{ "__inputs": [ { "name": "DS_INFLUXDB", "label": "InfluxDB", "description": "", "type": "datasource", "pluginId": "influxdb", "pluginName": "InfluxDB" }, { "name": "VAR_NDPID_DB_NAME", "type": "constant", "label": "ndpid_db_name", "value": "ndpi-daemon", "description": "" } ], "__elements": { "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5": { "name": "Risk", "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5", "kind": 1, "model": { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 0.01 }, { "color": "dark-red", "value": 50 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_risk_1_count" }, "properties": [ { "id": "displayName", "value": "XSS Attack" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_2_count" }, "properties": [ { "id": "displayName", "value": "SQL Injection" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_3_count" }, "properties": [ { "id": "displayName", "value": "RCE Injection" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_4_count" }, "properties": [ { "id": "displayName", "value": "Binary App Transfer" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_5_count" }, "properties": [ { "id": "displayName", "value": "Known Proto on Non Std Port" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_6_count" }, "properties": [ { "id": "displayName", "value": "Self signed Cert" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_7_count" }, "properties": [ { "id": "displayName", "value": "Obsolete TLS v1.1 or older" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_8_count" }, "properties": [ { "id": "displayName", "value": "Weak TLS Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_9_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Expired" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_10_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Mismatch" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_11_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious User Agent" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_12_count" }, "properties": [ { "id": "displayName", "value": "HTTP Numeric IP Address" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_13_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious URL" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_14_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious Header" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_15_count" }, "properties": [ { "id": "displayName", "value": "TLS probably Not Carrying HTTPS" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_16_count" }, "properties": [ { "id": "displayName", "value": "Suspicious DGA Domain name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_17_count" }, "properties": [ { "id": "displayName", "value": "Malformed Packet" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_18_count" }, "properties": [ { "id": "displayName", "value": "SSH Obsolete Client Version/Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_19_count" }, "properties": [ { "id": "displayName", "value": "SSH Obsolete Server Version/Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_20_count" }, "properties": [ { "id": "displayName", "value": "SMB Insecure Version" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_21_count" }, "properties": [ { "id": "displayName", "value": "TLS Suspicious ESNI Usage" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_22_count" }, "properties": [ { "id": "displayName", "value": "Unsafe Protocol" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_23_count" }, "properties": [ { "id": "displayName", "value": "Suspicious DNS Traffic" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_24_count" }, "properties": [ { "id": "displayName", "value": "Missing SNI TLS Extension" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_25_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious Content" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_26_count" }, "properties": [ { "id": "displayName", "value": "Risky ASN" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_27_count" }, "properties": [ { "id": "displayName", "value": "Risky Domain Name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_28_count" }, "properties": [ { "id": "displayName", "value": "Malicious Fingerprint" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_29_count" }, "properties": [ { "id": "displayName", "value": "Malicious SSL Cert/SHA1 Fingerprint" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_30_count" }, "properties": [ { "id": "displayName", "value": "Desktop/File-Sharing" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_31_count" }, "properties": [ { "id": "displayName", "value": "Uncommon TLS ALPN" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_32_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Validity Too Long" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_33_count" }, "properties": [ { "id": "displayName", "value": "TLS Suspicious Extension" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_34_count" }, "properties": [ { "id": "displayName", "value": "TLS Fatal Alert" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_35_count" }, "properties": [ { "id": "displayName", "value": "Suspicious Entropy" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_36_count" }, "properties": [ { "id": "displayName", "value": "Clear Text Credentials" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_37_count" }, "properties": [ { "id": "displayName", "value": "Large DNS Packet" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_38_count" }, "properties": [ { "id": "displayName", "value": "Fragmented DNS Message" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_39_count" }, "properties": [ { "id": "displayName", "value": "Text With Non Printable Chars" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_40_count" }, "properties": [ { "id": "displayName", "value": "Possible Exploit" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_41_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert About To Expire" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_42_count" }, "properties": [ { "id": "displayName", "value": "IDN Domain Name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_43_count" }, "properties": [ { "id": "displayName", "value": "Error Code" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_44_count" }, "properties": [ { "id": "displayName", "value": "Crawler/Bot" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_45_count" }, "properties": [ { "id": "displayName", "value": "Anonymous Subscriber" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_46_count" }, "properties": [ { "id": "displayName", "value": "Unidirectional Traffic" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_47_count" }, "properties": [ { "id": "displayName", "value": "HTTP Obsolete Server" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_48_count" }, "properties": [ { "id": "displayName", "value": "Periodic Flow" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_49_count" }, "properties": [ { "id": "displayName", "value": "Minor Issues" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_50_count" }, "properties": [ { "id": "displayName", "value": "TCP Connection Issues" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_51_count" }, "properties": [ { "id": "displayName", "value": "Fully Encrypted" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_52_count" }, "properties": [ { "id": "displayName", "value": "Invalid ALPN/SNI combination" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_53_count" }, "properties": [ { "id": "displayName", "value": "Malware Host Contacted" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_unknown_count" }, "properties": [ { "id": "displayName", "value": "Unknown Risk" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_54_count" }, "properties": [ { "id": "displayName", "value": "Binary Transfer Attempt" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_55_count" }, "properties": [ { "id": "displayName", "value": "Probing Attempt" } ] } ] }, "options": { "minVizHeight": 75, "minVizWidth": 75, "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showThresholdLabels": false, "showThresholdMarkers": false }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "dabd3b1d-a74e-4ae6-9dfd-e1344e589ba0" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "Risk", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "gauge" } } }, "__requires": [ { "type": "panel", "id": "bargauge", "name": "Bar gauge", "version": "" }, { "type": "panel", "id": "gauge", "name": "Gauge", "version": "" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "10.2.0" }, { "type": "datasource", "id": "influxdb", "name": "InfluxDB", "version": "1.0.0" }, { "type": "panel", "id": "piechart", "name": "Pie chart", "version": "" }, { "type": "panel", "id": "stat", "name": "Stat", "version": "" }, { "type": "panel", "id": "state-timeline", "name": "State timeline", "version": "" }, { "type": "panel", "id": "status-history", "name": "Status history", "version": "" }, { "type": "panel", "id": "timeseries", "name": "Time series", "version": "" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": false, "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": null, "links": [], "liveNow": false, "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 22, "panels": [], "title": "Events", "type": "row" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "#EAB839", "value": 25 }, { "color": "red", "value": 50 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "error_ip4_l4_payload_detection" }, "properties": [ { "id": "displayName", "value": "IPv4 L4 Failed" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_ip4_packet_too_short" }, "properties": [ { "id": "displayName", "value": "IPv4 Packet Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_ip4_size_smaller_than_header" }, "properties": [ { "id": "displayName", "value": "IPv4 Header Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_ip6_l4_payload_detection" }, "properties": [ { "id": "displayName", "value": "IPv6 L4 Failed" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_ip6_packet_too_short" }, "properties": [ { "id": "displayName", "value": "IPv6 Packet Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_ip6_size_smaller_than_header" }, "properties": [ { "id": "displayName", "value": "IPv6 Header Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_packet_header_invalid" }, "properties": [ { "id": "displayName", "value": "Packet Header Invalid" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_packet_too_short" }, "properties": [ { "id": "displayName", "value": "Packet Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_packet_type_unknown" }, "properties": [ { "id": "displayName", "value": "Packet Type Unknown" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_tcp_packet_too_short" }, "properties": [ { "id": "displayName", "value": "TCP Packet Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_udp_packet_too_short" }, "properties": [ { "id": "displayName", "value": "UDP Packet Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_unknown_datalink" }, "properties": [ { "id": "displayName", "value": "Unknown Datalink" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_unknown_l3_protocol" }, "properties": [ { "id": "displayName", "value": "Unknown L3 Protocol" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_unsupported_datalink" }, "properties": [ { "id": "displayName", "value": "Unsupported Datalink" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_analyse_count" }, "properties": [ { "id": "displayName", "value": "Analyse" } ] }, { "matcher": { "id": "byName", "options": "flow_detected_count" }, "properties": [ { "id": "displayName", "value": "Detections" } ] }, { "matcher": { "id": "byName", "options": "flow_detection_update_count" }, "properties": [ { "id": "displayName", "value": "Detection Updates" } ] }, { "matcher": { "id": "byName", "options": "flow_end_count" }, "properties": [ { "id": "displayName", "value": "End" } ] }, { "matcher": { "id": "byName", "options": "flow_guessed_count" }, "properties": [ { "id": "displayName", "value": "Guessed" }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 5 }, { "color": "red", "value": 10 } ] } }, { "id": "color" } ] }, { "matcher": { "id": "byName", "options": "flow_idle_count" }, "properties": [ { "id": "displayName", "value": "Idle" } ] }, { "matcher": { "id": "byName", "options": "flow_new_count" }, "properties": [ { "id": "displayName", "value": "New" } ] }, { "matcher": { "id": "byName", "options": "flow_not_detected_count" }, "properties": [ { "id": "displayName", "value": "Not Detected" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_risky_count" }, "properties": [ { "id": "displayName", "value": "Risky" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_update_count" }, "properties": [ { "id": "displayName", "value": "Updates" } ] }, { "matcher": { "id": "byName", "options": "init_count" }, "properties": [ { "id": "displayName", "value": "Init" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "packet_count" }, "properties": [ { "id": "displayName", "value": "Packet" }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 25 }, { "color": "red", "value": 50 } ] } }, { "id": "color", "value": { "mode": "thresholds" } } ] }, { "matcher": { "id": "byName", "options": "packet_flow_count" }, "properties": [ { "id": "displayName", "value": "Packet Flow" } ] }, { "matcher": { "id": "byName", "options": "reconnect_count" }, "properties": [ { "id": "displayName", "value": "Reconnect" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "shutdown_count" }, "properties": [ { "id": "displayName", "value": "Shutdown" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "status_count" }, "properties": [ { "id": "displayName", "value": "Status" } ] }, { "matcher": { "id": "byName", "options": "error_capture_size_smaller_than_packet" }, "properties": [ { "id": "displayName", "value": "Capture Size < Packet Size" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_flow_memory_alloc" }, "properties": [ { "id": "displayName", "value": "Memory Allocation Failed" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "error_max_flows_to_track" }, "properties": [ { "id": "displayName", "value": "Max Flows" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } } ] } ] }, "gridPos": { "h": 9, "w": 15, "x": 0, "y": 1 }, "id": 20, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", "refId": "A" } ], "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic-by-name" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 9, "w": 3, "x": 15, "y": 1 }, "id": 19, "options": { "legend": { "displayMode": "list", "placement": "bottom", "showLegend": false }, "pieType": "pie", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", "refId": "A" } ], "type": "piechart" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic-by-name" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 9, "w": 3, "x": 18, "y": 1 }, "id": 28, "options": { "legend": { "displayMode": "list", "placement": "bottom", "showLegend": false }, "pieType": "pie", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n r._field != \"packet_flow_count\"\n )", "refId": "A" } ], "type": "piechart" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 3, "w": 3, "x": 21, "y": 1 }, "id": 27, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"packet_count\" or\n r._field == \"packet_flow_count\")\n )", "refId": "A" } ], "title": "Packet", "transformations": [ { "id": "calculateField", "options": { "mode": "reduceRow", "reduce": { "reducer": "sum" }, "replaceFields": true } } ], "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 3, "w": 3, "x": 21, "y": 4 }, "id": 26, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_detection_update_count\" or\n r._field == \"flow_guessed_count\")\n )", "refId": "A" } ], "title": "Detection", "transformations": [ { "id": "calculateField", "options": { "mode": "reduceRow", "reduce": { "reducer": "sum" }, "replaceFields": true } } ], "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 3, "w": 3, "x": 21, "y": 7 }, "id": 21, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"events\"\n )", "refId": "A" } ], "transformations": [ { "id": "calculateField", "options": { "mode": "reduceRow", "reduce": { "reducer": "sum" }, "replaceFields": true } } ], "type": "stat" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 10 }, "id": 5, "panels": [], "title": "General", "type": "row" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "binBps" }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_dst_total_bytes" }, "properties": [ { "id": "displayName", "value": "Total Bytes Received" } ] }, { "matcher": { "id": "byName", "options": "flow_src_total_bytes" }, "properties": [ { "id": "displayName", "value": "Total Bytes Transmitted" } ] }, { "matcher": { "id": "byName", "options": "json_bytes" }, "properties": [ { "id": "displayName", "value": "Total JSON Bytes" } ] } ] }, "gridPos": { "h": 8, "w": 15, "x": 0, "y": 11 }, "id": 1, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", "refId": "A" } ], "title": "Data Processed", "type": "timeseries" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "unit": "bytes" }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_dst_total_bytes" }, "properties": [ { "id": "displayName", "value": "Total Bytes Received" } ] }, { "matcher": { "id": "byName", "options": "flow_src_total_bytes" }, "properties": [ { "id": "displayName", "value": "Total Bytes Transmitted" } ] }, { "matcher": { "id": "byName", "options": "json_bytes" }, "properties": [ { "id": "displayName", "value": "Total JSON Bytes" } ] } ] }, "gridPos": { "h": 8, "w": 3, "x": 15, "y": 11 }, "id": 3, "options": { "legend": { "displayMode": "list", "placement": "bottom", "showLegend": false }, "pieType": "pie", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\" or\n r._field == \"json_bytes\")\n )", "refId": "A" } ], "type": "piechart" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "binBps" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 18, "y": 11 }, "id": 24, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_src_total_bytes\"\n )", "refId": "A" } ], "title": "Bytes Transmitted", "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 21, "y": 11 }, "id": 7, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"json_lines\"\n )", "refId": "A" } ], "title": "JSON Lines", "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "binBps" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 18, "y": 15 }, "id": 25, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n r._field == \"flow_dst_total_bytes\"\n )", "refId": "A" } ], "title": "Bytes Received", "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] }, "unit": "binBps" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 21, "y": 15 }, "id": 23, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"general\" and\n (r._field == \"flow_src_total_bytes\" or\n r._field == \"flow_dst_total_bytes\")\n )", "refId": "A" } ], "title": "Total Bytes", "transformations": [ { "id": "calculateField", "options": { "mode": "reduceRow", "reduce": { "reducer": "sum" }, "replaceFields": true } } ], "type": "stat" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 19 }, "id": 6, "panels": [], "title": "Flow", "type": "row" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_breed_acceptable_count" }, "properties": [ { "id": "displayName", "value": "Acceptable" } ] }, { "matcher": { "id": "byName", "options": "flow_breed_dangerous_count" }, "properties": [ { "id": "displayName", "value": "Dangerous" } ] }, { "matcher": { "id": "byName", "options": "flow_breed_fun_count" }, "properties": [ { "id": "displayName", "value": "Fun" } ] }, { "matcher": { "id": "byName", "options": "flow_breed_potentially_dangerous_count" }, "properties": [ { "id": "displayName", "value": "Potentially Dangerous" } ] }, { "matcher": { "id": "byName", "options": "flow_breed_safe_count" }, "properties": [ { "id": "displayName", "value": "Safe" } ] }, { "matcher": { "id": "byName", "options": "flow_breed_tracker_ads_count" }, "properties": [ { "id": "displayName", "value": "Tracker/Ads" } ] }, { "matcher": { "id": "byName", "options": "flow_breed_unknown_count" }, "properties": [ { "id": "displayName", "value": "Unknown" }, { "id": "color", "value": { "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_breed_unrated_count" }, "properties": [ { "id": "displayName", "value": "Unrated" }, { "id": "color", "value": { "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_breed_unsafe_count" }, "properties": [ { "id": "displayName", "value": "Unsafe" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_breed_dangerous_count" }, "properties": [ { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "dark-red", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_breed_potentially_dangerous_count" }, "properties": [ { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "dark-orange", "value": 1 } ] } } ] } ] }, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 20 }, "id": 4, "options": { "minVizHeight": 75, "minVizWidth": 75, "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showThresholdLabels": false, "showThresholdMarkers": false }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "Breed", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "gauge" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_active_count" }, "properties": [ { "id": "displayName", "value": "Active Flows" } ] } ] }, "gridPos": { "h": 6, "w": 2, "x": 12, "y": 20 }, "id": 8, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "A" } ], "title": "Active", "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_guessed_count" }, "properties": [ { "id": "displayName", "value": "Guessed" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_not_detected_count" }, "properties": [ { "id": "displayName", "value": "Not Detected" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_detected_count" }, "properties": [ { "id": "displayName", "value": "Detected" } ] } ] }, "gridPos": { "h": 8, "w": 10, "x": 14, "y": 20 }, "id": 9, "options": { "minVizHeight": 75, "minVizWidth": 75, "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showThresholdLabels": false, "showThresholdMarkers": false }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "Detection", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "gauge" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "#EAB839", "value": 50 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_category_adult_content_count" }, "properties": [ { "id": "displayName", "value": "Adult Content" } ] }, { "matcher": { "id": "byName", "options": "flow_category_advertisment_count" }, "properties": [ { "id": "displayName", "value": "Advertisment" } ] }, { "matcher": { "id": "byName", "options": "flow_category_allowed_site_count" }, "properties": [ { "id": "displayName", "value": "Allowed Site" } ] }, { "matcher": { "id": "byName", "options": "flow_category_antimalware_count" }, "properties": [ { "id": "displayName", "value": "Anti Malware" } ] }, { "matcher": { "id": "byName", "options": "flow_category_banned_site_count" }, "properties": [ { "id": "displayName", "value": "Banned Site" } ] }, { "matcher": { "id": "byName", "options": "flow_category_chat_count" }, "properties": [ { "id": "displayName", "value": "Chat" } ] }, { "matcher": { "id": "byName", "options": "flow_category_cloud_count" }, "properties": [ { "id": "displayName", "value": "Cloud" } ] }, { "matcher": { "id": "byName", "options": "flow_category_collaborative_count" }, "properties": [ { "id": "displayName", "value": "Collaborative" } ] }, { "matcher": { "id": "byName", "options": "flow_category_conn_check_count" }, "properties": [ { "id": "displayName", "value": "Connection Check" } ] }, { "matcher": { "id": "byName", "options": "flow_category_crypto_currency_count" }, "properties": [ { "id": "displayName", "value": "Crypto Currency" } ] }, { "matcher": { "id": "byName", "options": "flow_category_cybersecurity_count" }, "properties": [ { "id": "displayName", "value": "Cybersecurity" } ] }, { "matcher": { "id": "byName", "options": "flow_category_data_transfer_count" }, "properties": [ { "id": "displayName", "value": "Data Transfer" } ] }, { "matcher": { "id": "byName", "options": "flow_category_database_count" }, "properties": [ { "id": "displayName", "value": "Database" } ] }, { "matcher": { "id": "byName", "options": "flow_category_download_count" }, "properties": [ { "id": "displayName", "value": "Download" } ] }, { "matcher": { "id": "byName", "options": "flow_category_email_count" }, "properties": [ { "id": "displayName", "value": "E-Mail" } ] }, { "matcher": { "id": "byName", "options": "flow_category_file_sharing_count" }, "properties": [ { "id": "displayName", "value": "File Sharing" } ] }, { "matcher": { "id": "byName", "options": "flow_category_gambling_count" }, "properties": [ { "id": "displayName", "value": "Gambling" } ] }, { "matcher": { "id": "byName", "options": "flow_category_game_count" }, "properties": [ { "id": "displayName", "value": "Game" } ] }, { "matcher": { "id": "byName", "options": "flow_category_iot_scada_count" }, "properties": [ { "id": "displayName", "value": "IoT/Scada" } ] }, { "matcher": { "id": "byName", "options": "flow_category_malware_count" }, "properties": [ { "id": "displayName", "value": "Malware" } ] }, { "matcher": { "id": "byName", "options": "flow_category_media_count" }, "properties": [ { "id": "displayName", "value": "Media" } ] }, { "matcher": { "id": "byName", "options": "flow_category_mining_count" }, "properties": [ { "id": "displayName", "value": "Mining" } ] }, { "matcher": { "id": "byName", "options": "flow_category_music_count" }, "properties": [ { "id": "displayName", "value": "Music" } ] }, { "matcher": { "id": "byName", "options": "flow_category_network_count" }, "properties": [ { "id": "displayName", "value": "Network" } ] }, { "matcher": { "id": "byName", "options": "flow_category_productivity_count" }, "properties": [ { "id": "displayName", "value": "Productivity" } ] }, { "matcher": { "id": "byName", "options": "flow_category_remote_access_count" }, "properties": [ { "id": "displayName", "value": "Remote Access" } ] }, { "matcher": { "id": "byName", "options": "flow_category_rpc_count" }, "properties": [ { "id": "displayName", "value": "RPC" } ] }, { "matcher": { "id": "byName", "options": "flow_category_shopping_count" }, "properties": [ { "id": "displayName", "value": "Shopping" } ] }, { "matcher": { "id": "byName", "options": "flow_category_site_unavail_count" }, "properties": [ { "id": "displayName", "value": "Site Unavailable" } ] }, { "matcher": { "id": "byName", "options": "flow_category_social_network_count" }, "properties": [ { "id": "displayName", "value": "Social Network" } ] }, { "matcher": { "id": "byName", "options": "flow_category_software_update_count" }, "properties": [ { "id": "displayName", "value": "Software Update" } ] }, { "matcher": { "id": "byName", "options": "flow_category_streaming_count" }, "properties": [ { "id": "displayName", "value": "Streaming" } ] }, { "matcher": { "id": "byName", "options": "flow_category_system_count" }, "properties": [ { "id": "displayName", "value": "System" } ] }, { "matcher": { "id": "byName", "options": "flow_category_unknown_count" }, "properties": [ { "id": "displayName", "value": "Unknown" } ] }, { "matcher": { "id": "byName", "options": "flow_category_unspecified_count" }, "properties": [ { "id": "displayName", "value": "Unspecified" } ] }, { "matcher": { "id": "byName", "options": "flow_category_video_count" }, "properties": [ { "id": "displayName", "value": "Video" } ] }, { "matcher": { "id": "byName", "options": "flow_category_virt_assistant_count" }, "properties": [ { "id": "displayName", "value": "Virtual Assistant" } ] }, { "matcher": { "id": "byName", "options": "flow_category_voip_count" }, "properties": [ { "id": "displayName", "value": "VoIP" } ] }, { "matcher": { "id": "byName", "options": "flow_category_vpn_count" }, "properties": [ { "id": "displayName", "value": "VPN" } ] }, { "matcher": { "id": "byName", "options": "flow_category_web_count" }, "properties": [ { "id": "displayName", "value": "Web" } ] } ] }, "gridPos": { "h": 27, "w": 12, "x": 0, "y": 26 }, "id": 10, "options": { "minVizHeight": 75, "minVizWidth": 75, "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showThresholdLabels": false, "showThresholdMarkers": false }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"category\"\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "Category", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "gauge" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_state_finished" }, "properties": [ { "id": "displayName", "value": "Finished" } ] }, { "matcher": { "id": "byName", "options": "flow_state_info" }, "properties": [ { "id": "displayName", "value": "Processing" } ] } ] }, "gridPos": { "h": 11, "w": 2, "x": 12, "y": 26 }, "id": 13, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"state\"\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "State", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_confidence_by_ip" }, "properties": [ { "id": "displayName", "value": "By IP" }, { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_by_port" }, "properties": [ { "id": "displayName", "value": "By Port" }, { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_dpi" }, "properties": [ { "id": "displayName", "value": "DPI" }, { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_dpi_aggressive" }, "properties": [ { "id": "displayName", "value": "DPI Aggressive" }, { "id": "color", "value": { "fixedColor": "blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_dpi_cache" }, "properties": [ { "id": "displayName", "value": "DPI Cache" }, { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_dpi_partial" }, "properties": [ { "id": "displayName", "value": "DPI Partial" }, { "id": "color", "value": { "fixedColor": "light-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_dpi_partial_cache" }, "properties": [ { "id": "displayName", "value": "DPI Partial Cache" }, { "id": "color", "value": { "fixedColor": "super-light-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_nbpf" }, "properties": [ { "id": "displayName", "value": "nBPF" }, { "id": "color", "value": { "fixedColor": "blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_unknown" }, "properties": [ { "id": "displayName", "value": "Unknown" }, { "id": "color", "value": { "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_confidence_custom_rule" }, "properties": [ { "id": "displayName", "value": "Custom Rule" }, { "id": "color", "value": { "fixedColor": "blue", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 14, "w": 10, "x": 14, "y": 28 }, "id": 14, "options": { "displayMode": "gradient", "minVizHeight": 10, "minVizWidth": 0, "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showUnfilled": true, "valueMode": "color" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"confidence\"\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "Confidence", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "bargauge" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green" } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 2, "x": 12, "y": 37 }, "id": 18, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "textMode": "auto" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", "refId": "A" } ], "title": "Total Risks", "transformations": [ { "id": "calculateField", "options": { "mode": "reduceRow", "reduce": { "reducer": "sum" }, "replaceFields": true } } ], "type": "stat" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green" } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_severity_critical" }, "properties": [ { "id": "displayName", "value": "Critical" }, { "id": "color", "value": { "fixedColor": "dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_severity_emergency" }, "properties": [ { "id": "displayName", "value": "Emergency" }, { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_severity_high" }, "properties": [ { "id": "displayName", "value": "High" }, { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_severity_low" }, "properties": [ { "id": "displayName", "value": "Low" }, { "id": "color", "value": { "fixedColor": "light-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_severity_medium" }, "properties": [ { "id": "displayName", "value": "Medium" }, { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_severity_severe" }, "properties": [ { "id": "displayName", "value": "Severe" }, { "id": "color", "value": { "fixedColor": "dark-orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "flow_severity_unknown" }, "properties": [ { "id": "displayName", "value": "Unknown" }, { "id": "color", "value": { "mode": "fixed" } } ] } ] }, "gridPos": { "h": 11, "w": 12, "x": 12, "y": 42 }, "id": 11, "options": { "displayMode": "gradient", "minVizHeight": 10, "minVizWidth": 0, "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showUnfilled": true, "valueMode": "color" }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"severity\"\n )", "refId": "A" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "hide": false, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_active_count\")\n )", "refId": "B" } ], "title": "Risk Severity", "transformations": [ { "id": "configFromData", "options": { "configRefId": "B", "mappings": [ { "fieldName": "Time", "handlerKey": "__ignore" }, { "fieldName": "flow_active_count", "handlerKey": "max" } ] } } ], "type": "bargauge" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 53 }, "id": 32, "panels": [], "title": "Risks", "type": "row" }, { "gridPos": { "h": 24, "w": 24, "x": 0, "y": 54 }, "id": 12, "libraryPanel": { "uid": "f54c2b02-7c6c-4d3f-90d8-e9d31dee65a5", "name": "Risk" } }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "yellow", "value": 1 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_risk_1_count" }, "properties": [ { "id": "displayName", "value": "XSS Attack" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_2_count" }, "properties": [ { "id": "displayName", "value": "SQL Injection" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_3_count" }, "properties": [ { "id": "displayName", "value": "RCE Injection" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_4_count" }, "properties": [ { "id": "displayName", "value": "Binary App Transfer" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_5_count" }, "properties": [ { "id": "displayName", "value": "Known Proto on Non Std Port" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_6_count" }, "properties": [ { "id": "displayName", "value": "Self signed Cert" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_7_count" }, "properties": [ { "id": "displayName", "value": "Obsolete TLS v1.1 or older" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_8_count" }, "properties": [ { "id": "displayName", "value": "Weak TLS Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_9_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Expired" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_10_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Mismatch" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_11_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious User Agent" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_12_count" }, "properties": [ { "id": "displayName", "value": "HTTP Numeric IP Address" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_13_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious URL" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_14_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious Header" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_15_count" }, "properties": [ { "id": "displayName", "value": "TLS probably Not Carrying HTTPS" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_16_count" }, "properties": [ { "id": "displayName", "value": "Suspicious DGA Domain name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_17_count" }, "properties": [ { "id": "displayName", "value": "Malformed Packet" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_18_count" }, "properties": [ { "id": "displayName", "value": "SSH Obsolete Client Version/Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_19_count" }, "properties": [ { "id": "displayName", "value": "SSH Obsolete Server Version/Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_20_count" }, "properties": [ { "id": "displayName", "value": "SMB Insecure Version" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_21_count" }, "properties": [ { "id": "displayName", "value": "TLS Suspicious ESNI Usage" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_22_count" }, "properties": [ { "id": "displayName", "value": "Unsafe Protocol" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_23_count" }, "properties": [ { "id": "displayName", "value": "Suspicious DNS Traffic" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_24_count" }, "properties": [ { "id": "displayName", "value": "Missing SNI TLS Extension" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_25_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious Content" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_26_count" }, "properties": [ { "id": "displayName", "value": "Risky ASN" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_27_count" }, "properties": [ { "id": "displayName", "value": "Risky Domain Name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_28_count" }, "properties": [ { "id": "displayName", "value": "Malicious JA3 Fingerprint" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_29_count" }, "properties": [ { "id": "displayName", "value": "Malicious SSL Cert/SHA1 Fingerprint" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_30_count" }, "properties": [ { "id": "displayName", "value": "Desktop/File-Sharing" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_31_count" }, "properties": [ { "id": "displayName", "value": "Uncommon TLS ALPN" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_32_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Validity Too Long" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_33_count" }, "properties": [ { "id": "displayName", "value": "TLS Suspicious Extension" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_34_count" }, "properties": [ { "id": "displayName", "value": "TLS Fatal Alert" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_35_count" }, "properties": [ { "id": "displayName", "value": "Suspicious Entropy" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_36_count" }, "properties": [ { "id": "displayName", "value": "Clear Text Credentials" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_37_count" }, "properties": [ { "id": "displayName", "value": "Large DNS Packet" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_38_count" }, "properties": [ { "id": "displayName", "value": "Fragmented DNS Message" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_39_count" }, "properties": [ { "id": "displayName", "value": "Text With Non Printable Chars" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_40_count" }, "properties": [ { "id": "displayName", "value": "Possible Exploit" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_41_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert About To Expire" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_42_count" }, "properties": [ { "id": "displayName", "value": "IDN Domain Name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_43_count" }, "properties": [ { "id": "displayName", "value": "Error Code" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_44_count" }, "properties": [ { "id": "displayName", "value": "Crawler/Bot" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_45_count" }, "properties": [ { "id": "displayName", "value": "Anonymous Subscriber" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_46_count" }, "properties": [ { "id": "displayName", "value": "Unidirectional Traffic" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_47_count" }, "properties": [ { "id": "displayName", "value": "HTTP Obsolete Server" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_48_count" }, "properties": [ { "id": "displayName", "value": "Periodic Flow" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_49_count" }, "properties": [ { "id": "displayName", "value": "Minor Issues" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_50_count" }, "properties": [ { "id": "displayName", "value": "TCP Connection Issues" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_51_count" }, "properties": [ { "id": "displayName", "value": "Fully Encrypted" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_52_count" }, "properties": [ { "id": "displayName", "value": "Invalid ALPN/SNI combination" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_53_count" }, "properties": [ { "id": "displayName", "value": "Malware Host Contacted" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_unknown_count" }, "properties": [ { "id": "displayName", "value": "Unknown Risk" } ] } ] }, "gridPos": { "h": 10, "w": 24, "x": 0, "y": 78 }, "id": 34, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", "refId": "A" } ], "title": "Risk", "type": "timeseries" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 88 }, "id": 29, "panels": [], "title": "Flow (Simplified / Historic)", "type": "row" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "log": 2, "type": "log" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byRegexp", "options": "/flow_breed_.*/" }, "properties": [ { "id": "custom.hideFrom", "value": { "legend": true, "tooltip": true, "viz": true } } ] }, { "matcher": { "id": "byName", "options": "Legit" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Caution Advised" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "Dont Know" }, "properties": [ { "id": "color", "value": { "mode": "fixed" } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 89 }, "id": 30, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"breed\"\n )", "refId": "A" } ], "title": "Breed", "transformations": [ { "id": "calculateField", "options": { "alias": "Caution Advised", "mode": "reduceRow", "reduce": { "include": [ "flow_breed_potentially_dangerous_count breed", "flow_breed_unsafe_count breed", "flow_breed_dangerous_count breed" ], "reducer": "sum" }, "replaceFields": false } }, { "id": "calculateField", "options": { "alias": "Legit", "mode": "reduceRow", "reduce": { "include": [ "flow_breed_acceptable_count breed", "flow_breed_fun_count breed", "flow_breed_safe_count breed" ], "reducer": "sum" } } }, { "id": "calculateField", "options": { "alias": "Dont Know", "mode": "reduceRow", "reduce": { "include": [ "flow_breed_unrated_count breed", "flow_breed_unknown_count breed" ], "reducer": "sum" } } } ], "type": "timeseries" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "fillOpacity": 70, "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1 }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_detected_count" }, "properties": [ { "id": "displayName", "value": "Detected" } ] }, { "matcher": { "id": "byName", "options": "flow_guessed_count" }, "properties": [ { "id": "displayName", "value": "Guessed" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "yellow", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "flow_not_detected_count" }, "properties": [ { "id": "displayName", "value": "Not Detected" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 1 } ] } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 89 }, "id": 31, "options": { "colWidth": 0.9, "legend": { "displayMode": "list", "placement": "bottom", "showLegend": false }, "rowHeight": 0.9, "showValue": "auto", "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"detection\" and\n (r._field == \"flow_detected_count\" or\n r._field == \"flow_guessed_count\" or\n r._field == \"flow_not_detected_count\")\n )", "refId": "A" } ], "title": "Detection", "type": "status-history" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "fillOpacity": 70, "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineWidth": 0, "spanNulls": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "yellow", "value": 1 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_risk_1_count" }, "properties": [ { "id": "displayName", "value": "XSS Attack" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_2_count" }, "properties": [ { "id": "displayName", "value": "SQL Injection" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_3_count" }, "properties": [ { "id": "displayName", "value": "RCE Injection" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_4_count" }, "properties": [ { "id": "displayName", "value": "Binary App Transfer" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_5_count" }, "properties": [ { "id": "displayName", "value": "Known Proto on Non Std Port" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_6_count" }, "properties": [ { "id": "displayName", "value": "Self signed Cert" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_7_count" }, "properties": [ { "id": "displayName", "value": "Obsolete TLS v1.1 or older" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_8_count" }, "properties": [ { "id": "displayName", "value": "Weak TLS Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_9_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Expired" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_10_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Mismatch" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_11_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious User Agent" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_12_count" }, "properties": [ { "id": "displayName", "value": "HTTP Numeric IP Address" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_13_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious URL" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_14_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious Header" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_15_count" }, "properties": [ { "id": "displayName", "value": "TLS probably Not Carrying HTTPS" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_16_count" }, "properties": [ { "id": "displayName", "value": "Suspicious DGA Domain name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_17_count" }, "properties": [ { "id": "displayName", "value": "Malformed Packet" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_18_count" }, "properties": [ { "id": "displayName", "value": "SSH Obsolete Client Version/Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_19_count" }, "properties": [ { "id": "displayName", "value": "SSH Obsolete Server Version/Cipher" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_20_count" }, "properties": [ { "id": "displayName", "value": "SMB Insecure Version" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_21_count" }, "properties": [ { "id": "displayName", "value": "TLS Suspicious ESNI Usage" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_22_count" }, "properties": [ { "id": "displayName", "value": "Unsafe Protocol" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_23_count" }, "properties": [ { "id": "displayName", "value": "Suspicious DNS Traffic" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_24_count" }, "properties": [ { "id": "displayName", "value": "Missing SNI TLS Extension" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_25_count" }, "properties": [ { "id": "displayName", "value": "HTTP Suspicious Content" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_26_count" }, "properties": [ { "id": "displayName", "value": "Risky ASN" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_27_count" }, "properties": [ { "id": "displayName", "value": "Risky Domain Name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_28_count" }, "properties": [ { "id": "displayName", "value": "Malicious Fingerprint" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_29_count" }, "properties": [ { "id": "displayName", "value": "Malicious SSL Cert/SHA1 Fingerprint" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_30_count" }, "properties": [ { "id": "displayName", "value": "Desktop/File-Sharing" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_31_count" }, "properties": [ { "id": "displayName", "value": "Uncommon TLS ALPN" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_32_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert Validity Too Long" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_33_count" }, "properties": [ { "id": "displayName", "value": "TLS Suspicious Extension" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_34_count" }, "properties": [ { "id": "displayName", "value": "TLS Fatal Alert" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_35_count" }, "properties": [ { "id": "displayName", "value": "Suspicious Entropy" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_36_count" }, "properties": [ { "id": "displayName", "value": "Clear Text Credentials" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_37_count" }, "properties": [ { "id": "displayName", "value": "Large DNS Packet" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_38_count" }, "properties": [ { "id": "displayName", "value": "Fragmented DNS Message" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_39_count" }, "properties": [ { "id": "displayName", "value": "Text With Non Printable Chars" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_40_count" }, "properties": [ { "id": "displayName", "value": "Possible Exploit" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_41_count" }, "properties": [ { "id": "displayName", "value": "TLS Cert About To Expire" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_42_count" }, "properties": [ { "id": "displayName", "value": "IDN Domain Name" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_43_count" }, "properties": [ { "id": "displayName", "value": "Error Code" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_44_count" }, "properties": [ { "id": "displayName", "value": "Crawler/Bot" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_45_count" }, "properties": [ { "id": "displayName", "value": "Anonymous Subscriber" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_46_count" }, "properties": [ { "id": "displayName", "value": "Unidirectional Traffic" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_47_count" }, "properties": [ { "id": "displayName", "value": "HTTP Obsolete Server" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_48_count" }, "properties": [ { "id": "displayName", "value": "Periodic Flow" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_49_count" }, "properties": [ { "id": "displayName", "value": "Minor Issues" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_50_count" }, "properties": [ { "id": "displayName", "value": "TCP Connection Issues" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_51_count" }, "properties": [ { "id": "displayName", "value": "Fully Encrypted" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_52_count" }, "properties": [ { "id": "displayName", "value": "Invalid ALPN/SNI combination" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_53_count" }, "properties": [ { "id": "displayName", "value": "Malware Host Contacted" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_unknown_count" }, "properties": [ { "id": "displayName", "value": "Unknown Risk" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_54_count" }, "properties": [ { "id": "displayName", "value": "Binary Transfer Attempt" } ] }, { "matcher": { "id": "byName", "options": "flow_risk_55_count" }, "properties": [ { "id": "displayName", "value": "Probing Attempt" } ] } ] }, "gridPos": { "h": 24, "w": 24, "x": 0, "y": 97 }, "id": 33, "options": { "alignValue": "left", "legend": { "displayMode": "list", "placement": "bottom", "showLegend": true }, "mergeValues": true, "rowHeight": 0.9, "showValue": "auto", "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "10.2.0", "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"risks\"\n )", "refId": "A" } ], "title": "Risk", "type": "state-timeline" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 121 }, "id": 15, "panels": [], "title": "Layer3 / Layer4", "type": "row" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green" } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_l3_ip4_count" }, "properties": [ { "id": "displayName", "value": "IPv4" } ] }, { "matcher": { "id": "byName", "options": "flow_l3_ip6_count" }, "properties": [ { "id": "displayName", "value": "IPv6" } ] }, { "matcher": { "id": "byName", "options": "flow_l3_other_count" }, "properties": [ { "id": "displayName", "value": "Other" } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 122 }, "id": 16, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer3\"\n )", "refId": "A" } ], "title": "Layer3", "type": "timeseries" }, { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green" } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "flow_l4_icmp_count" }, "properties": [ { "id": "displayName", "value": "ICMP" } ] }, { "matcher": { "id": "byName", "options": "flow_l4_other_count" }, "properties": [ { "id": "displayName", "value": "Other" } ] }, { "matcher": { "id": "byName", "options": "flow_l4_tcp_count" }, "properties": [ { "id": "displayName", "value": "TCP" } ] }, { "matcher": { "id": "byName", "options": "flow_l4_udp_count" }, "properties": [ { "id": "displayName", "value": "UDP" } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 122 }, "id": 17, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "influxdb", "uid": "${DS_INFLUXDB}" }, "query": "from(bucket: \"${ndpid_db_name}\")\n |> range(start: v.timeRangeStart, stop:v.timeRangeStop)\n |> filter(fn: (r) =>\n r._measurement == \"layer4\"\n )", "refId": "A" } ], "title": "Layer4", "type": "timeseries" } ], "refresh": "10s", "schemaVersion": 38, "tags": [], "templating": { "list": [ { "hide": 2, "name": "ndpid_db_name", "query": "${VAR_NDPID_DB_NAME}", "skipUrlSync": false, "type": "constant", "current": { "value": "${VAR_NDPID_DB_NAME}", "text": "${VAR_NDPID_DB_NAME}", "selected": false }, "options": [ { "value": "${VAR_NDPID_DB_NAME}", "text": "${VAR_NDPID_DB_NAME}", "selected": false } ] } ] }, "time": { "from": "now-15m", "to": "now" }, "timepicker": {}, "timezone": "", "title": "nDPId", "uid": "e57b37c0-d0ba-4f50-9b2d-f83e71ae8c27", "version": 111, "weekStart": "" }