summaryrefslogtreecommitdiff
path: root/examples/c-influxd/grafana-dashboard-simple.json
diff options
context:
space:
mode:
Diffstat (limited to 'examples/c-influxd/grafana-dashboard-simple.json')
-rw-r--r--examples/c-influxd/grafana-dashboard-simple.json6468
1 files changed, 6468 insertions, 0 deletions
diff --git a/examples/c-influxd/grafana-dashboard-simple.json b/examples/c-influxd/grafana-dashboard-simple.json
new file mode 100644
index 000000000..9d7208525
--- /dev/null
+++ b/examples/c-influxd/grafana-dashboard-simple.json
@@ -0,0 +1,6468 @@
+{
+ "__inputs": [
+ {
+ "name": "DS_INFLUXDB",
+ "label": "InfluxDB",
+ "description": "",
+ "type": "datasource",
+ "pluginId": "influxdb",
+ "pluginName": "InfluxDB"
+ },
+ {
+ "name": "VAR_NDPID_DB_NAME",
+ "type": "constant",
+ "label": "ndpid_db_name",
+ "value": "ndpi-daemon",
+ "description": ""
+ }
+ ],
+ "__elements": {
+ "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5": {
+ "name": "Risk",
+ "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5",
+ "kind": 1,
+ "model": {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "description": "",
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 0.01
+ },
+ {
+ "color": "dark-red",
+ "value": 50
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_1_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "XSS Attack"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_2_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SQL Injection"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_3_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "RCE Injection"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_4_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary App Transfer"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_5_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Known Proto on Non Std Port"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_6_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Self signed Cert"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_7_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Obsolete TLS v1.1 or older"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_8_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Weak TLS Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_9_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Expired"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_10_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Mismatch"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_11_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious User Agent"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_12_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Numeric IP Address"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_13_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious URL"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_14_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Header"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_15_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS probably Not Carrying HTTPS"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_16_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DGA Domain name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_17_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malformed Packet"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_18_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Client Version/Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_19_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Server Version/Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_20_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SMB Insecure Version"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_21_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious ESNI Usage"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_22_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsafe Protocol"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_23_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DNS Traffic"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_24_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Missing SNI TLS Extension"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_25_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Content"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_26_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky ASN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_27_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky Domain Name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_28_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious Fingerprint"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_29_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious SSL Cert/SHA1 Fingerprint"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_30_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Desktop/File-Sharing"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_31_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Uncommon TLS ALPN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_32_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Validity Too Long"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_33_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious Extension"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_34_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Fatal Alert"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_35_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious Entropy"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_36_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Clear Text Credentials"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_37_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Large DNS Packet"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_38_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fragmented DNS Message"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_39_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Text With Non Printable Chars"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_40_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Possible Exploit"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_41_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert About To Expire"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_42_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IDN Domain Name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_43_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Error Code"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_44_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Crawler/Bot"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_45_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Anonymous Subscriber"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_46_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unidirectional Traffic"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_47_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Obsolete Server"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_48_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Periodic Flow"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_49_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Minor Issues"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_50_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP Connection Issues"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_51_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fully Encrypted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_52_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Invalid ALPN/SNI combination"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_53_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malware Host Contacted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown Risk"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_54_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary Transfer Attempt"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_55_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Probing Attempt"
+ }
+ ]
+ }
+ ]
+ },
+ "options": {
+ "minVizHeight": 75,
+ "minVizWidth": 75,
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": false
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "Risk",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "gauge"
+ }
+ }
+ },
+ "__requires": [
+ {
+ "type": "panel",
+ "id": "bargauge",
+ "name": "Bar gauge",
+ "version": ""
+ },
+ {
+ "type": "panel",
+ "id": "gauge",
+ "name": "Gauge",
+ "version": ""
+ },
+ {
+ "type": "grafana",
+ "id": "grafana",
+ "name": "Grafana",
+ "version": "10.2.0"
+ },
+ {
+ "type": "datasource",
+ "id": "influxdb",
+ "name": "InfluxDB",
+ "version": "1.0.0"
+ },
+ {
+ "type": "panel",
+ "id": "piechart",
+ "name": "Pie chart",
+ "version": ""
+ },
+ {
+ "type": "panel",
+ "id": "stat",
+ "name": "Stat",
+ "version": ""
+ },
+ {
+ "type": "panel",
+ "id": "state-timeline",
+ "name": "State timeline",
+ "version": ""
+ },
+ {
+ "type": "panel",
+ "id": "status-history",
+ "name": "Status history",
+ "version": ""
+ },
+ {
+ "type": "panel",
+ "id": "timeseries",
+ "name": "Time series",
+ "version": ""
+ }
+ ],
+ "annotations": {
+ "list": [
+ {
+ "builtIn": 1,
+ "datasource": {
+ "type": "grafana",
+ "uid": "-- Grafana --"
+ },
+ "enable": true,
+ "hide": true,
+ "iconColor": "rgba(0, 211, 255, 1)",
+ "name": "Annotations & Alerts",
+ "type": "dashboard"
+ }
+ ]
+ },
+ "editable": false,
+ "fiscalYearStartMonth": 0,
+ "graphTooltip": 0,
+ "id": null,
+ "links": [],
+ "liveNow": false,
+ "panels": [
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 0
+ },
+ "id": 22,
+ "panels": [],
+ "title": "Events",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "#EAB839",
+ "value": 25
+ },
+ {
+ "color": "red",
+ "value": 50
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip4_l4_payload_detection"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv4 L4 Failed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip4_packet_too_short"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv4 Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip4_size_smaller_than_header"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv4 Header Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip6_l4_payload_detection"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv6 L4 Failed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip6_packet_too_short"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv6 Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_ip6_size_smaller_than_header"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv6 Header Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_packet_header_invalid"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Packet Header Invalid"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_packet_too_short"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_packet_type_unknown"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Packet Type Unknown"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_tcp_packet_too_short"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_udp_packet_too_short"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "UDP Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_unknown_datalink"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown Datalink"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_unknown_l3_protocol"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown L3 Protocol"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_unsupported_datalink"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsupported Datalink"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_analyse_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Analyse"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Detections"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_detection_update_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Detection Updates"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_end_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "End"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_guessed_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Guessed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 5
+ },
+ {
+ "color": "red",
+ "value": 10
+ }
+ ]
+ }
+ },
+ {
+ "id": "color"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_idle_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Idle"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_new_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "New"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_not_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Not Detected"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risky_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_update_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Updates"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "init_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Init"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "packet_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Packet"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 25
+ },
+ {
+ "color": "red",
+ "value": 50
+ }
+ ]
+ }
+ },
+ {
+ "id": "color",
+ "value": {
+ "mode": "thresholds"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "packet_flow_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Packet Flow"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "reconnect_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Reconnect"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "shutdown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Shutdown"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "status_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Status"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_capture_size_smaller_than_packet"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Capture Size < Packet Size"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_flow_memory_alloc"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Memory Allocation Failed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "error_max_flows_to_track"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Max Flows"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 15,
+ "x": 0,
+ "y": 1
+ },
+ "id": 20,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic-by-name"
+ },
+ "custom": {
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ }
+ },
+ "mappings": []
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 3,
+ "x": 15,
+ "y": 1
+ },
+ "id": 19,
+ "options": {
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "pieType": "pie",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "piechart"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic-by-name"
+ },
+ "custom": {
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ }
+ },
+ "mappings": []
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 9,
+ "w": 3,
+ "x": 18,
+ "y": 1
+ },
+ "id": 28,
+ "options": {
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "pieType": "pie",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "piechart"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 3,
+ "x": 21,
+ "y": 1
+ },
+ "id": 27,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Packet",
+ "transformations": [
+ {
+ "id": "calculateField",
+ "options": {
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
+ },
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 3,
+ "x": 21,
+ "y": 4
+ },
+ "id": 26,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Detection",
+ "transformations": [
+ {
+ "id": "calculateField",
+ "options": {
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
+ },
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 3,
+ "w": 3,
+ "x": 21,
+ "y": 7
+ },
+ "id": 21,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )",
+ "refId": "A"
+ }
+ ],
+ "transformations": [
+ {
+ "id": "calculateField",
+ "options": {
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
+ },
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 10
+ },
+ "id": 5,
+ "panels": [],
+ "title": "General",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ },
+ "unit": "binBps"
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_dst_total_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Received"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_src_total_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Transmitted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "json_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total JSON Bytes"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 15,
+ "x": 0,
+ "y": 11
+ },
+ "id": 1,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Data Processed",
+ "type": "timeseries"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ }
+ },
+ "mappings": [],
+ "unit": "bytes"
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_dst_total_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Received"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_src_total_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total Bytes Transmitted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "json_bytes"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Total JSON Bytes"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 3,
+ "x": 15,
+ "y": 11
+ },
+ "id": 3,
+ "options": {
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "pieType": "pie",
+ "reduceOptions": {
+ "calcs": [
+ "sum"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )",
+ "refId": "A"
+ }
+ ],
+ "type": "piechart"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ },
+ "unit": "binBps"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 18,
+ "y": 11
+ },
+ "id": 24,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Bytes Transmitted",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 21,
+ "y": 11
+ },
+ "id": 7,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "JSON Lines",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ },
+ "unit": "binBps"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 18,
+ "y": 15
+ },
+ "id": 25,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Bytes Received",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ },
+ "unit": "binBps"
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 4,
+ "w": 3,
+ "x": 21,
+ "y": 15
+ },
+ "id": 23,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Total Bytes",
+ "transformations": [
+ {
+ "id": "calculateField",
+ "options": {
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
+ },
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 19
+ },
+ "id": 6,
+ "panels": [],
+ "title": "Flow",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_acceptable_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Acceptable"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_dangerous_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Dangerous"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_fun_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fun"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_potentially_dangerous_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Potentially Dangerous"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_safe_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Safe"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_tracker_ads_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Tracker/Ads"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown"
+ },
+ {
+ "id": "color",
+ "value": {
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_unrated_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unrated"
+ },
+ {
+ "id": "color",
+ "value": {
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_unsafe_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsafe"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_dangerous_count"
+ },
+ "properties": [
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "dark-red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_breed_potentially_dangerous_count"
+ },
+ "properties": [
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "dark-orange",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 6,
+ "w": 12,
+ "x": 0,
+ "y": 20
+ },
+ "id": 4,
+ "options": {
+ "minVizHeight": 75,
+ "minVizWidth": 75,
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": false
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "Breed",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "gauge"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_active_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Active Flows"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 6,
+ "w": 2,
+ "x": 12,
+ "y": 20
+ },
+ "id": 8,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Active",
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_guessed_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Guessed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_not_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Not Detected"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Detected"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 10,
+ "x": 14,
+ "y": 20
+ },
+ "id": 9,
+ "options": {
+ "minVizHeight": 75,
+ "minVizWidth": 75,
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": false
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "Detection",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "gauge"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ },
+ {
+ "color": "#EAB839",
+ "value": 50
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_adult_content_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Adult Content"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_advertisment_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Advertisment"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_allowed_site_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Allowed Site"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_antimalware_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Anti Malware"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_banned_site_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Banned Site"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_chat_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Chat"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_cloud_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Cloud"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_collaborative_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Collaborative"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_conn_check_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Connection Check"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_crypto_currency_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Crypto Currency"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_cybersecurity_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Cybersecurity"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_data_transfer_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Data Transfer"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_database_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Database"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_download_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Download"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_email_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "E-Mail"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_file_sharing_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "File Sharing"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_gambling_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Gambling"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_game_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Game"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_iot_scada_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IoT/Scada"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_malware_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malware"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_media_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Media"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_mining_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Mining"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_music_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Music"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_network_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Network"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_productivity_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Productivity"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_remote_access_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Remote Access"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_rpc_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "RPC"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_shopping_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Shopping"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_site_unavail_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Site Unavailable"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_social_network_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Social Network"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_software_update_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Software Update"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_streaming_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Streaming"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_system_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "System"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_unspecified_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unspecified"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_video_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Video"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_virt_assistant_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Virtual Assistant"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_voip_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "VoIP"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_vpn_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "VPN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_category_web_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Web"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 27,
+ "w": 12,
+ "x": 0,
+ "y": 26
+ },
+ "id": 10,
+ "options": {
+ "minVizHeight": 75,
+ "minVizWidth": 75,
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showThresholdLabels": false,
+ "showThresholdMarkers": false
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "Category",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "gauge"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_state_finished"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Finished"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_state_info"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Processing"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 11,
+ "w": 2,
+ "x": 12,
+ "y": 26
+ },
+ "id": 13,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "State",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green",
+ "value": null
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_by_ip"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "By IP"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "yellow",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_by_port"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "By Port"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "yellow",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_dpi"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "DPI"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_dpi_aggressive"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "DPI Aggressive"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "blue",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_dpi_cache"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "DPI Cache"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "dark-green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_dpi_partial"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "DPI Partial"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "light-green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_dpi_partial_cache"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "DPI Partial Cache"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "super-light-green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_nbpf"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "nBPF"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "blue",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_unknown"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown"
+ },
+ {
+ "id": "color",
+ "value": {
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_confidence_custom_rule"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Custom Rule"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "blue",
+ "mode": "fixed"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 14,
+ "w": 10,
+ "x": 14,
+ "y": 28
+ },
+ "id": 14,
+ "options": {
+ "displayMode": "gradient",
+ "minVizHeight": 10,
+ "minVizWidth": 0,
+ "namePlacement": "auto",
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showUnfilled": true,
+ "valueMode": "color"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "Confidence",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "bargauge"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green"
+ }
+ ]
+ }
+ },
+ "overrides": []
+ },
+ "gridPos": {
+ "h": 5,
+ "w": 2,
+ "x": 12,
+ "y": 37
+ },
+ "id": 18,
+ "options": {
+ "colorMode": "value",
+ "graphMode": "area",
+ "justifyMode": "auto",
+ "orientation": "auto",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "textMode": "auto"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Total Risks",
+ "transformations": [
+ {
+ "id": "calculateField",
+ "options": {
+ "mode": "reduceRow",
+ "reduce": {
+ "reducer": "sum"
+ },
+ "replaceFields": true
+ }
+ }
+ ],
+ "type": "stat"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green"
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_critical"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Critical"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "dark-red",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_emergency"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Emergency"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "red",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_high"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "High"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "yellow",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_low"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Low"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "light-green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_medium"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Medium"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "dark-green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_severe"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Severe"
+ },
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "dark-orange",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_severity_unknown"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown"
+ },
+ {
+ "id": "color",
+ "value": {
+ "mode": "fixed"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 11,
+ "w": 12,
+ "x": 12,
+ "y": 42
+ },
+ "id": 11,
+ "options": {
+ "displayMode": "gradient",
+ "minVizHeight": 10,
+ "minVizWidth": 0,
+ "namePlacement": "auto",
+ "orientation": "horizontal",
+ "reduceOptions": {
+ "calcs": [
+ "lastNotNull"
+ ],
+ "fields": "",
+ "values": false
+ },
+ "showUnfilled": true,
+ "valueMode": "color"
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )",
+ "refId": "A"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "hide": false,
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )",
+ "refId": "B"
+ }
+ ],
+ "title": "Risk Severity",
+ "transformations": [
+ {
+ "id": "configFromData",
+ "options": {
+ "configRefId": "B",
+ "mappings": [
+ {
+ "fieldName": "Time",
+ "handlerKey": "__ignore"
+ },
+ {
+ "fieldName": "flow_active_count",
+ "handlerKey": "max"
+ }
+ ]
+ }
+ }
+ ],
+ "type": "bargauge"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 53
+ },
+ "id": 32,
+ "panels": [],
+ "title": "Risks",
+ "type": "row"
+ },
+ {
+ "gridPos": {
+ "h": 24,
+ "w": 24,
+ "x": 0,
+ "y": 54
+ },
+ "id": 12,
+ "libraryPanel": {
+ "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5",
+ "name": "Risk"
+ }
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_1_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "XSS Attack"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_2_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SQL Injection"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_3_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "RCE Injection"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_4_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary App Transfer"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_5_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Known Proto on Non Std Port"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_6_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Self signed Cert"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_7_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Obsolete TLS v1.1 or older"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_8_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Weak TLS Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_9_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Expired"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_10_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Mismatch"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_11_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious User Agent"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_12_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Numeric IP Address"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_13_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious URL"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_14_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Header"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_15_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS probably Not Carrying HTTPS"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_16_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DGA Domain name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_17_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malformed Packet"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_18_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Client Version/Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_19_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Server Version/Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_20_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SMB Insecure Version"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_21_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious ESNI Usage"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_22_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsafe Protocol"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_23_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DNS Traffic"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_24_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Missing SNI TLS Extension"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_25_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Content"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_26_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky ASN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_27_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky Domain Name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_28_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious JA3 Fingerprint"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_29_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious SSL Cert/SHA1 Fingerprint"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_30_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Desktop/File-Sharing"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_31_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Uncommon TLS ALPN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_32_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Validity Too Long"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_33_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious Extension"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_34_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Fatal Alert"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_35_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious Entropy"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_36_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Clear Text Credentials"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_37_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Large DNS Packet"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_38_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fragmented DNS Message"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_39_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Text With Non Printable Chars"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_40_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Possible Exploit"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_41_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert About To Expire"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_42_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IDN Domain Name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_43_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Error Code"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_44_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Crawler/Bot"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_45_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Anonymous Subscriber"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_46_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unidirectional Traffic"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_47_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Obsolete Server"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_48_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Periodic Flow"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_49_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Minor Issues"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_50_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP Connection Issues"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_51_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fully Encrypted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_52_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Invalid ALPN/SNI combination"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_53_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malware Host Contacted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown Risk"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 10,
+ "w": 24,
+ "x": 0,
+ "y": 78
+ },
+ "id": 34,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Risk",
+ "type": "timeseries"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 88
+ },
+ "id": 29,
+ "panels": [],
+ "title": "Flow (Simplified / Historic)",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "log": 2,
+ "type": "log"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "red",
+ "value": 80
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byRegexp",
+ "options": "/flow_breed_.*/"
+ },
+ "properties": [
+ {
+ "id": "custom.hideFrom",
+ "value": {
+ "legend": true,
+ "tooltip": true,
+ "viz": true
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Legit"
+ },
+ "properties": [
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "green",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Caution Advised"
+ },
+ "properties": [
+ {
+ "id": "color",
+ "value": {
+ "fixedColor": "red",
+ "mode": "fixed"
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "Dont Know"
+ },
+ "properties": [
+ {
+ "id": "color",
+ "value": {
+ "mode": "fixed"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 89
+ },
+ "id": 30,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Breed",
+ "transformations": [
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Caution Advised",
+ "mode": "reduceRow",
+ "reduce": {
+ "include": [
+ "flow_breed_potentially_dangerous_count breed",
+ "flow_breed_unsafe_count breed",
+ "flow_breed_dangerous_count breed"
+ ],
+ "reducer": "sum"
+ },
+ "replaceFields": false
+ }
+ },
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Legit",
+ "mode": "reduceRow",
+ "reduce": {
+ "include": [
+ "flow_breed_acceptable_count breed",
+ "flow_breed_fun_count breed",
+ "flow_breed_safe_count breed"
+ ],
+ "reducer": "sum"
+ }
+ }
+ },
+ {
+ "id": "calculateField",
+ "options": {
+ "alias": "Dont Know",
+ "mode": "reduceRow",
+ "reduce": {
+ "include": [
+ "flow_breed_unrated_count breed",
+ "flow_breed_unknown_count breed"
+ ],
+ "reducer": "sum"
+ }
+ }
+ }
+ ],
+ "type": "timeseries"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "custom": {
+ "fillOpacity": 70,
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "lineWidth": 1
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Detected"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_guessed_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Guessed"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_not_detected_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Not Detected"
+ },
+ {
+ "id": "thresholds",
+ "value": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "red",
+ "value": 1
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 12,
+ "y": 89
+ },
+ "id": 31,
+ "options": {
+ "colWidth": 0.9,
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": false
+ },
+ "rowHeight": 0.9,
+ "showValue": "auto",
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Detection",
+ "type": "status-history"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "thresholds"
+ },
+ "custom": {
+ "fillOpacity": 70,
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineWidth": 0,
+ "spanNulls": false
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "absolute",
+ "steps": [
+ {
+ "color": "green"
+ },
+ {
+ "color": "yellow",
+ "value": 1
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_1_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "XSS Attack"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_2_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SQL Injection"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_3_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "RCE Injection"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_4_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary App Transfer"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_5_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Known Proto on Non Std Port"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_6_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Self signed Cert"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_7_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Obsolete TLS v1.1 or older"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_8_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Weak TLS Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_9_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Expired"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_10_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Mismatch"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_11_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious User Agent"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_12_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Numeric IP Address"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_13_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious URL"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_14_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Header"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_15_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS probably Not Carrying HTTPS"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_16_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DGA Domain name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_17_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malformed Packet"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_18_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Client Version/Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_19_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SSH Obsolete Server Version/Cipher"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_20_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "SMB Insecure Version"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_21_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious ESNI Usage"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_22_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unsafe Protocol"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_23_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious DNS Traffic"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_24_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Missing SNI TLS Extension"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_25_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Suspicious Content"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_26_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky ASN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_27_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Risky Domain Name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_28_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious Fingerprint"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_29_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malicious SSL Cert/SHA1 Fingerprint"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_30_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Desktop/File-Sharing"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_31_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Uncommon TLS ALPN"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_32_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert Validity Too Long"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_33_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Suspicious Extension"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_34_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Fatal Alert"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_35_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Suspicious Entropy"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_36_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Clear Text Credentials"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_37_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Large DNS Packet"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_38_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fragmented DNS Message"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_39_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Text With Non Printable Chars"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_40_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Possible Exploit"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_41_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TLS Cert About To Expire"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_42_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IDN Domain Name"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_43_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Error Code"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_44_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Crawler/Bot"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_45_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Anonymous Subscriber"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_46_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unidirectional Traffic"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_47_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "HTTP Obsolete Server"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_48_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Periodic Flow"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_49_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Minor Issues"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_50_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP Connection Issues"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_51_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Fully Encrypted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_52_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Invalid ALPN/SNI combination"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_53_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Malware Host Contacted"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_unknown_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Unknown Risk"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_54_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Binary Transfer Attempt"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_risk_55_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Probing Attempt"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 24,
+ "w": 24,
+ "x": 0,
+ "y": 97
+ },
+ "id": 33,
+ "options": {
+ "alignValue": "left",
+ "legend": {
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
+ },
+ "mergeValues": true,
+ "rowHeight": 0.9,
+ "showValue": "auto",
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "pluginVersion": "10.2.0",
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Risk",
+ "type": "state-timeline"
+ },
+ {
+ "collapsed": false,
+ "gridPos": {
+ "h": 1,
+ "w": 24,
+ "x": 0,
+ "y": 121
+ },
+ "id": 15,
+ "panels": [],
+ "title": "Layer3 / Layer4",
+ "type": "row"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green"
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l3_ip4_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv4"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l3_ip6_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "IPv6"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l3_other_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Other"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 0,
+ "y": 122
+ },
+ "id": 16,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Layer3",
+ "type": "timeseries"
+ },
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "fieldConfig": {
+ "defaults": {
+ "color": {
+ "mode": "palette-classic"
+ },
+ "custom": {
+ "axisBorderShow": false,
+ "axisCenteredZero": false,
+ "axisColorMode": "text",
+ "axisLabel": "",
+ "axisPlacement": "auto",
+ "barAlignment": 0,
+ "drawStyle": "line",
+ "fillOpacity": 0,
+ "gradientMode": "none",
+ "hideFrom": {
+ "legend": false,
+ "tooltip": false,
+ "viz": false
+ },
+ "insertNulls": false,
+ "lineInterpolation": "linear",
+ "lineWidth": 1,
+ "pointSize": 5,
+ "scaleDistribution": {
+ "type": "linear"
+ },
+ "showPoints": "auto",
+ "spanNulls": false,
+ "stacking": {
+ "group": "A",
+ "mode": "none"
+ },
+ "thresholdsStyle": {
+ "mode": "off"
+ }
+ },
+ "mappings": [],
+ "thresholds": {
+ "mode": "percentage",
+ "steps": [
+ {
+ "color": "green"
+ }
+ ]
+ }
+ },
+ "overrides": [
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_icmp_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "ICMP"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_other_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "Other"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_tcp_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "TCP"
+ }
+ ]
+ },
+ {
+ "matcher": {
+ "id": "byName",
+ "options": "flow_l4_udp_count"
+ },
+ "properties": [
+ {
+ "id": "displayName",
+ "value": "UDP"
+ }
+ ]
+ }
+ ]
+ },
+ "gridPos": {
+ "h": 8,
+ "w": 12,
+ "x": 12,
+ "y": 122
+ },
+ "id": 17,
+ "options": {
+ "legend": {
+ "calcs": [],
+ "displayMode": "list",
+ "placement": "bottom",
+ "showLegend": true
+ },
+ "tooltip": {
+ "mode": "single",
+ "sort": "none"
+ }
+ },
+ "targets": [
+ {
+ "datasource": {
+ "type": "influxdb",
+ "uid": "${DS_INFLUXDB}"
+ },
+ "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )",
+ "refId": "A"
+ }
+ ],
+ "title": "Layer4",
+ "type": "timeseries"
+ }
+ ],
+ "refresh": "10s",
+ "schemaVersion": 38,
+ "tags": [],
+ "templating": {
+ "list": [
+ {
+ "hide": 2,
+ "name": "ndpid_db_name",
+ "query": "${VAR_NDPID_DB_NAME}",
+ "skipUrlSync": false,
+ "type": "constant",
+ "current": {
+ "value": "${VAR_NDPID_DB_NAME}",
+ "text": "${VAR_NDPID_DB_NAME}",
+ "selected": false
+ },
+ "options": [
+ {
+ "value": "${VAR_NDPID_DB_NAME}",
+ "text": "${VAR_NDPID_DB_NAME}",
+ "selected": false
+ }
+ ]
+ }
+ ]
+ },
+ "time": {
+ "from": "now-15m",
+ "to": "now"
+ },
+ "timepicker": {},
+ "timezone": "",
+ "title": "nDPId",
+ "uid": "e57b37c0-d0ba-4f50-9b2d-f83e71ae8c27",
+ "version": 111,
+ "weekStart": ""
+} \ No newline at end of file