diff options
Diffstat (limited to 'examples/c-influxd/grafana-dashboard-simple.json')
-rw-r--r-- | examples/c-influxd/grafana-dashboard-simple.json | 6468 |
1 files changed, 6468 insertions, 0 deletions
diff --git a/examples/c-influxd/grafana-dashboard-simple.json b/examples/c-influxd/grafana-dashboard-simple.json new file mode 100644 index 000000000..9d7208525 --- /dev/null +++ b/examples/c-influxd/grafana-dashboard-simple.json @@ -0,0 +1,6468 @@ +{ + "__inputs": [ + { + "name": "DS_INFLUXDB", + "label": "InfluxDB", + "description": "", + "type": "datasource", + "pluginId": "influxdb", + "pluginName": "InfluxDB" + }, + { + "name": "VAR_NDPID_DB_NAME", + "type": "constant", + "label": "ndpid_db_name", + "value": "ndpi-daemon", + "description": "" + } + ], + "__elements": { + "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5": { + "name": "Risk", + "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5", + "kind": 1, + "model": { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 0.01 + }, + { + "color": "dark-red", + "value": 50 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ + { + "id": "displayName", + "value": "XSS Attack" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SQL Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RCE Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary App Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Self signed Cert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fully Encrypted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_54_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary Transfer Attempt" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_55_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Probing Attempt" + } + ] + } + ] + }, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "Risk", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "gauge" + } + } + }, + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "panel", + "id": "gauge", + "name": "Gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.2.0" + }, + { + "type": "datasource", + "id": "influxdb", + "name": "InfluxDB", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "state-timeline", + "name": "State timeline", + "version": "" + }, + { + "type": "panel", + "id": "status-history", + "name": "Status history", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 22, + "panels": [], + "title": "Events", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 25 + }, + { + "color": "red", + "value": 50 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "error_ip4_l4_payload_detection" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4 L4 Failed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip4_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4 Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip4_size_smaller_than_header" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4 Header Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip6_l4_payload_detection" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6 L4 Failed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip6_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6 Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_ip6_size_smaller_than_header" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6 Header Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_packet_header_invalid" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Header Invalid" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_packet_type_unknown" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Type Unknown" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_tcp_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_udp_packet_too_short" + }, + "properties": [ + { + "id": "displayName", + "value": "UDP Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_unknown_datalink" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Datalink" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_unknown_l3_protocol" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown L3 Protocol" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_unsupported_datalink" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsupported Datalink" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_analyse_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Analyse" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detections" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_detection_update_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detection Updates" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_end_count" + }, + "properties": [ + { + "id": "displayName", + "value": "End" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 5 + }, + { + "color": "red", + "value": 10 + } + ] + } + }, + { + "id": "color" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_idle_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Idle" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_new_count" + }, + "properties": [ + { + "id": "displayName", + "value": "New" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risky_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_update_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Updates" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "init_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Init" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "packet_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet" + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 25 + }, + { + "color": "red", + "value": 50 + } + ] + } + }, + { + "id": "color", + "value": { + "mode": "thresholds" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "packet_flow_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Packet Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "reconnect_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Reconnect" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "shutdown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Shutdown" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "status_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Status" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_capture_size_smaller_than_packet" + }, + "properties": [ + { + "id": "displayName", + "value": "Capture Size < Packet Size" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_flow_memory_alloc" + }, + "properties": [ + { + "id": "displayName", + "value": "Memory Allocation Failed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error_max_flows_to_track" + }, + "properties": [ + { + "id": "displayName", + "value": "Max Flows" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 15, + "x": 0, + "y": 1 + }, + "id": 20, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", + "refId": "A" + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic-by-name" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 3, + "x": 15, + "y": 1 + }, + "id": 19, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", + "refId": "A" + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic-by-name" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 3, + "x": 18, + "y": 1 + }, + "id": 28, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )", + "refId": "A" + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 1 + }, + "id": 27, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )", + "refId": "A" + } + ], + "title": "Packet", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 4 + }, + "id": 26, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 21, + "y": 7 + }, + "id": 21, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", + "refId": "A" + } + ], + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 5, + "panels": [], + "title": "General", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_dst_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Received" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_src_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Transmitted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "json_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total JSON Bytes" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 15, + "x": 0, + "y": 11 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", + "refId": "A" + } + ], + "title": "Data Processed", + "type": "timeseries" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_dst_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Received" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_src_total_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total Bytes Transmitted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "json_bytes" + }, + "properties": [ + { + "id": "displayName", + "value": "Total JSON Bytes" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 3, + "x": 15, + "y": 11 + }, + "id": 3, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", + "refId": "A" + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 18, + "y": 11 + }, + "id": 24, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )", + "refId": "A" + } + ], + "title": "Bytes Transmitted", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 21, + "y": 11 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )", + "refId": "A" + } + ], + "title": "JSON Lines", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 18, + "y": 15 + }, + "id": 25, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )", + "refId": "A" + } + ], + "title": "Bytes Received", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 21, + "y": 15 + }, + "id": 23, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )", + "refId": "A" + } + ], + "title": "Total Bytes", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 6, + "panels": [], + "title": "Flow", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_breed_acceptable_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Acceptable" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_dangerous_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Dangerous" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_fun_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fun" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_potentially_dangerous_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Potentially Dangerous" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_safe_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Safe" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_tracker_ads_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Tracker/Ads" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unrated_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unrated" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_unsafe_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_dangerous_count" + }, + "properties": [ + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_breed_potentially_dangerous_count" + }, + "properties": [ + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-orange", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 0, + "y": 20 + }, + "id": 4, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "Breed", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_active_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Active Flows" + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 2, + "x": 12, + "y": 20 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "A" + } + ], + "title": "Active", + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detected" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 14, + "y": 20 + }, + "id": 9, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "Detection", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 50 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_category_adult_content_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Adult Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_advertisment_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Advertisment" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_allowed_site_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Allowed Site" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_antimalware_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anti Malware" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_banned_site_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Banned Site" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_chat_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Chat" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_cloud_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Cloud" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_collaborative_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Collaborative" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_conn_check_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Connection Check" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_crypto_currency_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crypto Currency" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_cybersecurity_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Cybersecurity" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_data_transfer_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Data Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_database_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Database" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_download_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Download" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_email_count" + }, + "properties": [ + { + "id": "displayName", + "value": "E-Mail" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_file_sharing_count" + }, + "properties": [ + { + "id": "displayName", + "value": "File Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_gambling_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Gambling" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_game_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Game" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_iot_scada_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IoT/Scada" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_malware_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_media_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Media" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_mining_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Mining" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_music_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Music" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_network_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Network" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_productivity_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Productivity" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_remote_access_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Remote Access" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_rpc_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RPC" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_shopping_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Shopping" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_site_unavail_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Site Unavailable" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_social_network_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Social Network" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_software_update_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Software Update" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_streaming_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Streaming" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_system_count" + }, + "properties": [ + { + "id": "displayName", + "value": "System" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_unspecified_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unspecified" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_video_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Video" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_virt_assistant_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Virtual Assistant" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_voip_count" + }, + "properties": [ + { + "id": "displayName", + "value": "VoIP" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_vpn_count" + }, + "properties": [ + { + "id": "displayName", + "value": "VPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_category_web_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Web" + } + ] + } + ] + }, + "gridPos": { + "h": 27, + "w": 12, + "x": 0, + "y": 26 + }, + "id": 10, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": false + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "Category", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "gauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_state_finished" + }, + "properties": [ + { + "id": "displayName", + "value": "Finished" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_state_info" + }, + "properties": [ + { + "id": "displayName", + "value": "Processing" + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 2, + "x": 12, + "y": 26 + }, + "id": 13, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "State", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_confidence_by_ip" + }, + "properties": [ + { + "id": "displayName", + "value": "By IP" + }, + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_by_port" + }, + "properties": [ + { + "id": "displayName", + "value": "By Port" + }, + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI" + }, + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_aggressive" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Aggressive" + }, + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_cache" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Cache" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_partial" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Partial" + }, + { + "id": "color", + "value": { + "fixedColor": "light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_dpi_partial_cache" + }, + "properties": [ + { + "id": "displayName", + "value": "DPI Partial Cache" + }, + { + "id": "color", + "value": { + "fixedColor": "super-light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_nbpf" + }, + "properties": [ + { + "id": "displayName", + "value": "nBPF" + }, + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_unknown" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_confidence_custom_rule" + }, + "properties": [ + { + "id": "displayName", + "value": "Custom Rule" + }, + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 10, + "x": 14, + "y": 28 + }, + "id": 14, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "Confidence", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "bargauge" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green" + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 2, + "x": 12, + "y": 37 + }, + "id": 18, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Total Risks", + "transformations": [ + { + "id": "calculateField", + "options": { + "mode": "reduceRow", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green" + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_severity_critical" + }, + "properties": [ + { + "id": "displayName", + "value": "Critical" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_emergency" + }, + "properties": [ + { + "id": "displayName", + "value": "Emergency" + }, + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_high" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_low" + }, + "properties": [ + { + "id": "displayName", + "value": "Low" + }, + { + "id": "color", + "value": { + "fixedColor": "light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_medium" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_severe" + }, + "properties": [ + { + "id": "displayName", + "value": "Severe" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_severity_unknown" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown" + }, + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 12, + "x": 12, + "y": 42 + }, + "id": 11, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )", + "refId": "A" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "hide": false, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", + "refId": "B" + } + ], + "title": "Risk Severity", + "transformations": [ + { + "id": "configFromData", + "options": { + "configRefId": "B", + "mappings": [ + { + "fieldName": "Time", + "handlerKey": "__ignore" + }, + { + "fieldName": "flow_active_count", + "handlerKey": "max" + } + ] + } + } + ], + "type": "bargauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 53 + }, + "id": 32, + "panels": [], + "title": "Risks", + "type": "row" + }, + { + "gridPos": { + "h": 24, + "w": 24, + "x": 0, + "y": 54 + }, + "id": 12, + "libraryPanel": { + "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5", + "name": "Risk" + } + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "yellow", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ + { + "id": "displayName", + "value": "XSS Attack" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SQL Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RCE Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary App Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Self signed Cert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious JA3 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fully Encrypted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 78 + }, + "id": 34, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Risk", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 88 + }, + "id": 29, + "panels": [], + "title": "Flow (Simplified / Historic)", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "log" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/flow_breed_.*/" + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": true + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Legit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Caution Advised" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Dont Know" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 89 + }, + "id": 30, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", + "refId": "A" + } + ], + "title": "Breed", + "transformations": [ + { + "id": "calculateField", + "options": { + "alias": "Caution Advised", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_potentially_dangerous_count breed", + "flow_breed_unsafe_count breed", + "flow_breed_dangerous_count breed" + ], + "reducer": "sum" + }, + "replaceFields": false + } + }, + { + "id": "calculateField", + "options": { + "alias": "Legit", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_acceptable_count breed", + "flow_breed_fun_count breed", + "flow_breed_safe_count breed" + ], + "reducer": "sum" + } + } + }, + { + "id": "calculateField", + "options": { + "alias": "Dont Know", + "mode": "reduceRow", + "reduce": { + "include": [ + "flow_breed_unrated_count breed", + "flow_breed_unknown_count breed" + ], + "reducer": "sum" + } + } + } + ], + "type": "timeseries" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineWidth": 1 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Detected" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_guessed_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Guessed" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "yellow", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_not_detected_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Not Detected" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 89 + }, + "id": 31, + "options": { + "colWidth": 0.9, + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", + "refId": "A" + } + ], + "title": "Detection", + "type": "status-history" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineWidth": 0, + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "yellow", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_risk_1_count" + }, + "properties": [ + { + "id": "displayName", + "value": "XSS Attack" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_2_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SQL Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_3_count" + }, + "properties": [ + { + "id": "displayName", + "value": "RCE Injection" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary App Transfer" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_5_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Known Proto on Non Std Port" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Self signed Cert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_7_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Obsolete TLS v1.1 or older" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_8_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Weak TLS Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_9_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Expired" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_10_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Mismatch" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_11_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious User Agent" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_12_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Numeric IP Address" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_13_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious URL" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_14_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Header" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_15_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS probably Not Carrying HTTPS" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_16_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DGA Domain name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_17_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malformed Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_18_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Client Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_19_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SSH Obsolete Server Version/Cipher" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_20_count" + }, + "properties": [ + { + "id": "displayName", + "value": "SMB Insecure Version" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_21_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious ESNI Usage" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_22_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unsafe Protocol" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_23_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious DNS Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_24_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Missing SNI TLS Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_25_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Suspicious Content" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_26_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky ASN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_27_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Risky Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_28_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_29_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malicious SSL Cert/SHA1 Fingerprint" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_30_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Desktop/File-Sharing" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_31_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Uncommon TLS ALPN" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_32_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert Validity Too Long" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_33_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Suspicious Extension" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_34_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Fatal Alert" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_35_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Suspicious Entropy" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_36_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Clear Text Credentials" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_37_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Large DNS Packet" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_38_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fragmented DNS Message" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_39_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Text With Non Printable Chars" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_40_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Possible Exploit" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_41_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TLS Cert About To Expire" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_42_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IDN Domain Name" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_43_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Error Code" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_44_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Crawler/Bot" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_45_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Anonymous Subscriber" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_46_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unidirectional Traffic" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_47_count" + }, + "properties": [ + { + "id": "displayName", + "value": "HTTP Obsolete Server" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_48_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Periodic Flow" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_49_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Minor Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_50_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP Connection Issues" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_51_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Fully Encrypted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_52_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Invalid ALPN/SNI combination" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_53_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Malware Host Contacted" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_unknown_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Unknown Risk" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_54_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Binary Transfer Attempt" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_risk_55_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Probing Attempt" + } + ] + } + ] + }, + "gridPos": { + "h": 24, + "w": 24, + "x": 0, + "y": 97 + }, + "id": 33, + "options": { + "alignValue": "left", + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "mergeValues": true, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", + "refId": "A" + } + ], + "title": "Risk", + "type": "state-timeline" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 121 + }, + "id": 15, + "panels": [], + "title": "Layer3 / Layer4", + "type": "row" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green" + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_l3_ip4_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv4" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_l3_ip6_count" + }, + "properties": [ + { + "id": "displayName", + "value": "IPv6" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_l3_other_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Other" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 122 + }, + "id": 16, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )", + "refId": "A" + } + ], + "title": "Layer3", + "type": "timeseries" + }, + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green" + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "flow_l4_icmp_count" + }, + "properties": [ + { + "id": "displayName", + "value": "ICMP" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_l4_other_count" + }, + "properties": [ + { + "id": "displayName", + "value": "Other" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_l4_tcp_count" + }, + "properties": [ + { + "id": "displayName", + "value": "TCP" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "flow_l4_udp_count" + }, + "properties": [ + { + "id": "displayName", + "value": "UDP" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 122 + }, + "id": 17, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "influxdb", + "uid": "${DS_INFLUXDB}" + }, + "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )", + "refId": "A" + } + ], + "title": "Layer4", + "type": "timeseries" + } + ], + "refresh": "10s", + "schemaVersion": 38, + "tags": [], + "templating": { + "list": [ + { + "hide": 2, + "name": "ndpid_db_name", + "query": "${VAR_NDPID_DB_NAME}", + "skipUrlSync": false, + "type": "constant", + "current": { + "value": "${VAR_NDPID_DB_NAME}", + "text": "${VAR_NDPID_DB_NAME}", + "selected": false + }, + "options": [ + { + "value": "${VAR_NDPID_DB_NAME}", + "text": "${VAR_NDPID_DB_NAME}", + "selected": false + } + ] + } + ] + }, + "time": { + "from": "now-15m", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "nDPId", + "uid": "e57b37c0-d0ba-4f50-9b2d-f83e71ae8c27", + "version": 111, + "weekStart": "" +}
\ No newline at end of file |