch" } ] }, { "matcher": { "id": "byName", - "options": "error_udp_packet_too_short" + "options": "flow_risk_11_count" }, "properties": [ { "id": "displayName", - "value": "UDP Packet Size" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "HTTP Suspicious User Agent" } ] }, { "matcher": { "id": "byName", - "options": "error_unknown_datalink" + "options": "flow_risk_12_count" }, "properties": [ { "id": "displayName", - "value": "Unknown Datalink" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "HTTP Numeric IP Address" } ] }, { "matcher": { "id": "byName", - "options": "error_unknown_l3_protocol" + "options": "flow_risk_13_count" }, "properties": [ { "id": "displayName", - "value": "Unknown L3 Protocol" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "HTTP Suspicious URL" } ] }, { "matcher": { "id": "byName", - "options": "error_unsupported_datalink" + "options": "flow_risk_14_count" }, "properties": [ { "id": "displayName", - "value": "Unsupported Datalink" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "HTTP Suspicious Header" } ] }, { "matcher": { "id": "byName", - "options": "flow_analyse_count" + "options": "flow_risk_15_count" }, "properties": [ { "id": "displayName", - "value": "Analyse" + "value": "TLS probably Not Carrying HTTPS" } ] }, { "matcher": { "id": "byName", - "options": "flow_detected_count" + "options": "flow_risk_16_count" }, "properties": [ { "id": "displayName", - "value": "Detections" + "value": "Suspicious DGA Domain name" } ] }, { "matcher": { "id": "byName", - "options": "flow_detection_update_count" + "options": "flow_risk_17_count" }, "properties": [ { "id": "displayName", - "value": "Detection Updates" + "value": "Malformed Packet" } ] }, { "matcher": { "id": "byName", - "options": "flow_end_count" + "options": "flow_risk_18_count" }, "properties": [ { "id": "displayName", - "value": "End" + "value": "SSH Obsolete Client Version/Cipher" } ] }, { "matcher": { "id": "byName", - "options": "flow_guessed_count" + "options": "flow_risk_19_count" }, "properties": [ { "id": "displayName", - "value": "Guessed" - }, - { - "id": "thresholds", - "value": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 5 - }, - { - "color": "red", - "value": 10 - } - ] - } - }, - { - "id": "color" + "value": "SSH Obsolete Server Version/Cipher" } ] }, { "matcher": { "id": "byName", - "options": "flow_idle_count" + "options": "flow_risk_20_count" }, "properties": [ { "id": "displayName", - "value": "Idle" + "value": "SMB Insecure Version" } ] }, { "matcher": { "id": "byName", - "options": "flow_new_count" + "options": "flow_risk_21_count" }, "properties": [ { "id": "displayName", - "value": "New" + "value": "TLS Suspicious ESNI Usage" } ] }, { "matcher": { "id": "byName", - "options": "flow_not_detected_count" + "options": "flow_risk_22_count" }, "properties": [ { "id": "displayName", - "value": "Not Detected" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } + "value": "Unsafe Protocol" } ] }, { "matcher": { "id": "byName", - "options": "flow_risky_count" + "options": "flow_risk_23_count" }, "properties": [ { "id": "displayName", - "value": "Risky" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Suspicious DNS Traffic" } ] }, { "matcher": { "id": "byName", - "options": "flow_update_count" + "options": "flow_risk_24_count" }, "properties": [ { "id": "displayName", - "value": "Updates" + "value": "Missing SNI TLS Extension" } ] }, { "matcher": { "id": "byName", - "options": "init_count" + "options": "flow_risk_25_count" }, "properties": [ { "id": "displayName", - "value": "Init" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "HTTP Suspicious Content" } ] }, { "matcher": { "id": "byName", - "options": "packet_count" + "options": "flow_risk_26_count" }, "properties": [ { "id": "displayName", - "value": "Packet" - }, - { - "id": "thresholds", - "value": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 25 - }, - { - "color": "red", - "value": 50 - } - ] - } - }, - { - "id": "color", - "value": { - "mode": "thresholds" - } + "value": "Risky ASN" } ] }, { "matcher": { "id": "byName", - "options": "packet_flow_count" + "options": "flow_risk_27_count" }, "properties": [ { "id": "displayName", - "value": "Packet Flow" + "value": "Risky Domain Name" } ] }, { "matcher": { "id": "byName", - "options": "reconnect_count" + "options": "flow_risk_28_count" }, "properties": [ { "id": "displayName", - "value": "Reconnect" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Malicious JA3 Fingerprint" } ] }, { "matcher": { "id": "byName", - "options": "shutdown_count" + "options": "flow_risk_29_count" }, "properties": [ { "id": "displayName", - "value": "Shutdown" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } + "value": "Malicious SSL Cert/SHA1 Fingerprint" } ] }, { "matcher": { "id": "byName", - "options": "status_count" + "options": "flow_risk_30_count" }, "properties": [ { "id": "displayName", - "value": "Status" + "value": "Desktop/File-Sharing" } ] - } - ] - }, - "gridPos": { - "h": 9, - "w": 15, - "x": 0, - "y": 1 - }, - "id": 20, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", - "refId": "A" - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 3, - "x": 15, - "y": 1 - }, - "id": 19, - "options": { - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", - "refId": "A" - } - ], - "type": "piechart" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 9, - "w": 3, - "x": 18, - "y": 1 - }, - "id": 28, - "options": { - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )", - "refId": "A" - } - ], - "type": "piechart" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 21, - "y": 1 - }, - "id": 27, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )", - "refId": "A" - } - ], - "title": "Packet", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" }, - "replaceFields": true - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ + "properties": [ { - "color": "green", - "value": null + "id": "displayName", + "value": "Uncommon TLS ALPN" } ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 21, - "y": 4 - }, - "id": 26, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )", - "refId": "A" - } - ], - "title": "Detection", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" }, - "replaceFields": true - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ + "properties": [ { - "color": "green", - "value": null + "id": "displayName", + "value": "TLS Cert Validity Too Long" } ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 21, - "y": 7 - }, - "id": 21, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", - "refId": "A" - } - ], - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "type": "stat" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "panels": [], - "title": "General", - "type": "row" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ + "properties": [ { - "color": "green", - "value": null + "id": "displayName", + "value": "TLS Suspicious Extension" } ] }, - "unit": "binBps" - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_dst_total_bytes" + "options": "flow_risk_34_count" }, "properties": [ { "id": "displayName", - "value": "Total Bytes Received" + "value": "TLS Fatal Alert" } ] }, { "matcher": { "id": "byName", - "options": "flow_src_total_bytes" + "options": "flow_risk_35_count" }, "properties": [ { "id": "displayName", - "value": "Total Bytes Transmitted" + "value": "Suspicious Entropy" } ] }, { "matcher": { "id": "byName", - "options": "json_bytes" + "options": "flow_risk_36_count" }, "properties": [ { "id": "displayName", - "value": "Total JSON Bytes" + "value": "Clear Text Credentials" } ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 15, - "x": 0, - "y": 11 - }, - "id": 1, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", - "refId": "A" - } - ], - "title": "Data Processed", - "type": "timeseries" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } }, - "mappings": [], - "unit": "bytes" - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_dst_total_bytes" + "options": "flow_risk_37_count" }, "properties": [ { "id": "displayName", - "value": "Total Bytes Received" + "value": "Large DNS Packet" } ] }, { "matcher": { "id": "byName", - "options": "flow_src_total_bytes" + "options": "flow_risk_38_count" }, "properties": [ { "id": "displayName", - "value": "Total Bytes Transmitted" + "value": "Fragmented DNS Message" } ] }, { "matcher": { "id": "byName", - "options": "json_bytes" + "options": "flow_risk_39_count" }, "properties": [ { "id": "displayName", - "value": "Total JSON Bytes" + "value": "Text With Non Printable Chars" } ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 3, - "x": 15, - "y": 11 - }, - "id": 3, - "options": { - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", - "refId": "A" - } - ], - "type": "piechart" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binBps" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 18, - "y": 11 - }, - "id": 24, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )", - "refId": "A" - } - ], - "title": "Bytes Transmitted", - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 21, - "y": 11 - }, - "id": 7, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )", - "refId": "A" - } - ], - "title": "JSON Lines", - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binBps" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 18, - "y": 15 - }, - "id": 25, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )", - "refId": "A" - } - ], - "title": "Bytes Received", - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "binBps" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 3, - "x": 21, - "y": 15 - }, - "id": 23, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )", - "refId": "A" - } - ], - "title": "Total Bytes", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "type": "stat" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 6, - "panels": [], - "title": "Flow", - "type": "row" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_breed_acceptable_count" + "options": "flow_risk_40_count" }, "properties": [ { "id": "displayName", - "value": "Acceptable" + "value": "Possible Exploit" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_dangerous_count" + "options": "flow_risk_41_count" }, "properties": [ { "id": "displayName", - "value": "Dangerous" + "value": "TLS Cert About To Expire" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_fun_count" + "options": "flow_risk_42_count" }, "properties": [ { "id": "displayName", - "value": "Fun" + "value": "IDN Domain Name" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_potentially_dangerous_count" + "options": "flow_risk_43_count" }, "properties": [ { "id": "displayName", - "value": "Potentially Dangerous" + "value": "Error Code" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_safe_count" + "options": "flow_risk_44_count" }, "properties": [ { "id": "displayName", - "value": "Safe" + "value": "Crawler/Bot" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_tracker_ads_count" + "options": "flow_risk_45_count" }, "properties": [ { "id": "displayName", - "value": "Tracker/Ads" + "value": "Anonymous Subscriber" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_unknown_count" + "options": "flow_risk_46_count" }, "properties": [ { "id": "displayName", - "value": "Unknown" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } + "value": "Unidirectional Traffic" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_unrated_count" + "options": "flow_risk_47_count" }, "properties": [ { "id": "displayName", - "value": "Unrated" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } + "value": "HTTP Obsolete Server" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_unsafe_count" + "options": "flow_risk_48_count" }, "properties": [ { "id": "displayName", - "value": "Unsafe" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Periodic Flow" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_dangerous_count" + "options": "flow_risk_49_count" }, "properties": [ { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "dark-red", - "value": 1 - } - ] - } + "id": "displayName", + "value": "Minor Issues" } ] }, { "matcher": { "id": "byName", - "options": "flow_breed_potentially_dangerous_count" + "options": "flow_risk_50_count" }, "properties": [ { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "dark-orange", - "value": 1 - } - ] - } + "id": "displayName", + "value": "TCP Connection Issues" } ] - } - ] - }, - "gridPos": { - "h": 6, - "w": 12, - "x": 0, - "y": 20 - }, - "id": 4, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": false - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", - "refId": "A" - } - ], - "title": "Breed", - "type": "gauge" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_active_count" + "options": "flow_risk_51_count" }, "properties": [ { "id": "displayName", - "value": "Active Flows" + "value": "Fully Encrypted" } ] - } - ] - }, - "gridPos": { - "h": 6, - "w": 2, - "x": 12, - "y": 20 - }, - "id": 8, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", - "refId": "A" - } - ], - "title": "Active", - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_guessed_count" + "options": "flow_risk_52_count" }, "properties": [ { "id": "displayName", - "value": "Guessed" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } + "value": "Invalid ALPN/SNI combination" } ] }, { "matcher": { "id": "byName", - "options": "flow_not_detected_count" + "options": "flow_risk_53_count" }, "properties": [ { "id": "displayName", - "value": "Not Detected" - }, - { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } + "value": "Malware Host Contacted" } ] }, { "matcher": { "id": "byName", - "options": "flow_detected_count" + "options": "flow_risk_unknown_count" }, "properties": [ { "id": "displayName", - "value": "Detected" + "value": "Unknown Risk" } ] } ] }, "gridPos": { - "h": 8, - "w": 10, - "x": 14, - "y": 20 + "h": 24, + "w": 24, + "x": 0, + "y": 4 }, - "id": 9, + "id": 12, "options": { "minVizHeight": 75, "minVizWidth": 75, @@ -2068,36 +4073,68 @@ { "datasource": { "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + "uid": "${DS_INFLUXDB}" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", "refId": "A" } ], - "title": "Detection", + "title": "Risk", "type": "gauge" }, { "datasource": { "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { - "mode": "thresholds" + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } }, "mappings": [], "thresholds": { - "mode": "percentage", + "mode": "absolute", "steps": [ { "color": "green", "value": null }, { - "color": "#EAB839", - "value": 80 + "color": "yellow", + "value": 1 } ] } @@ -2106,1780 +4143,2032 @@ { "matcher": { "id": "byName", - "options": "flow_category_adult_content_count" + "options": "flow_risk_1_count" }, "properties": [ { "id": "displayName", - "value": "Adult Content" + "value": "XSS Attack" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_advertisment_count" + "options": "flow_risk_2_count" }, "properties": [ { "id": "displayName", - "value": "Advertisment" + "value": "SQL Injection" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_allowed_site_count" + "options": "flow_risk_3_count" }, "properties": [ { "id": "displayName", - "value": "Allowed Site" + "value": "RCE Injection" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_antimalware_count" + "options": "flow_risk_4_count" }, "properties": [ { "id": "displayName", - "value": "Anti Malware" + "value": "Binary App Transfer" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_banned_site_count" + "options": "flow_risk_5_count" }, "properties": [ { "id": "displayName", - "value": "Banned Site" + "value": "Known Proto on Non Std Port" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_chat_count" + "options": "flow_risk_6_count" }, "properties": [ { "id": "displayName", - "value": "Chat" + "value": "Self signed Cert" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_cloud_count" + "options": "flow_risk_7_count" }, "properties": [ { "id": "displayName", - "value": "Cloud" + "value": "Obsolete TLS v1.1 or older" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_collaborative_count" + "options": "flow_risk_8_count" }, "properties": [ { "id": "displayName", - "value": "Collaborative" + "value": "Weak TLS Cipher" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_conn_check_count" + "options": "flow_risk_9_count" }, "properties": [ { "id": "displayName", - "value": "Connection Check" + "value": "TLS Cert Expired" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_crypto_currency_count" + "options": "flow_risk_10_count" }, "properties": [ { "id": "displayName", - "value": "Crypto Currency" + "value": "TLS Cert Mismatch" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_cybersecurity_count" + "options": "flow_risk_11_count" }, "properties": [ { "id": "displayName", - "value": "Cybersecurity" + "value": "HTTP Suspicious User Agent" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_data_transfer_count" + "options": "flow_risk_12_count" }, "properties": [ { "id": "displayName", - "value": "Data Transfer" + "value": "HTTP Numeric IP Address" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_database_count" + "options": "flow_risk_13_count" }, "properties": [ { "id": "displayName", - "value": "Database" + "value": "HTTP Suspicious URL" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_download_count" + "options": "flow_risk_14_count" }, "properties": [ { "id": "displayName", - "value": "Download" + "value": "HTTP Suspicious Header" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_email_count" + "options": "flow_risk_15_count" }, "properties": [ { "id": "displayName", - "value": "E-Mail" + "value": "TLS probably Not Carrying HTTPS" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_file_sharing_count" + "options": "flow_risk_16_count" }, "properties": [ { "id": "displayName", - "value": "File Sharing" + "value": "Suspicious DGA Domain name" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_gambling_count" + "options": "flow_risk_17_count" }, "properties": [ { "id": "displayName", - "value": "Gambling" + "value": "Malformed Packet" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_game_count" + "options": "flow_risk_18_count" }, "properties": [ { "id": "displayName", - "value": "Game" + "value": "SSH Obsolete Client Version/Cipher" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_iot_scada_count" + "options": "flow_risk_19_count" }, "properties": [ { "id": "displayName", - "value": "IoT/Scada" + "value": "SSH Obsolete Server Version/Cipher" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_malware_count" + "options": "flow_risk_20_count" }, "properties": [ { "id": "displayName", - "value": "Malware" + "value": "SMB Insecure Version" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_media_count" + "options": "flow_risk_21_count" }, "properties": [ { "id": "displayName", - "value": "Media" + "value": "TLS Suspicious ESNI Usage" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_mining_count" + "options": "flow_risk_22_count" }, "properties": [ { "id": "displayName", - "value": "Mining" + "value": "Unsafe Protocol" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_music_count" + "options": "flow_risk_23_count" }, "properties": [ { "id": "displayName", - "value": "Music" + "value": "Suspicious DNS Traffic" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_network_count" + "options": "flow_risk_24_count" }, "properties": [ { "id": "displayName", - "value": "Network" + "value": "Missing SNI TLS Extension" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_productivity_count" + "options": "flow_risk_25_count" }, "properties": [ { "id": "displayName", - "value": "Productivity" + "value": "HTTP Suspicious Content" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_remote_access_count" + "options": "flow_risk_26_count" }, "properties": [ { "id": "displayName", - "value": "Remote Access" + "value": "Risky ASN" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_rpc_count" + "options": "flow_risk_27_count" }, "properties": [ { "id": "displayName", - "value": "RPC" + "value": "Risky Domain Name" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_shopping_count" + "options": "flow_risk_28_count" }, "properties": [ { "id": "displayName", - "value": "Shopping" + "value": "Malicious JA3 Fingerprint" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_site_unavail_count" + "options": "flow_risk_29_count" }, "properties": [ { "id": "displayName", - "value": "Site Unavailable" + "value": "Malicious SSL Cert/SHA1 Fingerprint" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_social_network_count" + "options": "flow_risk_30_count" }, "properties": [ { "id": "displayName", - "value": "Social Network" + "value": "Desktop/File-Sharing" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_software_update_count" + "options": "flow_risk_31_count" }, "properties": [ { "id": "displayName", - "value": "Software Update" + "value": "Uncommon TLS ALPN" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_streaming_count" + "options": "flow_risk_32_count" }, "properties": [ { "id": "displayName", - "value": "Streaming" + "value": "TLS Cert Validity Too Long" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_system_count" + "options": "flow_risk_33_count" }, "properties": [ { "id": "displayName", - "value": "System" + "value": "TLS Suspicious Extension" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_unknown_count" + "options": "flow_risk_34_count" }, "properties": [ { "id": "displayName", - "value": "Unknown" + "value": "TLS Fatal Alert" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_unspecified_count" + "options": "flow_risk_35_count" }, "properties": [ { "id": "displayName", - "value": "Unspecified" + "value": "Suspicious Entropy" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_video_count" + "options": "flow_risk_36_count" }, "properties": [ { "id": "displayName", - "value": "Video" + "value": "Clear Text Credentials" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_virt_assistant_count" + "options": "flow_risk_37_count" }, "properties": [ { "id": "displayName", - "value": "Virtual Assistant" + "value": "Large DNS Packet" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_voip_count" + "options": "flow_risk_38_count" }, "properties": [ { "id": "displayName", - "value": "VoIP" + "value": "Fragmented DNS Message" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_vpn_count" + "options": "flow_risk_39_count" }, "properties": [ { "id": "displayName", - "value": "VPN" + "value": "Text With Non Printable Chars" } ] }, { "matcher": { "id": "byName", - "options": "flow_category_web_count" + "options": "flow_risk_40_count" }, "properties": [ { "id": "displayName", - "value": "Web" + "value": "Possible Exploit" } ] - } - ] - }, - "gridPos": { - "h": 13, - "w": 12, - "x": 0, - "y": 26 - }, - "id": 10, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": false - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )", - "refId": "A" - } - ], - "title": "Category", - "type": "gauge" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_state_finished" + "options": "flow_risk_41_count" }, "properties": [ { "id": "displayName", - "value": "Finished" + "value": "TLS Cert About To Expire" } ] }, { "matcher": { "id": "byName", - "options": "flow_state_info" + "options": "flow_risk_42_count" }, "properties": [ { "id": "displayName", - "value": "Processing" - } - ] - } - ] - }, - "gridPos": { - "h": 11, - "w": 2, - "x": 12, - "y": 26 - }, - "id": 13, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )", - "refId": "A" - } - ], - "title": "State", - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_confidence_by_ip" - }, - "properties": [ - { - "id": "displayName", - "value": "By IP" - }, - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_confidence_by_port" - }, - "properties": [ - { - "id": "displayName", - "value": "By Port" - }, - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_confidence_dpi" - }, - "properties": [ - { - "id": "displayName", - "value": "DPI" - }, - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } + "value": "IDN Domain Name" } ] }, { "matcher": { "id": "byName", - "options": "flow_confidence_dpi_aggressive" + "options": "flow_risk_43_count" }, "properties": [ { "id": "displayName", - "value": "DPI Aggressive" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } + "value": "Error Code" } ] }, { "matcher": { "id": "byName", - "options": "flow_confidence_dpi_cache" + "options": "flow_risk_44_count" }, "properties": [ { "id": "displayName", - "value": "DPI Cache" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-green", - "mode": "fixed" - } + "value": "Crawler/Bot" } ] }, { "matcher": { "id": "byName", - "options": "flow_confidence_dpi_partial" + "options": "flow_risk_45_count" }, "properties": [ { "id": "displayName", - "value": "DPI Partial" - }, - { - "id": "color", - "value": { - "fixedColor": "light-green", - "mode": "fixed" - } + "value": "Anonymous Subscriber" } ] }, { "matcher": { "id": "byName", - "options": "flow_confidence_dpi_partial_cache" + "options": "flow_risk_46_count" }, "properties": [ { "id": "displayName", - "value": "DPI Partial Cache" - }, - { - "id": "color", - "value": { - "fixedColor": "super-light-green", - "mode": "fixed" - } + "value": "Unidirectional Traffic" } ] }, { "matcher": { "id": "byName", - "options": "flow_confidence_nbpf" + "options": "flow_risk_47_count" }, "properties": [ { "id": "displayName", - "value": "nBPF" - }, - { - "id": "color", - "value": { - "fixedColor": "blue", - "mode": "fixed" - } + "value": "HTTP Obsolete Server" } ] }, { "matcher": { "id": "byName", - "options": "flow_confidence_unknown" + "options": "flow_risk_48_count" }, "properties": [ { "id": "displayName", - "value": "Unknown" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 14, - "w": 10, - "x": 14, - "y": 28 - }, - "id": 14, - "options": { - "displayMode": "gradient", - "minVizHeight": 10, - "minVizWidth": 0, - "namePlacement": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showUnfilled": true, - "valueMode": "color" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )", - "refId": "A" - } - ], - "title": "Confidence", - "type": "bargauge" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null + "value": "Periodic Flow" } ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 2, - "x": 12, - "y": 37 - }, - "id": 18, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", - "refId": "A" - } - ], - "title": "Total Risks", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 14, - "w": 12, - "x": 0, - "y": 39 - }, - "id": 12, - "options": { - "minVizHeight": 75, - "minVizWidth": 75, - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showThresholdLabels": false, - "showThresholdMarkers": false - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", - "refId": "A" - } - ], - "title": "Risk", - "type": "gauge" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ { "matcher": { "id": "byName", - "options": "flow_severity_critical" + "options": "flow_risk_49_count" }, "properties": [ { "id": "displayName", - "value": "Critical" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } + "value": "Minor Issues" } ] }, { "matcher": { "id": "byName", - "options": "flow_severity_emergency" + "options": "flow_risk_50_count" }, "properties": [ { "id": "displayName", - "value": "Emergency" - }, - { - "id": "color", - "value": { - "fixedColor": "red", - "mode": "fixed" - } + "value": "TCP Connection Issues" } ] }, { "matcher": { "id": "byName", - "options": "flow_severity_high" + "options": "flow_risk_51_count" }, "properties": [ { "id": "displayName", - "value": "High" - }, - { - "id": "color", - "value": { - "fixedColor": "yellow", - "mode": "fixed" - } + "value": "Fully Encrypted" } ] }, { "matcher": { "id": "byName", - "options": "flow_severity_low" + "options": "flow_risk_52_count" }, "properties": [ { "id": "displayName", - "value": "Low" - }, - { - "id": "color", - "value": { - "fixedColor": "light-green", - "mode": "fixed" - } + "value": "Invalid ALPN/SNI combination" } ] }, { "matcher": { "id": "byName", - "options": "flow_severity_medium" + "options": "flow_risk_53_count" }, "properties": [ { "id": "displayName", - "value": "Medium" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-green", - "mode": "fixed" - } + "value": "Malware Host Contacted" } ] }, { "matcher": { "id": "byName", - "options": "flow_severity_severe" + "options": "flow_risk_unknown_count" }, "properties": [ { "id": "displayName", - "value": "Severe" - }, - { - "id": "color", - "value": { - "fixedColor": "dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_severity_unknown" - }, - "properties": [ - { - "id": "displayName", - "value": "Unknown" - }, - { - "id": "color", - "value": { - "mode": "fixed" - } + "value": "Unknown Risk" } ] } ] }, "gridPos": { - "h": 11, - "w": 12, - "x": 12, - "y": 42 + "h": 10, + "w": 24, + "x": 0, + "y": 28 }, - "id": 11, + "id": 34, "options": { - "displayMode": "gradient", - "minVizHeight": 10, - "minVizWidth": 0, - "namePlacement": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false }, - "showUnfilled": true, - "valueMode": "color" + "tooltip": { + "mode": "single", + "sort": "none" + } }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + "uid": "${DS_INFLUXDB}" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )", + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", "refId": "A" } ], - "title": "Risk Severity", - "type": "bargauge" + "title": "Risk", + "type": "timeseries" }, { - "collapsed": false, + "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 53 + "y": 38 }, "id": 29, - "panels": [], - "title": "Flow (Simplified / Historic)", - "type": "row" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "log": 2, - "type": "log" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } + "panels": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/flow_breed_.*/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": true + } + } + ] + }, { - "color": "green", - "value": null + "matcher": { + "id": "byName", + "options": "Legit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] }, { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/flow_breed_.*/" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "Caution Advised" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, { - "id": "custom.hideFrom", - "value": { - "legend": true, - "tooltip": true, - "viz": true - } + "matcher": { + "id": "byName", + "options": "Dont Know" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] } ] }, - { - "matcher": { - "id": "byName", - "options": "Legit" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 29 }, - { - "matcher": { - "id": "byName", - "options": "Caution Advised" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "red", - "mode": "fixed" + "id": 30, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", + "refId": "A" + } + ], + "title": "Breed", + "transformations": [ + { + "id": "calculateField", + "options": { + "alias": "Caution Advised", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_potentially_dangerous_count breed", + "flow_breed_unsafe_count breed", + "flow_breed_dangerous_count breed" + ], + "reducer": "sum" + }, + "replaceFields": false + } + }, + { + "id": "calculateField", + "options": { + "alias": "Legit", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_acceptable_count breed", + "flow_breed_fun_count breed", + "flow_breed_safe_count breed" + ], + "reducer": "sum" } } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Dont Know" }, - "properties": [ - { - "id": "color", - "value": { - "mode": "fixed" + { + "id": "calculateField", + "options": { + "alias": "Dont Know", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_unrated_count breed", + "flow_breed_unknown_count breed" + ], + "reducer": "sum" } } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 54 - }, - "id": 30, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true + } + ], + "type": "timeseries" }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ { "datasource": { "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + "uid": "${DS_INFLUXDB}" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", - "refId": "A" - } - ], - "title": "Breed", - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "Caution Advised", - "mode": "reduceRow", - "reduce": { - "include": [ - "flow_breed_potentially_dangerous_count breed", - "flow_breed_unsafe_count breed", - "flow_breed_dangerous_count breed" - ], - "reducer": "sum" - }, - "replaceFields": false - } - }, - { - "id": "calculateField", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineWidth": 1 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detected" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 29 + }, + "id": 31, "options": { - "alias": "Legit", - "mode": "reduceRow", - "reduce": { - "include": [ - "flow_breed_acceptable_count breed", - "flow_breed_fun_count breed", - "flow_breed_safe_count breed" - ], - "reducer": "sum" + "colWidth": 0.9, + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" } - } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "type": "status-history" }, { - "id": "calculateField", - "options": { - "alias": "Dont Know", - "mode": "reduceRow", - "reduce": { - "include": [ - "flow_breed_unrated_count breed", - "flow_breed_unknown_count breed" - ], - "reducer": "sum" - } - } - } - ], - "type": "timeseries" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "fillOpacity": 70, - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineWidth": 1 + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineWidth": 0, + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ + { + "id": "displayName", + "value": "XSS Attack" + } + ] + }, { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_detected_count" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SQL Injection" + } + ] + }, { - "id": "displayName", - "value": "Detected" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_guessed_count" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RCE Injection" + } + ] + }, { - "id": "displayName", - "value": "Guessed" + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary App Transfer" + } + ] }, { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "yellow", - "value": 1 - } - ] - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_not_detected_count" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, { - "id": "displayName", - "value": "Not Detected" + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Self signed Cert" + } + ] }, { - "id": "thresholds", - "value": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - } + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious JA3 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fully Encrypted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] } ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 54 - }, - "id": 31, - "options": { - "colWidth": 0.9, - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "rowHeight": 0.9, - "showValue": "auto", - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "10.2.0", - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", - "refId": "A" + "gridPos": { + "h": 24, + "w": 24, + "x": 0, + "y": 37 + }, + "id": 33, + "options": { + "alignValue": "left", + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "mergeValues": true, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Risk", + "type": "state-timeline" } ], - "title": "Detection", - "type": "status-history" + "title": "Flow (Simplified / Historic)", + "type": "row" }, { - "collapsed": false, + "collapsed": true, "gridPos": { "h": 1, "w": 24, "x": 0, - "y": 62 + "y": 39 }, "id": 15, - "panels": [], - "title": "Layer3 / Layer4", - "type": "row" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } + "panels": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_l3_ip4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4" + } + ] + }, { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_l3_ip4_count" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "flow_l3_ip6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6" + } + ] + }, { - "id": "displayName", - "value": "IPv4" + "matcher": { + "id": "byName", + "options": "flow_l3_other_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Other" + } + ] } ] }, - { - "matcher": { - "id": "byName", - "options": "flow_l3_ip6_count" - }, - "properties": [ - { - "id": "displayName", - "value": "IPv6" - } - ] + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 5 }, - { - "matcher": { - "id": "byName", - "options": "flow_l3_other_count" - }, - "properties": [ - { - "id": "displayName", - "value": "Other" - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 63 - }, - "id": 16, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )", + "refId": "A" + } + ], + "title": "Layer3", + "type": "timeseries" }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ { "datasource": { "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )", - "refId": "A" - } - ], - "title": "Layer3", - "type": "timeseries" - }, - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" + "uid": "${DS_INFLUXDB}" }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "percentage", - "steps": [ + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_l4_icmp_count" + }, + "properties": [ + { + "id": "displayName", + "value": "ICMP" + } + ] + }, { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "flow_l4_icmp_count" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "flow_l4_other_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Other" + } + ] + }, { - "id": "displayName", - "value": "ICMP" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "flow_l4_other_count" - }, - "properties": [ + "matcher": { + "id": "byName", + "options": "flow_l4_tcp_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP" + } + ] + }, { - "id": "displayName", - "value": "Other" + "matcher": { + "id": "byName", + "options": "flow_l4_udp_count" + }, + "properties": [ + { + "id": "displayName", + "value": "UDP" + } + ] } ] }, - { - "matcher": { - "id": "byName", - "options": "flow_l4_tcp_count" - }, - "properties": [ - { - "id": "displayName", - "value": "TCP" - } - ] + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 5 }, - { - "matcher": { - "id": "byName", - "options": "flow_l4_udp_count" - }, - "properties": [ - { - "id": "displayName", - "value": "UDP" - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 63 - }, - "id": 17, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "influxdb", - "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } }, - "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )", - "refId": "A" + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )", + "refId": "A" + } + ], + "title": "Layer4", + "type": "timeseries" } ], - "title": "Layer4", - "type": "timeseries" + "title": "Layer3 / Layer4", + "type": "row" } ], "refresh": "10s", @@ -3890,20 +6179,32 @@ { "hide": 2, "name": "ndpid_db_name", - "query": "ndpi-daemon", + "query": "${VAR_NDPID_DB_NAME}", "skipUrlSync": false, - "type": "constant" + "type": "constant", + "current": { + "value": "${VAR_NDPID_DB_NAME}", + "text": "${VAR_NDPID_DB_NAME}", + "selected": false + }, + "options": [ + { + "value": "${VAR_NDPID_DB_NAME}", + "text": "${VAR_NDPID_DB_NAME}", + "selected": false + } + ] } ] }, "time": { - "from": "now-30m", + "from": "now-15m", "to": "now" }, "timepicker": {}, "timezone": "", "title": "nDPId", "uid": "e57b37c0-d0ba-4f50-9b2d-f83e71ae8c27", - "version": 74, + "version": 85, "weekStart": "" }
\ No newline at end of file |