aboutsummaryrefslogtreecommitdiff
path: root/examples/c-influxd
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2024-02-08 00:58:40 +0100
committerToni Uhlig <matzeton@googlemail.com>2024-02-08 01:01:35 +0100
commit8949ba39e63cd7eeb279f20a74db834d02de1bc1 (patch)
tree0ffad9bbf6d4d37d33adcdd4a875f0b0c9307884 /examples/c-influxd
parentea968180a23d48edc121215359277e418b476487 (diff)
Added test mode for influx push daemon.
* required for regression testing * added new confidence value (match by custom rule) * updated / tweaked grafana exported dashboard Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'examples/c-influxd')
-rw-r--r--examples/c-influxd/c-influxd.c86
-rw-r--r--examples/c-influxd/grafana-dashboard-simple.json6141
2 files changed, 3148 insertions, 3079 deletions
diff --git a/examples/c-influxd/c-influxd.c b/examples/c-influxd/c-influxd.c
index 70b23447a..ed6f2e99e 100644
--- a/examples/c-influxd/c-influxd.c
+++ b/examples/c-influxd/c-influxd.c
@@ -21,6 +21,7 @@ static char * pidfile = NULL;
static char * serv_optarg = NULL;
static char * user = NULL;
static char * group = NULL;
+static int test_mode = 0;
static char * influxdb_interval = NULL;
static nDPIsrvd_ull influxdb_interval_ull = 0uL;
static char * influxdb_url = NULL;
@@ -179,6 +180,7 @@ static struct
uint64_t flow_confidence_nbpf;
uint64_t flow_confidence_by_ip;
uint64_t flow_confidence_dpi_aggressive;
+ uint64_t flow_confidence_custom_rule;
uint64_t flow_confidence_unknown;
uint64_t flow_severity_low;
@@ -337,6 +339,7 @@ static struct global_map const confidence_map[] = {
{"nBPF", INFLUXD_STATS_GAUGE_PTR(flow_confidence_nbpf)},
{"Match by IP", INFLUXD_STATS_GAUGE_PTR(flow_confidence_by_ip)},
{"DPI (aggressive)", INFLUXD_STATS_GAUGE_PTR(flow_confidence_dpi_aggressive)},
+ {"Match by custom rule", INFLUXD_STATS_GAUGE_PTR(flow_confidence_custom_rule)},
{NULL, INFLUXD_STATS_GAUGE_PTR(flow_confidence_unknown)}};
static struct global_map const severity_map[] = {{"Low", INFLUXD_STATS_GAUGE_PTR(flow_severity_low)},
@@ -509,7 +512,7 @@ static int serialize_influx_line(char * buf, size_t siz)
bytes = snprintf(buf,
siz,
"%s " INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT()
- INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT_END(),
+ INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT() INFLUXDB_FORMAT_END(),
"confidence",
INFLUXDB_VALUE_GAUGE(flow_confidence_by_port),
INFLUXDB_VALUE_GAUGE(flow_confidence_dpi_partial),
@@ -519,6 +522,7 @@ static int serialize_influx_line(char * buf, size_t siz)
INFLUXDB_VALUE_GAUGE(flow_confidence_nbpf),
INFLUXDB_VALUE_GAUGE(flow_confidence_by_ip),
INFLUXDB_VALUE_GAUGE(flow_confidence_dpi_aggressive),
+ INFLUXDB_VALUE_GAUGE(flow_confidence_custom_rule),
INFLUXDB_VALUE_GAUGE(flow_confidence_unknown));
CHECK_SNPRINTF_RET(bytes);
@@ -644,6 +648,7 @@ failure:
INFLUXD_STATS_GAUGE_SUB(flow_confidence_nbpf);
INFLUXD_STATS_GAUGE_SUB(flow_confidence_by_ip);
INFLUXD_STATS_GAUGE_SUB(flow_confidence_dpi_aggressive);
+ INFLUXD_STATS_GAUGE_SUB(flow_confidence_custom_rule);
INFLUXD_STATS_GAUGE_SUB(flow_confidence_unknown);
INFLUXD_STATS_GAUGE_SUB(flow_severity_low);
@@ -1409,7 +1414,21 @@ static int mainloop(int epollfd, struct nDPIsrvd_socket * const sock)
return 1;
}
- start_influxdb_thread();
+ if (test_mode == 0)
+ {
+ start_influxdb_thread();
+ }
+ else
+ {
+ char stdout_buffer[BUFSIZ];
+
+ if (serialize_influx_line(stdout_buffer, sizeof(stdout_buffer)) != 0)
+ {
+ logger(1, "%s", "Could not serialize influx buffer");
+ return 1;
+ }
+ printf("%s", stdout_buffer);
+ }
}
else if (events[i].data.fd == sock->fd)
{
@@ -1449,12 +1468,13 @@ static int parse_options(int argc, char ** argv, struct nDPIsrvd_socket * const
"\t-u\tChange user.\n"
"\t-g\tChange group.\n"
"\t-i\tInterval between pushing statistics to an influxdb endpoint.\n"
+ "\t-t\tTest mode: Ignores `-U' / `-T' and prints stats to stdout.\n"
"\t-U\tInfluxDB URL.\n"
"\t \tExample: http://127.0.0.1:8086/write?db=ndpi-daemon\n"
"\t-T\tInfluxDB access token.\n"
"\t \tNot recommended, use environment variable INFLUXDB_AUTH_TOKEN instead.\n";
- while ((opt = getopt(argc, argv, "hcdp:s:u:g:i:U:T:")) != -1)
+ while ((opt = getopt(argc, argv, "hcdp:s:u:g:i:tU:T:")) != -1)
{
switch (opt)
{
@@ -1484,6 +1504,9 @@ static int parse_options(int argc, char ** argv, struct nDPIsrvd_socket * const
free(influxdb_interval);
influxdb_interval = strdup(optarg);
break;
+ case 't':
+ test_mode = 1;
+ break;
case 'U':
free(influxdb_url);
influxdb_url = strdup(optarg);
@@ -1498,6 +1521,15 @@ static int parse_options(int argc, char ** argv, struct nDPIsrvd_socket * const
}
}
+ if (test_mode != 0)
+ {
+ logger_early(1, "%s", "Test mode enabled: ignoring `-U' / `-T' command line parameters");
+ free(influxdb_url);
+ free(influxdb_token);
+ influxdb_url = NULL;
+ influxdb_token = NULL;
+ }
+
if (serv_optarg == NULL)
{
serv_optarg = strdup(DISTRIBUTOR_UNIX_SOCKET);
@@ -1514,20 +1546,23 @@ static int parse_options(int argc, char ** argv, struct nDPIsrvd_socket * const
return 1;
}
- if (influxdb_url == NULL)
+ if (test_mode == 0)
{
- logger_early(1, "%s", "Missing InfluxDB URL.");
- return 1;
- }
+ if (influxdb_url == NULL)
+ {
+ logger_early(1, "%s", "Missing InfluxDB URL.");
+ return 1;
+ }
- if (influxdb_token == NULL && getenv("INFLUXDB_AUTH_TOKEN") != NULL)
- {
- influxdb_token = strdup(getenv("INFLUXDB_AUTH_TOKEN"));
- }
- if (influxdb_token == NULL)
- {
- logger_early(1, "%s", "Missing InfluxDB authentication token.");
- return 1;
+ if (influxdb_token == NULL && getenv("INFLUXDB_AUTH_TOKEN") != NULL)
+ {
+ influxdb_token = strdup(getenv("INFLUXDB_AUTH_TOKEN"));
+ }
+ if (influxdb_token == NULL)
+ {
+ logger_early(1, "%s", "Missing InfluxDB authentication token.");
+ return 1;
+ }
}
if (nDPIsrvd_setup_address(&sock->address, serv_optarg) != 0)
@@ -1656,13 +1691,30 @@ int main(int argc, char ** argv)
}
}
- curl_global_init(CURL_GLOBAL_ALL);
+ if (test_mode == 0)
+ {
+ curl_global_init(CURL_GLOBAL_ALL);
+ }
logger_early(0, "%s", "Initialization succeeded.");
retval = mainloop(epollfd, sock);
logger_early(0, "%s", "Bye.");
- curl_global_cleanup();
+ if (test_mode == 0)
+ {
+ curl_global_cleanup();
+ }
+ else
+ {
+ char stdout_buffer[BUFSIZ];
+
+ if (serialize_influx_line(stdout_buffer, sizeof(stdout_buffer)) != 0)
+ {
+ logger(1, "%s", "Could not serialize influx buffer");
+ return 1;
+ }
+ printf("%s", stdout_buffer);
+ }
failure:
nDPIsrvd_socket_free(&sock);
close(influxd_timerfd);
diff --git a/examples/c-influxd/grafana-dashboard-simple.json b/examples/c-influxd/grafana-dashboard-simple.json
index 78f8c8d6e..6b04e37a8 100644
--- a/examples/c-influxd/grafana-dashboard-simple.json
+++ b/examples/c-influxd/grafana-dashboard-simple.json
@@ -89,7 +89,7 @@
}
]
},
- "editable": true,
+ "editable": false,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
@@ -97,7 +97,7 @@
"liveNow": false,
"panels": [
{
- "collapsed": true,
+ "collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
@@ -105,1683 +105,1681 @@
"y": 0
},
"id": 22,
- "panels": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
+ "panels": [],
+ "title": "Events",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
},
- "mappings": [],
- "thresholds": {
- "mode": "percentage",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "#EAB839",
- "value": 25
- },
- {
- "color": "red",
- "value": 50
- }
- ]
+ {
+ "color": "#EAB839",
+ "value": 25
+ },
+ {
+ "color": "red",
+ "value": 50
}
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip4_l4_payload_detection"
},
- "overrides": [
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_ip4_l4_payload_detection"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv4 L4 Failed"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "IPv4 L4 Failed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip4_packet_too_short"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_ip4_packet_too_short"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv4 Packet Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "IPv4 Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip4_size_smaller_than_header"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_ip4_size_smaller_than_header"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv4 Header Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "IPv4 Header Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip6_l4_payload_detection"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_ip6_l4_payload_detection"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv6 L4 Failed"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "IPv6 L4 Failed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip6_packet_too_short"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_ip6_packet_too_short"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv6 Packet Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "IPv6 Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip6_size_smaller_than_header"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_ip6_size_smaller_than_header"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv6 Header Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "IPv6 Header Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_packet_header_invalid"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_packet_header_invalid"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Packet Header Invalid"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Packet Header Invalid"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_packet_too_short"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_packet_too_short"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Packet Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_packet_type_unknown"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_packet_type_unknown"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Packet Type Unknown"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Packet Type Unknown"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_tcp_packet_too_short"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_tcp_packet_too_short"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "TCP Packet Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "TCP Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_udp_packet_too_short"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_udp_packet_too_short"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "UDP Packet Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "UDP Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_unknown_datalink"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_unknown_datalink"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Unknown Datalink"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Unknown Datalink"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_unknown_l3_protocol"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_unknown_l3_protocol"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Unknown L3 Protocol"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Unknown L3 Protocol"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_unsupported_datalink"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_unsupported_datalink"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Unsupported Datalink"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Unsupported Datalink"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_analyse_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_analyse_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Analyse"
- }
- ]
- },
+ "id": "displayName",
+ "value": "Analyse"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_detected_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_detected_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Detections"
- }
- ]
- },
+ "id": "displayName",
+ "value": "Detections"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_detection_update_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_detection_update_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Detection Updates"
- }
- ]
- },
+ "id": "displayName",
+ "value": "Detection Updates"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_end_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_end_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "End"
- }
- ]
- },
+ "id": "displayName",
+ "value": "End"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_guessed_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_guessed_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Guessed"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "percentage",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 5
- },
- {
- "color": "red",
- "value": 10
- }
- ]
+ "id": "displayName",
+ "value": "Guessed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 5
+ },
+ {
+ "color": "red",
+ "value": 10
}
- },
- {
- "id": "color"
- }
- ]
+ ]
+ }
},
{
- "matcher": {
- "id": "byName",
- "options": "flow_idle_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Idle"
- }
- ]
- },
+ "id": "color"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_idle_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_new_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "New"
- }
- ]
- },
+ "id": "displayName",
+ "value": "Idle"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_new_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_not_detected_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Not Detected"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "New"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_not_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Not Detected"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risky_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_risky_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Risky"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Risky"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_update_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_update_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Updates"
- }
- ]
- },
+ "id": "displayName",
+ "value": "Updates"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "init_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "init_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Init"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Init"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "packet_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "packet_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Packet"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "percentage",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 25
- },
- {
- "color": "red",
- "value": 50
- }
- ]
- }
- },
- {
- "id": "color",
- "value": {
- "mode": "thresholds"
+ "id": "displayName",
+ "value": "Packet"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 25
+ },
+ {
+ "color": "red",
+ "value": 50
}
- }
- ]
+ ]
+ }
},
{
- "matcher": {
- "id": "byName",
- "options": "packet_flow_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Packet Flow"
- }
- ]
- },
+ "id": "color",
+ "value": {
+ "mode": "thresholds"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "packet_flow_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "reconnect_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Reconnect"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "yellow",
- "value": 1
- }
- ]
- }
- }
- ]
- },
+ "id": "displayName",
+ "value": "Packet Flow"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "reconnect_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "shutdown_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Shutdown"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Reconnect"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
}
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "status_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Status"
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "shutdown_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_capture_size_smaller_than_packet"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Capture Size < Packet Size"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Shutdown"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
}
- }
- ]
- },
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "status_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_flow_memory_alloc"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Memory Allocation Failed"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 1
- }
- ]
- }
- }
- ]
- },
+ "id": "displayName",
+ "value": "Status"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_capture_size_smaller_than_packet"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "error_max_flows_to_track"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Max Flows"
- },
- {
- "id": "thresholds",
- "value": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- },
- {
- "color": "red",
- "value": 1
- }
- ]
+ "id": "displayName",
+ "value": "Capture Size < Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
}
- }
- ]
+ ]
+ }
}
]
},
- "gridPos": {
- "h": 9,
- "w": 15,
- "x": 0,
- "y": 1
- },
- "id": 20,
- "options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_flow_memory_alloc"
},
- "textMode": "auto"
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Memory Allocation Failed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
},
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
- "refId": "A"
- }
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_max_flows_to_track"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Max Flows"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 15,
+ "x": 0,
+ "y": 1
+ },
+ "id": 20,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
],
- "type": "stat"
+ "fields": "",
+ "values": false
},
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic-by-name"
- },
- "custom": {
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- }
- },
- "mappings": []
- },
- "overrides": []
- },
- "gridPos": {
- "h": 9,
- "w": 3,
- "x": 15,
- "y": 1
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic-by-name"
},
- "id": 19,
- "options": {
- "legend": {
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": false
- },
- "pieType": "pie",
- "reduceOptions": {
- "calcs": [
- "sum"
- ],
- "fields": "",
- "values": false
- },
- "tooltip": {
- "mode": "single",
- "sort": "none"
+ "custom": {
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
}
},
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
- "refId": "A"
- }
+ "mappings": []
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 3,
+ "x": 15,
+ "y": 1
+ },
+ "id": 19,
+ "options": {
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "pieType": "pie",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
],
- "type": "piechart"
+ "fields": "",
+ "values": false
},
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic-by-name"
- },
- "custom": {
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- }
- },
- "mappings": []
- },
- "overrides": []
- },
- "gridPos": {
- "h": 9,
- "w": 3,
- "x": 18,
- "y": 1
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "piechart"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic-by-name"
},
- "id": 28,
- "options": {
- "legend": {
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": false
- },
- "pieType": "pie",
- "reduceOptions": {
- "calcs": [
- "sum"
- ],
- "fields": "",
- "values": false
- },
- "tooltip": {
- "mode": "single",
- "sort": "none"
+ "custom": {
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
}
},
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )",
- "refId": "A"
- }
+ "mappings": []
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 3,
+ "x": 18,
+ "y": 1
+ },
+ "id": 28,
+ "options": {
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "pieType": "pie",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
],
- "type": "piechart"
+ "fields": "",
+ "values": false
},
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- }
- },
- "overrides": []
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "piechart"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "gridPos": {
- "h": 3,
- "w": 3,
- "x": 21,
- "y": 1
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 3,
+ "x": 21,
+ "y": 1
+ },
+ "id": 27,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
},
- "id": 27,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Packet",
+ "transformations": [
+ {
+ "id": "calculateField",
"options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
},
- "textMode": "auto"
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )",
- "refId": "A"
- }
- ],
- "title": "Packet",
- "transformations": [
- {
- "id": "calculateField",
- "options": {
- "mode": "reduceRow",
- "reduce": {
- "reducer": "sum"
- },
- "replaceFields": true
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
}
- }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 3,
+ "x": 21,
+ "y": 4
+ },
+ "id": 26,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
],
- "type": "stat"
+ "fields": "",
+ "values": false
},
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- }
- },
- "overrides": []
- },
- "gridPos": {
- "h": 3,
- "w": 3,
- "x": 21,
- "y": 4
- },
- "id": 26,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Detection",
+ "transformations": [
+ {
+ "id": "calculateField",
"options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
},
- "textMode": "auto"
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )",
- "refId": "A"
- }
- ],
- "title": "Detection",
- "transformations": [
- {
- "id": "calculateField",
- "options": {
- "mode": "reduceRow",
- "reduce": {
- "reducer": "sum"
- },
- "replaceFields": true
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
}
- }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 3,
+ "x": 21,
+ "y": 7
+ },
+ "id": 21,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
],
- "type": "stat"
+ "fields": "",
+ "values": false
},
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- }
- },
- "overrides": []
- },
- "gridPos": {
- "h": 3,
- "w": 3,
- "x": 21,
- "y": 7
- },
- "id": 21,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
+ "refId": "A"
+ }
+ ],
+ "transformations": [
+ {
+ "id": "calculateField",
"options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
},
- "textMode": "auto"
- },
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
- "refId": "A"
- }
- ],
- "transformations": [
- {
- "id": "calculateField",
- "options": {
- "mode": "reduceRow",
- "reduce": {
- "reducer": "sum"
- },
- "replaceFields": true
- }
- }
- ],
- "type": "stat"
+ "replaceFields": true
+ }
}
],
- "title": "Events",
- "type": "row"
+ "type": "stat"
},
{
- "collapsed": true,
+ "collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
- "y": 1
+ "y": 10
},
"id": 5,
- "panels": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
+ "panels": [],
+ "title": "General",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic"
- },
- "custom": {
- "axisBorderShow": false,
- "axisCenteredZero": false,
- "axisColorMode": "text",
- "axisLabel": "",
- "axisPlacement": "auto",
- "barAlignment": 0,
- "drawStyle": "line",
- "fillOpacity": 0,
- "gradientMode": "none",
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- },
- "insertNulls": false,
- "lineInterpolation": "linear",
- "lineWidth": 1,
- "pointSize": 5,
- "scaleDistribution": {
- "type": "linear"
- },
- "showPoints": "auto",
- "spanNulls": false,
- "stacking": {
- "group": "A",
- "mode": "none"
- },
- "thresholdsStyle": {
- "mode": "off"
- }
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- },
- "unit": "binBps"
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
},
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "flow_dst_total_bytes"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Total Bytes Received"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_src_total_bytes"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Total Bytes Transmitted"
- }
- ]
- },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
{
- "matcher": {
- "id": "byName",
- "options": "json_bytes"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Total JSON Bytes"
- }
- ]
+ "color": "green",
+ "value": null
}
]
},
- "gridPos": {
- "h": 8,
- "w": 15,
- "x": 0,
- "y": 2
+ "unit": "binBps"
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_dst_total_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Received"
+ }
+ ]
},
- "id": 1,
- "options": {
- "legend": {
- "calcs": [],
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": true
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_src_total_bytes"
},
- "tooltip": {
- "mode": "single",
- "sort": "none"
- }
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Transmitted"
+ }
+ ]
},
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )",
- "refId": "A"
- }
- ],
- "title": "Data Processed",
- "type": "timeseries"
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "json_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total JSON Bytes"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 15,
+ "x": 0,
+ "y": 11
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
},
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic"
- },
- "custom": {
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- }
- },
- "mappings": [],
- "unit": "bytes"
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Data Processed",
+ "type": "timeseries"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ }
+ },
+ "mappings": [],
+ "unit": "bytes"
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_dst_total_bytes"
},
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "flow_dst_total_bytes"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Total Bytes Received"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_src_total_bytes"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Total Bytes Transmitted"
- }
- ]
- },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "json_bytes"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Total JSON Bytes"
- }
- ]
+ "id": "displayName",
+ "value": "Total Bytes Received"
}
]
},
- "gridPos": {
- "h": 8,
- "w": 3,
- "x": 15,
- "y": 2
- },
- "id": 3,
- "options": {
- "legend": {
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": false
- },
- "pieType": "pie",
- "reduceOptions": {
- "calcs": [
- "sum"
- ],
- "fields": "",
- "values": false
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_src_total_bytes"
},
- "tooltip": {
- "mode": "single",
- "sort": "none"
- }
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Transmitted"
+ }
+ ]
},
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )",
- "refId": "A"
- }
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "json_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total JSON Bytes"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 3,
+ "x": 15,
+ "y": 11
+ },
+ "id": 3,
+ "options": {
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "pieType": "pie",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
],
- "type": "piechart"
+ "fields": "",
+ "values": false
},
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- },
- "unit": "binBps"
- },
- "overrides": []
- },
- "gridPos": {
- "h": 4,
- "w": 3,
- "x": 18,
- "y": 2
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "piechart"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "id": 24,
- "options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
- },
- "textMode": "auto"
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
},
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )",
- "refId": "A"
- }
+ "unit": "binBps"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 18,
+ "y": 11
+ },
+ "id": 24,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
],
- "title": "Bytes Transmitted",
- "type": "stat"
+ "fields": "",
+ "values": false
},
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Bytes Transmitted",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
}
- },
- "overrides": []
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 21,
+ "y": 11
+ },
+ "id": 7,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
},
- "gridPos": {
- "h": 4,
- "w": 3,
- "x": 21,
- "y": 2
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "JSON Lines",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "id": 7,
- "options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
- },
- "textMode": "auto"
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
},
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )",
- "refId": "A"
- }
+ "unit": "binBps"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 18,
+ "y": 15
+ },
+ "id": 25,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
],
- "title": "JSON Lines",
- "type": "stat"
+ "fields": "",
+ "values": false
},
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- },
- "unit": "binBps"
- },
- "overrides": []
- },
- "gridPos": {
- "h": 4,
- "w": 3,
- "x": 18,
- "y": 6
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Bytes Received",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- "id": 25,
- "options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
- },
- "textMode": "auto"
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
},
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )",
- "refId": "A"
- }
+ "unit": "binBps"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 21,
+ "y": 15
+ },
+ "id": 23,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
],
- "title": "Bytes Received",
- "type": "stat"
+ "fields": "",
+ "values": false
},
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- },
- "unit": "binBps"
- },
- "overrides": []
- },
- "gridPos": {
- "h": 4,
- "w": 3,
- "x": 21,
- "y": 6
- },
- "id": 23,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Total Bytes",
+ "transformations": [
+ {
+ "id": "calculateField",
"options": {
- "colorMode": "value",
- "graphMode": "area",
- "justifyMode": "auto",
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
- ],
- "fields": "",
- "values": false
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
},
- "textMode": "auto"
- },
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )",
- "refId": "A"
- }
- ],
- "title": "Total Bytes",
- "transformations": [
- {
- "id": "calculateField",
- "options": {
- "mode": "reduceRow",
- "reduce": {
- "reducer": "sum"
- },
- "replaceFields": true
- }
- }
- ],
- "type": "stat"
+ "replaceFields": true
+ }
}
],
- "title": "General",
- "type": "row"
+ "type": "stat"
},
{
"collapsed": true,
@@ -1789,7 +1787,7 @@
"h": 1,
"w": 24,
"x": 0,
- "y": 2
+ "y": 19
},
"id": 6,
"panels": [
@@ -3051,6 +3049,25 @@
}
}
]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_custom_rule"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Custom Rule"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "blue",
+ "mode": "fixed"
+ }
+ }
+ ]
}
]
},
@@ -3066,7 +3083,7 @@
"minVizHeight": 10,
"minVizWidth": 0,
"namePlacement": "auto",
- "orientation": "auto",
+ "orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
@@ -3329,7 +3346,7 @@
"minVizHeight": 10,
"minVizWidth": 0,
"namePlacement": "auto",
- "orientation": "auto",
+ "orientation": "horizontal",
"reduceOptions": {
"calcs": [
"lastNotNull"
@@ -3359,1469 +3376,1470 @@
"type": "row"
},
{
- "collapsed": false,
+ "collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
- "y": 3
+ "y": 20
},
"id": 32,
- "panels": [],
- "title": "Risks",
- "type": "row"
- },
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "thresholds"
+ "panels": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
},
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
- {
- "color": "green",
- "value": null
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
},
- {
- "color": "yellow",
- "value": 1
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
}
- ]
- }
- },
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_1_count"
},
- "properties": [
+ "overrides": [
{
- "id": "displayName",
- "value": "XSS Attack"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_2_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_1_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "XSS Attack"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SQL Injection"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_3_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_2_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SQL Injection"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "RCE Injection"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_4_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_3_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "RCE Injection"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Binary App Transfer"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_5_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_4_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary App Transfer"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Known Proto on Non Std Port"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_6_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_5_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Known Proto on Non Std Port"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Self signed Cert"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_7_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_6_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Self signed Cert"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Obsolete TLS v1.1 or older"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_8_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_7_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Obsolete TLS v1.1 or older"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Weak TLS Cipher"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_9_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_8_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Weak TLS Cipher"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert Expired"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_10_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_9_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Expired"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert Mismatch"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_11_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_10_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Mismatch"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious User Agent"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_12_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_11_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious User Agent"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Numeric IP Address"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_13_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_12_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Numeric IP Address"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious URL"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_14_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_13_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious URL"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious Header"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_15_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_14_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Header"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS probably Not Carrying HTTPS"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_16_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_15_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS probably Not Carrying HTTPS"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Suspicious DGA Domain name"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_17_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_16_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DGA Domain name"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malformed Packet"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_18_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_17_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malformed Packet"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SSH Obsolete Client Version/Cipher"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_19_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_18_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Client Version/Cipher"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SSH Obsolete Server Version/Cipher"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_20_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_19_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Server Version/Cipher"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SMB Insecure Version"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_21_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_20_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SMB Insecure Version"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Suspicious ESNI Usage"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_22_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_21_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious ESNI Usage"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Unsafe Protocol"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_23_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_22_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsafe Protocol"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Suspicious DNS Traffic"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_24_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_23_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DNS Traffic"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Missing SNI TLS Extension"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_25_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_24_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Missing SNI TLS Extension"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious Content"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_26_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_25_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Content"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Risky ASN"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_27_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_26_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky ASN"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Risky Domain Name"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_28_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_27_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky Domain Name"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malicious JA3 Fingerprint"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_29_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_28_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious JA3 Fingerprint"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malicious SSL Cert/SHA1 Fingerprint"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_30_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_29_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious SSL Cert/SHA1 Fingerprint"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Desktop/File-Sharing"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_31_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_30_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Desktop/File-Sharing"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Uncommon TLS ALPN"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_32_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_31_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Uncommon TLS ALPN"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert Validity Too Long"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_33_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_32_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Validity Too Long"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Suspicious Extension"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_34_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_33_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious Extension"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Fatal Alert"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_35_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_34_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Fatal Alert"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Suspicious Entropy"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_36_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_35_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious Entropy"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Clear Text Credentials"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_37_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_36_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Clear Text Credentials"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Large DNS Packet"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_38_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_37_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Large DNS Packet"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Fragmented DNS Message"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_39_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_38_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fragmented DNS Message"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Text With Non Printable Chars"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_40_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_39_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Text With Non Printable Chars"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Possible Exploit"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_41_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_40_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Possible Exploit"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert About To Expire"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_42_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_41_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert About To Expire"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "IDN Domain Name"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_43_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_42_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IDN Domain Name"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Error Code"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_44_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_43_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Error Code"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Crawler/Bot"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_45_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_44_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Crawler/Bot"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Anonymous Subscriber"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_46_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_45_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Anonymous Subscriber"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Unidirectional Traffic"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_47_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_46_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unidirectional Traffic"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Obsolete Server"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_48_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_47_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Obsolete Server"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Periodic Flow"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_49_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_48_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Periodic Flow"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Minor Issues"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_50_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_49_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Minor Issues"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TCP Connection Issues"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_51_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_50_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP Connection Issues"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Fully Encrypted"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_52_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_51_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fully Encrypted"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Invalid ALPN/SNI combination"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_53_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_52_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Invalid ALPN/SNI combination"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malware Host Contacted"
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_53_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malware Host Contacted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown Risk"
+ }
+ ]
}
]
},
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_unknown_count"
+ "gridPos": {
+ "h": 24,
+ "w": 24,
+ "x": 0,
+ "y": 4
+ },
+ "id": 12,
+ "options": {
+ "minVizHeight": 75,
+ "minVizWidth": 75,
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
},
- "properties": [
- {
- "id": "displayName",
- "value": "Unknown Risk"
- }
- ]
- }
- ]
- },
- "gridPos": {
- "h": 24,
- "w": 24,
- "x": 0,
- "y": 4
- },
- "id": 12,
- "options": {
- "minVizHeight": 75,
- "minVizWidth": 75,
- "orientation": "auto",
- "reduceOptions": {
- "calcs": [
- "lastNotNull"
+ "showThresholdLabels": false,
+ "showThresholdMarkers": false
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
+ "refId": "A"
+ }
],
- "fields": "",
- "values": false
+ "title": "Risk",
+ "type": "gauge"
},
- "showThresholdLabels": false,
- "showThresholdMarkers": false
- },
- "pluginVersion": "10.2.0",
- "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
- "refId": "A"
- }
- ],
- "title": "Risk",
- "type": "gauge"
- },
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic"
- },
- "custom": {
- "axisBorderShow": false,
- "axisCenteredZero": false,
- "axisColorMode": "text",
- "axisLabel": "",
- "axisPlacement": "auto",
- "barAlignment": 0,
- "drawStyle": "line",
- "fillOpacity": 0,
- "gradientMode": "none",
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- },
- "insertNulls": false,
- "lineInterpolation": "linear",
- "lineWidth": 1,
- "pointSize": 5,
- "scaleDistribution": {
- "type": "linear"
- },
- "showPoints": "auto",
- "spanNulls": false,
- "stacking": {
- "group": "A",
- "mode": "none"
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
},
- "thresholdsStyle": {
- "mode": "off"
- }
- },
- "mappings": [],
- "thresholds": {
- "mode": "absolute",
- "steps": [
+ "overrides": [
{
- "color": "green",
- "value": null
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_1_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "XSS Attack"
+ }
+ ]
},
{
- "color": "yellow",
- "value": 1
- }
- ]
- }
- },
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_1_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_2_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SQL Injection"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "XSS Attack"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_2_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_3_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "RCE Injection"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SQL Injection"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_3_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_4_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary App Transfer"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "RCE Injection"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_4_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_5_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Known Proto on Non Std Port"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Binary App Transfer"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_5_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_6_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Self signed Cert"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Known Proto on Non Std Port"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_6_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_7_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Obsolete TLS v1.1 or older"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Self signed Cert"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_7_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_8_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Weak TLS Cipher"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Obsolete TLS v1.1 or older"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_8_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_9_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Expired"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Weak TLS Cipher"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_9_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_10_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Mismatch"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert Expired"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_10_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_11_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious User Agent"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert Mismatch"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_11_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_12_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Numeric IP Address"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious User Agent"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_12_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_13_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious URL"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Numeric IP Address"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_13_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_14_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Header"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious URL"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_14_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_15_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS probably Not Carrying HTTPS"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious Header"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_15_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_16_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DGA Domain name"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS probably Not Carrying HTTPS"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_16_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_17_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malformed Packet"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Suspicious DGA Domain name"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_17_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_18_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Client Version/Cipher"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malformed Packet"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_18_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_19_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Server Version/Cipher"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SSH Obsolete Client Version/Cipher"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_19_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_20_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SMB Insecure Version"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SSH Obsolete Server Version/Cipher"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_20_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_21_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious ESNI Usage"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "SMB Insecure Version"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_21_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_22_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsafe Protocol"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Suspicious ESNI Usage"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_22_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_23_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DNS Traffic"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Unsafe Protocol"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_23_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_24_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Missing SNI TLS Extension"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Suspicious DNS Traffic"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_24_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_25_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Content"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Missing SNI TLS Extension"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_25_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_26_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky ASN"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Suspicious Content"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_26_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_27_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky Domain Name"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Risky ASN"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_27_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_28_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious JA3 Fingerprint"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Risky Domain Name"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_28_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_29_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious SSL Cert/SHA1 Fingerprint"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malicious JA3 Fingerprint"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_29_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_30_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Desktop/File-Sharing"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Malicious SSL Cert/SHA1 Fingerprint"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_30_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_31_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Uncommon TLS ALPN"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Desktop/File-Sharing"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_31_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_32_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Validity Too Long"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Uncommon TLS ALPN"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_32_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_33_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious Extension"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert Validity Too Long"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_33_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_34_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Fatal Alert"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Suspicious Extension"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_34_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_35_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious Entropy"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Fatal Alert"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_35_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_36_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Clear Text Credentials"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Suspicious Entropy"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_36_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_37_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Large DNS Packet"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Clear Text Credentials"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_37_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_38_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fragmented DNS Message"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Large DNS Packet"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_38_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_39_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Text With Non Printable Chars"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Fragmented DNS Message"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_39_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_40_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Possible Exploit"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Text With Non Printable Chars"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_40_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_41_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert About To Expire"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Possible Exploit"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_41_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_42_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IDN Domain Name"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TLS Cert About To Expire"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_42_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_43_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Error Code"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "IDN Domain Name"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_43_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_44_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Crawler/Bot"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Error Code"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_44_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_45_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Anonymous Subscriber"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Crawler/Bot"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_45_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_46_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unidirectional Traffic"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Anonymous Subscriber"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_46_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_47_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Obsolete Server"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Unidirectional Traffic"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_47_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_48_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Periodic Flow"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "HTTP Obsolete Server"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_48_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_49_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Minor Issues"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Periodic Flow"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_49_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_50_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP Connection Issues"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Minor Issues"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_50_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_51_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fully Encrypted"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "TCP Connection Issues"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_51_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_52_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Invalid ALPN/SNI combination"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Fully Encrypted"
- }
- ]
- },
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_52_count"
- },
- "properties": [
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_53_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malware Host Contacted"
+ }
+ ]
+ },
{
- "id": "displayName",
- "value": "Invalid ALPN/SNI combination"
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown Risk"
+ }
+ ]
}
]
},
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_53_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Malware Host Contacted"
- }
- ]
+ "gridPos": {
+ "h": 10,
+ "w": 24,
+ "x": 0,
+ "y": 28
},
- {
- "matcher": {
- "id": "byName",
- "options": "flow_risk_unknown_count"
+ "id": 34,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
},
- "properties": [
- {
- "id": "displayName",
- "value": "Unknown Risk"
- }
- ]
- }
- ]
- },
- "gridPos": {
- "h": 10,
- "w": 24,
- "x": 0,
- "y": 28
- },
- "id": 34,
- "options": {
- "legend": {
- "calcs": [],
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": false
- },
- "tooltip": {
- "mode": "single",
- "sort": "none"
- }
- },
- "pluginVersion": "10.2.0",
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
},
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
- "refId": "A"
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Risk",
+ "type": "timeseries"
}
],
- "title": "Risk",
- "type": "timeseries"
+ "title": "Risks",
+ "type": "row"
},
{
"collapsed": true,
@@ -4829,7 +4847,7 @@
"h": 1,
"w": 24,
"x": 0,
- "y": 38
+ "y": 21
},
"id": 29,
"panels": [
@@ -4958,7 +4976,7 @@
"h": 8,
"w": 12,
"x": 0,
- "y": 29
+ "y": 5
},
"id": 30,
"options": {
@@ -5138,7 +5156,7 @@
"h": 8,
"w": 12,
"x": 12,
- "y": 29
+ "y": 5
},
"id": 31,
"options": {
@@ -5860,7 +5878,7 @@
"h": 24,
"w": 24,
"x": 0,
- "y": 37
+ "y": 13
},
"id": 33,
"options": {
@@ -5897,278 +5915,277 @@
"type": "row"
},
{
- "collapsed": true,
+ "collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
- "y": 39
+ "y": 22
},
"id": 15,
- "panels": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
+ "panels": [],
+ "title": "Layer3 / Layer4",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic"
- },
- "custom": {
- "axisBorderShow": false,
- "axisCenteredZero": false,
- "axisColorMode": "text",
- "axisLabel": "",
- "axisPlacement": "auto",
- "barAlignment": 0,
- "drawStyle": "line",
- "fillOpacity": 0,
- "gradientMode": "none",
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- },
- "insertNulls": false,
- "lineInterpolation": "linear",
- "lineWidth": 1,
- "pointSize": 5,
- "scaleDistribution": {
- "type": "linear"
- },
- "showPoints": "auto",
- "spanNulls": false,
- "stacking": {
- "group": "A",
- "mode": "none"
- },
- "thresholdsStyle": {
- "mode": "off"
- }
- },
- "mappings": [],
- "thresholds": {
- "mode": "percentage",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- }
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
},
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "flow_l3_ip4_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv4"
- }
- ]
- },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_l3_ip6_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "IPv6"
- }
- ]
- },
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l3_ip4_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_l3_other_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Other"
- }
- ]
+ "id": "displayName",
+ "value": "IPv4"
}
]
},
- "gridPos": {
- "h": 8,
- "w": 12,
- "x": 0,
- "y": 5
- },
- "id": 16,
- "options": {
- "legend": {
- "calcs": [],
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": true
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l3_ip6_count"
},
- "tooltip": {
- "mode": "single",
- "sort": "none"
- }
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv6"
+ }
+ ]
},
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )",
- "refId": "A"
- }
- ],
- "title": "Layer3",
- "type": "timeseries"
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l3_other_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Other"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 23
+ },
+ "id": 16,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
},
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
{
"datasource": {
"type": "influxdb",
"uid": "${DS_INFLUXDB}"
},
- "fieldConfig": {
- "defaults": {
- "color": {
- "mode": "palette-classic"
- },
- "custom": {
- "axisBorderShow": false,
- "axisCenteredZero": false,
- "axisColorMode": "text",
- "axisLabel": "",
- "axisPlacement": "auto",
- "barAlignment": 0,
- "drawStyle": "line",
- "fillOpacity": 0,
- "gradientMode": "none",
- "hideFrom": {
- "legend": false,
- "tooltip": false,
- "viz": false
- },
- "insertNulls": false,
- "lineInterpolation": "linear",
- "lineWidth": 1,
- "pointSize": 5,
- "scaleDistribution": {
- "type": "linear"
- },
- "showPoints": "auto",
- "spanNulls": false,
- "stacking": {
- "group": "A",
- "mode": "none"
- },
- "thresholdsStyle": {
- "mode": "off"
- }
- },
- "mappings": [],
- "thresholds": {
- "mode": "percentage",
- "steps": [
- {
- "color": "green",
- "value": null
- }
- ]
- }
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Layer3",
+ "type": "timeseries"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
},
- "overrides": [
- {
- "matcher": {
- "id": "byName",
- "options": "flow_l4_icmp_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "ICMP"
- }
- ]
- },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_l4_other_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "Other"
- }
- ]
- },
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_icmp_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_l4_tcp_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "TCP"
- }
- ]
- },
+ "id": "displayName",
+ "value": "ICMP"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_other_count"
+ },
+ "properties": [
{
- "matcher": {
- "id": "byName",
- "options": "flow_l4_udp_count"
- },
- "properties": [
- {
- "id": "displayName",
- "value": "UDP"
- }
- ]
+ "id": "displayName",
+ "value": "Other"
}
]
},
- "gridPos": {
- "h": 8,
- "w": 12,
- "x": 12,
- "y": 5
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_tcp_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP"
+ }
+ ]
},
- "id": 17,
- "options": {
- "legend": {
- "calcs": [],
- "displayMode": "list",
- "placement": "bottom",
- "showLegend": true
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_udp_count"
},
- "tooltip": {
- "mode": "single",
- "sort": "none"
- }
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "UDP"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 12,
+ "y": 23
+ },
+ "id": 17,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
},
- "targets": [
- {
- "datasource": {
- "type": "influxdb",
- "uid": "${DS_INFLUXDB}"
- },
- "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )",
- "refId": "A"
- }
- ],
- "title": "Layer4",
- "type": "timeseries"
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )",
+ "refId": "A"
}
],
- "title": "Layer3 / Layer4",
- "type": "row"
+ "title": "Layer4",
+ "type": "timeseries"
}
],
"refresh": "10s",
@@ -6198,13 +6215,13 @@
]
},
"time": {
- "from": "now-15m",
+ "from": "now-30m",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "nDPId",
"uid": "e57b37c0-d0ba-4f50-9b2d-f83e71ae8c27",
- "version": 85,
+ "version": 88,
"weekStart": ""
} \ No newline at end of file
Powered by cgit, Themed by Ted Yin.