From 0bdc3b6c453161acc428c00b86a3b8a23302dd2b Mon Sep 17 00:00:00 2001 From: taylor_socfortress <111797488+taylorwalton@users.noreply.github.com> Date: Thu, 9 May 2024 15:28:43 -0500 Subject: [PATCH] Network connectors (#207) * Refactor customer network connector processing in routes.py * provision fortinet network connector things * Fix client ID comparison in delete_agent function * added network connectors api/types * added external services pages * add fortinet dashboards * Add Fortinet dashboard schema and provisioning logic * Add FortinetDashboard to provision_dashboards function * Create fortinet dashboards during provisioning * Refactor code to collect content pack ID by name in Graylog services * Refactor content pack input ID retrieval in Graylog services * decomission of network connector * Update Docker workflow to notify Discord after successful image build and push * Update Discord webhook version in Docker workflow * Update branch name in Docker workflow from network-connectors to main * Update Docker workflow messages for backend and frontend image updates * Refactor database name format in create_grafana_datasource function * crowdstrike content pack templates * crowdstrike integration markdown * Add Crowdstrike integration and authentication keys * crowdstrike provisioning things * provision and decom crowdstrike * falconhose * Update branch name in Docker workflow from network-connectors to main * Add directory creation for customer docker compose and falconhose cfg * Replace spaces with underscores in customer names * Replace spaces with underscores in customer names * Update Docker Compose volume path for CrowdStrike integration * update o365 dashboards * Update branch name in Docker workflow from network-connectors to main * Add get_customer_default_settings_attribute function to provision.py * build to fix grafana url in office365 * Update branch name in Docker workflow from network-connectors to main * lower customer code in office365 index creation and grafana datasource creation * add validator to customer code * add grafana orgid to provision request for insert to DB * Fix typo in create_office365_utc_rule function * updated dependencies * updated networkConnectors api * added services components * updated networkConnectors page * updated customer integration components * Update branch name in Docker workflow from network-connectors to main * updated networkConnectors api/types * added customer network connectors components * updated dependencies * added fortinet form * move sap siem to modules * Update branch name in Docker workflow from network-connectors to main * Update URLs in SAP SIEM integration to use copilot-sap-module instead of localhost * updated url check * chore: Update available content packs overview in Graylog provision route * chore: Refactor decommission network connector route and service * refactor: Update Elasticsearch index retrieval to include open indices only * chore: Update IndicesStats model with optional fields for docs_count and store_size * added decommissionNetworkConnector feature * chore: Refactor decommission network connector route and service * precommit fixes * chore: Update branch name in Docker workflow --------- Co-authored-by: Davide Di Modica --- .env.example | 26 +- .github/workflows/docker.yml | 14 + README.md | 4 - ...21_modify_network_connectors_meta_table.py | 31 + ...dd_content_pack_ids_network_connectors_.py | 33 + ..._add_grafana_datasource_uid_to_network_.py | 31 + backend/app/agents/routes/agents.py | 2 +- .../dashboards/Crowdstrike/summary.json | 3624 ++++++++++++++++ .../Fortinet/fortinet_system_logs.json | 1776 ++++++++ .../Fortinet/fortinet_utm_anomalies.json | 1901 ++++++++ .../Fortinet/fortinet_utm_app_control.json | 1895 ++++++++ .../dashboards/Fortinet/fortinet_utm_dlp.json | 1908 ++++++++ .../dashboards/Fortinet/fortinet_utm_dns.json | 2148 +++++++++ .../dashboards/Fortinet/fortinet_utm_ips.json | 1903 ++++++++ .../dashboards/Fortinet/fortinet_utm_ssl.json | 1885 ++++++++ .../Fortinet/fortinet_utm_summary.json | 1221 ++++++ .../Fortinet/fortinet_utm_virus.json | 1875 ++++++++ .../Fortinet/fortinet_utm_webfilter.json | 2083 +++++++++ .../dashboards/Fortinet/fortinet_vpn.json | 3858 +++++++++++++++++ .../Office365/active_directory.json | 668 ++- .../dashboards/Office365/applications.json | 229 +- .../Office365/compliance_center.json | 110 +- .../Office365/defender_for_identity.json | 218 +- .../grafana/dashboards/Office365/dlp.json | 145 +- .../dashboards/Office365/endpoint.json | 232 +- .../dashboards/Office365/exchange.json | 242 +- .../grafana/dashboards/Office365/forms.json | 232 +- .../grafana/dashboards/Office365/mitre.json | 142 +- .../dashboards/Office365/onedrive.json | 242 +- .../grafana/dashboards/Office365/powerbi.json | 230 +- .../dashboards/Office365/sharepoint.json | 230 +- .../grafana/dashboards/Office365/summary.json | 362 +- .../grafana/dashboards/Office365/teams.json | 275 +- .../Office365/threat_intelligence.json | 214 +- .../connectors/grafana/schema/dashboards.py | 20 + .../connectors/grafana/services/dashboards.py | 4 + .../connectors/graylog/services/collector.py | 87 + .../connectors/graylog/services/streams.py | 25 + .../wazuh_indexer/schema/monitoring.py | 10 +- .../wazuh_indexer/utils/universal.py | 4 +- .../customer_provisioning/routes/provision.py | 2 +- .../customer_provisioning/schema/provision.py | 1 + .../customer_provisioning/services/grafana.py | 34 + .../customer_provisioning/services/graylog.py | 53 + backend/app/db/db_populate.py | 5 + .../crowdstrike/routes/provision.py | 128 + .../crowdstrike/schema/provision.py | 96 + .../crowdstrike/services/provision.py | 515 +++ .../templates/cs.falconhoseclient.cfg | 1280 ++++++ .../crowdstrike/templates/docker-compose.yml | 8 + .../app/integrations/markdown/crowdstrike.md | 81 + .../integrations/modules/routes/sap_siem.py | 303 ++ .../integrations/modules/schema/sap_siem.py | 169 + .../modules/services/sap_siem/collect.py | 185 + .../office365/services/provision.py | 22 +- .../models/network_connectors.py | 4 + backend/app/network_connectors/routes.py | 2 +- backend/app/routers/crowdstrike.py | 13 + backend/app/routers/modules.py | 7 + backend/app/routers/stack_provisioning.py | 10 + backend/app/schedulers/routes/scheduler.py | 3 + backend/app/schedulers/scheduler.py | 6 +- .../schedulers/services/invoke_sap_siem.py | 113 +- .../graylog/routes/decommission.py | 75 + .../graylog/routes/fortinet.py | 2 + .../graylog/routes/provision.py | 4 +- .../graylog/schema/decommission.py | 58 + .../graylog/schema/fortinet.py | 20 + .../graylog/schema/provision.py | 11 +- .../graylog/services/decommission.py | 89 + .../graylog/services/fortinet.py | 382 +- .../graylog/services/provision.py | 5 +- .../graylog/services/utils.py | 61 +- .../SOCFORTRESS_CROWDSTRIKE_INPUT_TCP.json | 118 + ...TRESS_CROWDSTRIKE_PROCESSING_PIPELINE.json | 182 + .../SOCFORTRESS_CROWDSTRIKE_STREAM.json | 102 + backend/app/utils.py | 53 + backend/copilot.py | 2 + frontend/package-lock.json | 928 ++-- frontend/package.json | 32 +- .../crowdstrike/crowdstrike_api_settings.png | Bin 0 -> 24465 bytes frontend/src/api/index.ts | 4 +- frontend/src/api/integrations.ts | 9 +- frontend/src/api/networkConnectors.ts | 77 + .../ConfigForm/FormTypes/CredentialsType.vue | 2 +- .../ConfigForm/FormTypes/HostType.vue | 2 +- .../ConfigForm/FormTypes/TokenType.vue | 2 +- .../src/components/customers/CustomerForm.vue | 13 +- .../src/components/customers/CustomerItem.vue | 13 +- .../CustomerIntegrationActions.vue | 4 +- .../integrations/CustomerIntegrationForm.vue | 8 +- .../integrations/CustomerIntegrations.vue | 26 +- .../CustomerNetworkConnectorActions.vue | 225 + .../CustomerNetworkConnectorForm.vue | 250 ++ .../CustomerNetworkConnectorItem.vue | 155 + .../CustomerNetworkConnectors.vue | 133 + .../provisions/FortinetForm.vue | 67 + .../provision/CustomerDefaultSettingsForm.vue | 2 +- .../provision/CustomerProvisionWizard.vue | 2 +- .../integrations/IntegrationsList.vue | 91 +- .../NetworkConnectorsList.vue | 63 + .../IntegrationItem.vue => services/Item.vue} | 27 +- frontend/src/components/services/List.vue | 78 + .../src/components/services/types/index.d.ts | 10 + frontend/src/layouts/common/Navbar/items.tsx | 45 +- frontend/src/router/index.ts | 24 +- frontend/src/types/networkConnectors.d.ts | 42 + .../externalServices/NetworkConnectors.vue | 9 + .../ThirdPartyIntegrations.vue} | 0 109 files changed, 34782 insertions(+), 1904 deletions(-) create mode 100644 backend/alembic/versions/16855d538921_modify_network_connectors_meta_table.py create mode 100644 backend/alembic/versions/d05281d02b0f_add_content_pack_ids_network_connectors_.py create mode 100644 backend/alembic/versions/ec63589cc24d_add_grafana_datasource_uid_to_network_.py create mode 100644 backend/app/connectors/grafana/dashboards/Crowdstrike/summary.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_system_logs.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_anomalies.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_app_control.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dlp.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dns.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ips.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ssl.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_summary.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_virus.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_webfilter.json create mode 100644 backend/app/connectors/grafana/dashboards/Fortinet/fortinet_vpn.json create mode 100644 backend/app/integrations/crowdstrike/routes/provision.py create mode 100644 backend/app/integrations/crowdstrike/schema/provision.py create mode 100644 backend/app/integrations/crowdstrike/services/provision.py create mode 100644 backend/app/integrations/crowdstrike/templates/cs.falconhoseclient.cfg create mode 100644 backend/app/integrations/crowdstrike/templates/docker-compose.yml create mode 100644 backend/app/integrations/markdown/crowdstrike.md create mode 100644 backend/app/integrations/modules/routes/sap_siem.py create mode 100644 backend/app/integrations/modules/schema/sap_siem.py create mode 100644 backend/app/integrations/modules/services/sap_siem/collect.py create mode 100644 backend/app/routers/crowdstrike.py create mode 100644 backend/app/stack_provisioning/graylog/routes/decommission.py create mode 100644 backend/app/stack_provisioning/graylog/schema/decommission.py create mode 100644 backend/app/stack_provisioning/graylog/services/decommission.py create mode 100644 backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_INPUT_TCP.json create mode 100644 backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE.json create mode 100644 backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_STREAM.json create mode 100644 frontend/public/images/crowdstrike/crowdstrike_api_settings.png create mode 100644 frontend/src/api/networkConnectors.ts create mode 100644 frontend/src/components/customers/networkConnectors/CustomerNetworkConnectorActions.vue create mode 100644 frontend/src/components/customers/networkConnectors/CustomerNetworkConnectorForm.vue create mode 100644 frontend/src/components/customers/networkConnectors/CustomerNetworkConnectorItem.vue create mode 100644 frontend/src/components/customers/networkConnectors/CustomerNetworkConnectors.vue create mode 100644 frontend/src/components/customers/networkConnectors/provisions/FortinetForm.vue create mode 100644 frontend/src/components/networkConnectors/NetworkConnectorsList.vue rename frontend/src/components/{integrations/IntegrationItem.vue => services/Item.vue} (79%) create mode 100644 frontend/src/components/services/List.vue create mode 100644 frontend/src/components/services/types/index.d.ts create mode 100644 frontend/src/types/networkConnectors.d.ts create mode 100644 frontend/src/views/externalServices/NetworkConnectors.vue rename frontend/src/views/{Integrations.vue => externalServices/ThirdPartyIntegrations.vue} (100%) diff --git a/.env.example b/.env.example index 6693d0c66..4a4f608a6 100644 --- a/.env.example +++ b/.env.example @@ -13,31 +13,31 @@ ALERT_FORWARDING_IP=0.0.0.0 # Connector Credentials # ! SETTING UP YOUR CONNECTORS DEMOs https://www.youtube.com/@taylorwalton_socfortress/videos! # -WAZUH_INDEXER_URL=https://1.1.1.1:9200 +WAZUH_INDEXER_URL=https://127.1.1.1:9200 WAZUH_INDEXER_USERNAME=admin WAZUH_INDEXER_PASSWORD=admin -WAZUH_MANAGER_URL=https://1.1.1.1 +WAZUH_MANAGER_URL=https://127.1.1.1 WAZUH_MANAGER_USERNAME=dummy WAZUH_MANAGER_PASSWORD=dummy -GRAYLOG_URL=http://1.1.1.1 +GRAYLOG_URL=http://127.1.1.1 GRAYLOG_USERNAME=dummy GRAYLOG_PASSWORD=dummy -SHUFFLE_URL=https://1.1.1.1 +SHUFFLE_URL=https://127.1.1.1 SHUFFLER_API_KEY=dummy -DFIR_IRIS_URL=https://1.1.1.1 +DFIR_IRIS_URL=https://127.1.1.1 DFIR_IRIS_API_KEY=dummy -VELOCIRAPTOR_URL=https://1.1.1.1 +VELOCIRAPTOR_URL=https://127.1.1.1 VELOCIRAPTOR_API_KEY_PATH=dummy -SUBLIME_URL=http://1.1.1.1 +SUBLIME_URL=http://127.1.1.1 SUBLIME_API_KEY=dummy -INFLUXDB_URL=http://1.1.1.1 +INFLUXDB_URL=http://127.1.1.1 INFLUXDB_API_KEY=dummy INFLUXDB_ORG_AND_BUCKET=dummy,dummy @@ -47,18 +47,18 @@ ASKSOCFORTRESS_API_KEY=dummy SOCFORTRESSTHREATINTEL_URL=https://intel.socfortress.co/search SOCFORTRESSTHREATINTEL_API_KEY=dummy -CORTEX_URL=http://1.1.1.1 +CORTEX_URL=http://127.1.1.1 CORTEX_API_KEY=dummy -GRAFANA_URL=http://1.1.1.1 +GRAFANA_URL=http://127.1.1.1 GRAFANA_USERNAME=dummy GRAFANA_PASSWORD=dummy -WAZUH_WORKER_PROVISIONING_URL=http://1.1.1.1 +WAZUH_WORKER_PROVISIONING_URL=http://127.1.1.1 EVENT_SHIPPER_URL=graylog_host GELF_INPUT_PORT=gelf_port -ALERT_CREATION_PROVISIONING_URL=http://1.1.1.1 +ALERT_CREATION_PROVISIONING_URL=http://127.1.1.1 -HAPROXY_PROVISIONING_URL=http://1.1.1.1 +HAPROXY_PROVISIONING_URL=http://127.1.1.1 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 93729cef0..7003bdeae 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -31,6 +31,13 @@ jobs: build-args: | COPILOT_API_KEY=${{ secrets.COPILOT_API_KEY }} + - name: Notify Discord + uses: appleboy/discord-action@v1.0.0 + with: + webhook_id: ${{ secrets.DISCORD_WEBHOOK_ID }} + webhook_token: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} + message: "Docker image for backend has been updated." + build-frontend: runs-on: ubuntu-latest @@ -54,3 +61,10 @@ jobs: context: ./frontend push: true tags: ghcr.io/socfortress/copilot-frontend:latest + + - name: Notify Discord + uses: appleboy/discord-action@v1.0.0 + with: + webhook_id: ${{ secrets.DISCORD_WEBHOOK_ID }} + webhook_token: ${{ secrets.DISCORD_WEBHOOK_TOKEN }} + message: "Docker image for frontend has been updated." diff --git a/README.md b/README.md index 1f7ebb729..9b97cd502 100644 --- a/README.md +++ b/README.md @@ -154,10 +154,6 @@ docker compose up -d Copilot is designed to be a single pane of glass for your security operations. Think of it as a hub for all your security tools. Copilot Connectors are the glue that binds your security tools to Copilot. We take advantage of the APIs and webhooks provided by your security tools to provide a seamless integration. -## Related repositories - -- Provision Wazuh Worker Application: [https://github.com/socfortress/Customer-Provisioning-Worker](https://github.com/socfortress/Customer-Provisioning-Worker) - ## Help You can reach us on [Discord](https://discord.gg/UN3pNBzaEQ) or by [📧](mailto:info@socfortress.co) if you have any question, issue or idea! diff --git a/backend/alembic/versions/16855d538921_modify_network_connectors_meta_table.py b/backend/alembic/versions/16855d538921_modify_network_connectors_meta_table.py new file mode 100644 index 000000000..55e1d9a18 --- /dev/null +++ b/backend/alembic/versions/16855d538921_modify_network_connectors_meta_table.py @@ -0,0 +1,31 @@ +"""Modify network connectors meta table + +Revision ID: 16855d538921 +Revises: 74a095d63af4 +Create Date: 2024-04-28 10:47:04.006263 + +""" +from typing import Sequence +from typing import Union + +import sqlalchemy as sa + +from alembic import op + +# revision identifiers, used by Alembic. +revision: str = "16855d538921" +down_revision: Union[str, None] = "74a095d63af4" +branch_labels: Union[str, Sequence[str], None] = None +depends_on: Union[str, Sequence[str], None] = None + + +def upgrade() -> None: + # ### commands auto generated by Alembic - please adjust! ### + op.add_column("customer_network_connectors_meta", sa.Column("graylog_pipeline_id", sa.String(length=1024), nullable=False)) + # ### end Alembic commands ### + + +def downgrade() -> None: + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column("customer_network_connectors_meta", "graylog_pipeline_id") + # ### end Alembic commands ### diff --git a/backend/alembic/versions/d05281d02b0f_add_content_pack_ids_network_connectors_.py b/backend/alembic/versions/d05281d02b0f_add_content_pack_ids_network_connectors_.py new file mode 100644 index 000000000..a5fc2f940 --- /dev/null +++ b/backend/alembic/versions/d05281d02b0f_add_content_pack_ids_network_connectors_.py @@ -0,0 +1,33 @@ +"""Add content pack ids network connectors meta table + +Revision ID: d05281d02b0f +Revises: 16855d538921 +Create Date: 2024-05-01 09:35:17.751914 + +""" +from typing import Sequence +from typing import Union + +import sqlalchemy as sa + +from alembic import op + +# revision identifiers, used by Alembic. +revision: str = "d05281d02b0f" +down_revision: Union[str, None] = "16855d538921" +branch_labels: Union[str, Sequence[str], None] = None +depends_on: Union[str, Sequence[str], None] = None + + +def upgrade() -> None: + # ### commands auto generated by Alembic - please adjust! ### + op.add_column("customer_network_connectors_meta", sa.Column("graylog_content_pack_input_id", sa.String(length=1024), nullable=False)) + op.add_column("customer_network_connectors_meta", sa.Column("graylog_content_pack_stream_id", sa.String(length=1024), nullable=False)) + # ### end Alembic commands ### + + +def downgrade() -> None: + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column("customer_network_connectors_meta", "graylog_content_pack_stream_id") + op.drop_column("customer_network_connectors_meta", "graylog_content_pack_input_id") + # ### end Alembic commands ### diff --git a/backend/alembic/versions/ec63589cc24d_add_grafana_datasource_uid_to_network_.py b/backend/alembic/versions/ec63589cc24d_add_grafana_datasource_uid_to_network_.py new file mode 100644 index 000000000..4bfb17b90 --- /dev/null +++ b/backend/alembic/versions/ec63589cc24d_add_grafana_datasource_uid_to_network_.py @@ -0,0 +1,31 @@ +"""Add grafana datasource uid to network connectors meta table + +Revision ID: ec63589cc24d +Revises: d05281d02b0f +Create Date: 2024-05-01 11:05:15.935826 + +""" +from typing import Sequence +from typing import Union + +import sqlalchemy as sa + +from alembic import op + +# revision identifiers, used by Alembic. +revision: str = "ec63589cc24d" +down_revision: Union[str, None] = "d05281d02b0f" +branch_labels: Union[str, Sequence[str], None] = None +depends_on: Union[str, Sequence[str], None] = None + + +def upgrade() -> None: + # ### commands auto generated by Alembic - please adjust! ### + op.add_column("customer_network_connectors_meta", sa.Column("grafana_datasource_uid", sa.String(length=1024), nullable=False)) + # ### end Alembic commands ### + + +def downgrade() -> None: + # ### commands auto generated by Alembic - please adjust! ### + op.drop_column("customer_network_connectors_meta", "grafana_datasource_uid") + # ### end Alembic commands ### diff --git a/backend/app/agents/routes/agents.py b/backend/app/agents/routes/agents.py index e766f63d3..c72871f39 100644 --- a/backend/app/agents/routes/agents.py +++ b/backend/app/agents/routes/agents.py @@ -455,7 +455,7 @@ async def delete_agent( await delete_agent_wazuh(agent_id) client_id = await fetch_velociraptor_id(db=session, agent_id=agent_id) logger.info(f"Client ID: {client_id}") - if client_id != "n/a": + if client_id != "Unknown": await delete_agent_velociraptor(client_id) await delete_agent_from_database(db=session, agent_id=agent_id) return AgentModifyResponse( diff --git a/backend/app/connectors/grafana/dashboards/Crowdstrike/summary.json b/backend/app/connectors/grafana/dashboards/Crowdstrike/summary.json new file mode 100644 index 000000000..4ddffc662 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Crowdstrike/summary.json @@ -0,0 +1,3624 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["EDR"], + "targetBlank": true, + "title": "", + "type": "dashboards" + } + ], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 72, + "panels": [], + "title": "CROWDSTRIKE - SUMMARY", + "type": "row" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 1 + }, + "id": 120, + "links": [], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.2.4", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:50", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE EDR - EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "custom": { + "align": "auto", + "displayMode": "color-text", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "data_event_ComputerName" + }, + "properties": [ + { + "id": "custom.width", + "value": 492 + }, + { + "id": "displayName", + "value": "CROWDSTRIKE AGENT" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 358 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 4, + "y": 1 + }, + "id": 121, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.2.4", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "dhost", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE - AGENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "dhost": "AGENT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "custom": { + "align": "auto", + "displayMode": "color-text", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "data_event_ComputerName" + }, + "properties": [ + { + "id": "custom.width", + "value": 492 + }, + { + "id": "displayName", + "value": "CROWDSTRIKE AGENT" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 358 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 123, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.2.4", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "event_class_id", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE EDR - EVENTS/TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "data_metadata_eventType": "EVENT TYPE", + "event_class_id": "TYPE" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "1" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Info" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#73BF69", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "NOTICE" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Result" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#B877D9", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "INFORMATION" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "WARNING" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ERROR" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "medium" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "high" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "High" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Medium" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Low" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 8 + }, + "id": 68, + "links": [], + "maxDataPoints": 3, + "options": { + "displayLabels": [], + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": false, + "values": ["value"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "severity", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:74", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE EDR - SEVERITY LEVELS", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "displayMode": "auto", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "High": { + "color": "red", + "index": 0 + }, + "Low": { + "color": "green", + "index": 2 + }, + "Medium": { + "color": "orange", + "index": 1 + } + }, + "type": "value" + } + ] + }, + { + "id": "custom.displayMode", + "value": "color-text" + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 4, + "y": 8 + }, + "id": 135, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.2.4", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "name", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE EDR - EVENT GROUPS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "data_event_SeverityName": "SEVERITY", + "data_group": "Event Group", + "name": "NAME" + } + } + } + ], + "type": "table" + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 14, + "x": 10, + "y": 8 + }, + "hiddenSeries": false, + "id": 83, + "legend": { + "alignAsTable": true, + "avg": false, + "current": false, + "max": false, + "min": false, + "rightSide": true, + "show": true, + "total": false, + "values": false + }, + "lines": false, + "linewidth": 1, + "links": [], + "maxDataPoints": 3, + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.2.4", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "dhost", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "5", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "", + "refId": "A", + "timeField": "timestamp" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "CROWDSTRIKE - EVENTS BY AGENT (HISTOGRAM)", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "show": true + }, + { + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 202 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "VIEW EVENT DETAILS", + "url": "https://paschoalotto.soc.gemina.io/explore?left=%5B%22now-6h%22,%22now%22,%22CROWDSTRIKE%22,%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 122 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 157 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 239 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "High": { + "color": "red", + "index": 2 + }, + "Medium": { + "color": "orange", + "index": 1 + }, + "low": { + "color": "green", + "index": 0 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "AGENT IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 173 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 89, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.2.4", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "", + "queryType": "randomWalk", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE - EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "@metadata_beat": true, + "@metadata_type": true, + "@metadata_version": true, + "AccessedDocFileName": true, + "AccessedDocFilePath": true, + "CommandLine": true, + "ExeWrittenTimestamp": true, + "FalconHostLink": true, + "Offset": true, + "ParentProcessId": true, + "ProcessId": true, + "QuarantineFilePath": true, + "QuarantineFileSHA256": true, + "Timestamp": true, + "WrittenExeFileName": true, + "WrittenExeFilePath": true, + "_id": false, + "_index": true, + "_type": true, + "agent_ephemeral_id": true, + "agent_hostname": true, + "agent_id": true, + "agent_ip": false, + "agent_ip_city_name": true, + "agent_ip_country_code": true, + "agent_ip_geolocation": true, + "agent_labels_customer": true, + "agent_name": true, + "agent_type": true, + "agent_version": true, + "beats_type": true, + "c6a2": true, + "cat": true, + "cluster_name": true, + "cluster_node": true, + "collector_node_id": true, + "data_appCerts": true, + "data_appSha256": true, + "data_core_remedy_items_items": true, + "data_core_remedy_items_totalItems": true, + "data_customer_id": true, + "data_data_core_remedy_items_items": true, + "data_data_core_remedy_items_totalItems": true, + "data_data_created_at": true, + "data_data_endpoint_id": true, + "data_data_endpoint_java_id": true, + "data_data_endpoint_platform": true, + "data_data_endpoint_type": true, + "data_data_event_service_id": true, + "data_data_hmpa_exploit_app_name": true, + "data_data_hmpa_exploit_details": true, + "data_data_hmpa_exploit_family_id": true, + "data_data_hmpa_exploit_mitigation": true, + "data_data_hmpa_exploit_process_alias_path": true, + "data_data_hmpa_exploit_process_name": true, + "data_data_hmpa_exploit_process_path": true, + "data_data_hmpa_exploit_process_pid": true, + "data_data_hmpa_exploit_process_version": true, + "data_data_hmpa_exploit_thumbprint": true, + "data_data_hmpa_exploit_type": true, + "data_data_hmpa_exploit_uid": true, + "data_data_hmpa_exploit_version": true, + "data_data_hmpa_exploit_version_city_name": true, + "data_data_hmpa_exploit_version_country_code": true, + "data_data_hmpa_exploit_version_geolocation": true, + "data_data_inserted_at": true, + "data_data_source_app_id": true, + "data_data_source_info_ip": true, + "data_data_source_info_ip_city_name": true, + "data_data_source_info_ip_country_code": true, + "data_data_source_info_ip_geolocation": true, + "data_data_threat_id_counter": true, + "data_data_threat_id_date": true, + "data_data_threat_id_machineIdentifier": true, + "data_data_threat_id_processIdentifier": true, + "data_data_threat_id_time": true, + "data_data_threat_id_timeSecond": true, + "data_data_threat_id_timestamp": true, + "data_data_threat_status": true, + "data_data_user_match_id_counter": true, + "data_data_user_match_id_date": true, + "data_data_user_match_id_machineIdentifier": true, + "data_data_user_match_id_processIdentifier": true, + "data_data_user_match_id_time": true, + "data_data_user_match_id_timeSecond": true, + "data_data_user_match_id_timestamp": true, + "data_data_user_match_uuid": true, + "data_datastream": true, + "data_detection_identity_name": true, + "data_duid": true, + "data_end": true, + "data_endpoint_id": true, + "data_endpoint_type": true, + "data_event_AssociatedFile": true, + "data_event_AuditKeyValues": true, + "data_event_CommandLine": true, + "data_event_ComputerName": false, + "data_event_DetectDescription": true, + "data_event_DetectId": true, + "data_event_DetectName": true, + "data_event_DnsRequests": true, + "data_event_DocumentsAccessed": true, + "data_event_ExecutablesWritten": true, + "data_event_FalconHostLink": true, + "data_event_FileName": true, + "data_event_FilePath": true, + "data_event_GrandparentCommandLine": true, + "data_event_GrandparentImageFileName": true, + "data_event_HostGroups": true, + "data_event_IOCType": true, + "data_event_IOCValue": true, + "data_event_LocalIP": true, + "data_event_MACAddress": true, + "data_event_MD5String": true, + "data_event_MachineDomain": true, + "data_event_NetworkAccesses": true, + "data_event_Objective": true, + "data_event_OperationName": true, + "data_event_ParentCommandLine": true, + "data_event_ParentImageFileName": true, + "data_event_ParentProcessId": true, + "data_event_PatternDispositionDescription": true, + "data_event_PatternDispositionFlags_BlockingUnsupportedOrDisabled": true, + "data_event_PatternDispositionFlags_BootupSafeguardEnabled": true, + "data_event_PatternDispositionFlags_CriticalProcessDisabled": true, + "data_event_PatternDispositionFlags_Detect": true, + "data_event_PatternDispositionFlags_FsOperationBlocked": true, + "data_event_PatternDispositionFlags_HandleOperationDowngraded": true, + "data_event_PatternDispositionFlags_InddetMask": true, + "data_event_PatternDispositionFlags_Indicator": true, + "data_event_PatternDispositionFlags_KillActionFailed": true, + "data_event_PatternDispositionFlags_KillParent": true, + "data_event_PatternDispositionFlags_KillProcess": true, + "data_event_PatternDispositionFlags_KillSubProcess": true, + "data_event_PatternDispositionFlags_OperationBlocked": true, + "data_event_PatternDispositionFlags_PolicyDisabled": true, + "data_event_PatternDispositionFlags_ProcessBlocked": true, + "data_event_PatternDispositionFlags_QuarantineFile": true, + "data_event_PatternDispositionFlags_QuarantineMachine": true, + "data_event_PatternDispositionFlags_RegistryOperationBlocked": true, + "data_event_PatternDispositionFlags_Rooting": true, + "data_event_PatternDispositionFlags_SensorOnly": true, + "data_event_PatternDispositionFlags_SuspendParent": true, + "data_event_PatternDispositionFlags_SuspendProcess": true, + "data_event_PatternDispositionValue": true, + "data_event_ProcessEndTime": true, + "data_event_ProcessId": true, + "data_event_ProcessStartTime": true, + "data_event_QuarantineFiles": true, + "data_event_SHA1String": true, + "data_event_SHA256String": true, + "data_event_SensorId": true, + "data_event_ServiceName": true, + "data_event_Severity": true, + "data_event_Success": true, + "data_event_Tactic": true, + "data_event_Tags": true, + "data_event_Technique": true, + "data_event_UTCTimestamp": true, + "data_event_UserId": true, + "data_event_UserIp": true, + "data_event_UserIp_city_name": true, + "data_event_UserIp_country_code": true, + "data_event_UserIp_geolocation": true, + "data_event_UserName": true, + "data_event_service_event_id": true, + "data_filePath": true, + "data_group": true, + "data_id": true, + "data_metadata_customerIDString": true, + "data_metadata_eventCreationTime": true, + "data_metadata_offset": true, + "data_metadata_version": true, + "data_name": true, + "data_origin": true, + "data_rt": true, + "data_source_info_ip": true, + "data_source_info_ip_city_name": true, + "data_source_info_ip_country_code": true, + "data_source_info_ip_geolocation": true, + "data_threat": true, + "data_threat_cleanable": true, + "data_win_eventXML_binaryData": true, + "data_win_eventXML_binaryDataSize": true, + "data_win_eventXML_param1": true, + "data_win_eventdata_binary": true, + "data_win_eventdata_data": true, + "data_win_eventdata_domain": true, + "data_win_eventdata_imagePath": true, + "data_win_eventdata_sID": true, + "data_win_eventdata_serviceName": true, + "data_win_eventdata_serviceType": true, + "data_win_eventdata_startType": true, + "data_win_eventdata_user": true, + "data_win_system_channel": true, + "data_win_system_computer": true, + "data_win_system_eventID": true, + "data_win_system_eventRecordID": true, + "data_win_system_eventSourceName": true, + "data_win_system_keywords": true, + "data_win_system_level": true, + "data_win_system_opcode": true, + "data_win_system_processID": true, + "data_win_system_providerGuid": true, + "data_win_system_providerName": true, + "data_win_system_severityValue": true, + "data_win_system_systemTime": true, + "data_win_system_task": true, + "data_win_system_threadID": true, + "data_win_system_version": true, + "decoder_name": true, + "destinationTranslatedAddress": true, + "destinationTranslatedAddress_city_name": true, + "destinationTranslatedAddress_country_code": true, + "destinationTranslatedAddress_geolocation": true, + "deviceProcessName": true, + "device_product": true, + "device_vendor": true, + "device_version": true, + "dntdom": true, + "dpt": true, + "dst": true, + "dst_city_name": true, + "dst_country_code": true, + "dst_geolocation": true, + "duser": false, + "ecs_version": true, + "event_class_id": true, + "externalId": true, + "fileHash": true, + "filePath": true, + "fname": true, + "full_log": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_processing_error": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_collector": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "host_name": true, + "id": true, + "location": true, + "log_file_path": true, + "log_offset": true, + "manager_name": true, + "message": true, + "msg": true, + "objective": true, + "outcome": true, + "patternDisposition": true, + "previous_output": true, + "rt": true, + "rule_description": true, + "rule_firedtimes": true, + "rule_frequency": true, + "rule_gdpr": true, + "rule_gpg13": true, + "rule_group1": true, + "rule_group2": true, + "rule_groups": true, + "rule_hipaa": true, + "rule_id": true, + "rule_level": true, + "rule_mail": true, + "rule_mitre_id": true, + "rule_mitre_tactic": true, + "rule_mitre_technique": true, + "rule_nist_800_53": true, + "rule_pci_dss": true, + "rule_tsc": true, + "severity": true, + "sort": true, + "source": true, + "spt": true, + "src_ip": true, + "src_ip_city_name": true, + "src_ip_country_code": true, + "src_ip_geolocation": true, + "streams": true, + "syslog_level": true, + "syslog_tag": true, + "syslog_type": true, + "tactic": true, + "technique": true, + "timestamp": false, + "true": true, + "user_name": true, + "win_system_eventID": true, + "windows_event_id": true, + "windows_event_severity": false + }, + "indexByName": { + "_id": 1, + "_index": 6, + "_type": 7, + "agent_id": 8, + "agent_name": 3, + "data_event_AssociatedFile": 34, + "data_event_AuditKeyValues": 35, + "data_event_CommandLine": 36, + "data_event_ComputerName": 2, + "data_event_DetectDescription": 37, + "data_event_DetectId": 38, + "data_event_DetectName": 39, + "data_event_DnsRequests": 40, + "data_event_DocumentsAccessed": 41, + "data_event_ExecutablesWritten": 42, + "data_event_FalconHostLink": 43, + "data_event_FileName": 44, + "data_event_FilePath": 45, + "data_event_GrandparentCommandLine": 46, + "data_event_GrandparentImageFileName": 47, + "data_event_HostGroups": 48, + "data_event_IOCType": 49, + "data_event_IOCValue": 50, + "data_event_LocalIP": 51, + "data_event_MACAddress": 52, + "data_event_MD5String": 53, + "data_event_MachineDomain": 54, + "data_event_NetworkAccesses": 55, + "data_event_Objective": 56, + "data_event_OperationName": 57, + "data_event_ParentCommandLine": 58, + "data_event_ParentImageFileName": 59, + "data_event_ParentProcessId": 60, + "data_event_PatternDispositionDescription": 61, + "data_event_PatternDispositionFlags_BlockingUnsupportedOrDisabled": 62, + "data_event_PatternDispositionFlags_BootupSafeguardEnabled": 63, + "data_event_PatternDispositionFlags_CriticalProcessDisabled": 64, + "data_event_PatternDispositionFlags_Detect": 65, + "data_event_PatternDispositionFlags_FsOperationBlocked": 66, + "data_event_PatternDispositionFlags_HandleOperationDowngraded": 67, + "data_event_PatternDispositionFlags_InddetMask": 68, + "data_event_PatternDispositionFlags_Indicator": 69, + "data_event_PatternDispositionFlags_KillActionFailed": 70, + "data_event_PatternDispositionFlags_KillParent": 71, + "data_event_PatternDispositionFlags_KillProcess": 72, + "data_event_PatternDispositionFlags_KillSubProcess": 73, + "data_event_PatternDispositionFlags_OperationBlocked": 74, + "data_event_PatternDispositionFlags_PolicyDisabled": 75, + "data_event_PatternDispositionFlags_ProcessBlocked": 76, + "data_event_PatternDispositionFlags_QuarantineFile": 77, + "data_event_PatternDispositionFlags_QuarantineMachine": 78, + "data_event_PatternDispositionFlags_RegistryOperationBlocked": 79, + "data_event_PatternDispositionFlags_Rooting": 80, + "data_event_PatternDispositionFlags_SensorOnly": 81, + "data_event_PatternDispositionFlags_SuspendParent": 82, + "data_event_PatternDispositionFlags_SuspendProcess": 83, + "data_event_PatternDispositionValue": 84, + "data_event_ProcessEndTime": 85, + "data_event_ProcessId": 86, + "data_event_ProcessStartTime": 87, + "data_event_QuarantineFiles": 88, + "data_event_SHA1String": 89, + "data_event_SHA256String": 90, + "data_event_SensorId": 91, + "data_event_ServiceName": 92, + "data_event_Severity": 93, + "data_event_SeverityName": 4, + "data_event_Success": 94, + "data_event_Tactic": 95, + "data_event_Tags": 96, + "data_event_Technique": 97, + "data_event_UTCTimestamp": 98, + "data_event_UserId": 99, + "data_event_UserIp": 100, + "data_event_UserIp_city_name": 101, + "data_event_UserIp_country_code": 102, + "data_event_UserIp_geolocation": 103, + "data_event_UserName": 104, + "data_metadata_customerIDString": 105, + "data_metadata_eventCreationTime": 106, + "data_metadata_eventType": 5, + "data_metadata_offset": 107, + "data_metadata_version": 108, + "decoder_name": 9, + "gl2_accounted_message_size": 10, + "gl2_message_id": 11, + "gl2_processing_error": 31, + "gl2_remote_ip": 12, + "gl2_remote_port": 13, + "gl2_source_input": 14, + "gl2_source_node": 15, + "highlight": 16, + "id": 17, + "location": 18, + "manager_name": 19, + "message": 20, + "rule_description": 21, + "rule_firedtimes": 22, + "rule_group1": 32, + "rule_group2": 33, + "rule_groups": 23, + "rule_id": 24, + "rule_level": 25, + "rule_mail": 26, + "sort": 27, + "source": 28, + "streams": 29, + "syslog_type": 30, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "_index": "", + "agent_ip": "SRC IP", + "agent_name": "AGENT", + "data_data_source_info_ip": "AGENT IP", + "data_description": "EVENT DESCRIPTION", + "data_event_ComputerName": "CROWDSTRIKE AGENT", + "data_event_SeverityName": "SEVERITY", + "data_metadata_eventType": "EVENT TYPE", + "data_name": "EVENT", + "data_source_info_ip": "AGENT IP", + "data_suser": "USER ACCOUNT", + "data_type": "EVENT TYPE", + "data_win_system_message": "MESSAGE", + "data_win_system_providerGuid": "", + "dhost": "AGENT", + "duser": "USER", + "name": "EVENT TYPE", + "rule_level": "RULE LEVEL", + "syslog_level": "LEVEL", + "timestamp": "DATE/TIME", + "windows_event_severity": "EVENT LOG SEVERITY" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "collapsed": true, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 25 + }, + "id": 76, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 26 + }, + "id": 86, + "links": [], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:50", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:48", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "name:DetectionSummaryEvent", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "DETECTION EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "custom": { + "align": "auto", + "displayMode": "color-text", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "data_event_ComputerName" + }, + "properties": [ + { + "id": "custom.width", + "value": 492 + }, + { + "id": "displayName", + "value": "CROWDSTRIKE AGENT" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 358 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 4, + "y": 26 + }, + "id": 124, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "dhost", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "name:DetectionSummaryEvent", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "DETECTION EVENTS BY AGENT", + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "custom": { + "align": "auto", + "displayMode": "color-text", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "data_name" + }, + "properties": [ + { + "id": "custom.width", + "value": 492 + }, + { + "id": "displayName", + "value": "Blocked App" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 358 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Blocked App" + }, + "properties": [ + { + "id": "custom.width", + "value": 611 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "data_event_DetectDescription" + }, + "properties": [ + { + "id": "custom.width", + "value": 741 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 26 + }, + "id": 125, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "msg", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "name:DetectionSummaryEvent", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "DETECTION EVENTS BY DESCRIPTION", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "data_event_DetectDescription": "DESCRIPTION" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 202 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "VIEW EVENT DETAILS", + "url": "https://paschoalotto.soc.gemina.io/explore?left=%5B%22now-6h%22,%22now%22,%22CROWDSTRIKE%22,%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 100 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 157 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 239 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "High": { + "color": "red", + "index": 2 + }, + "Medium": { + "color": "orange", + "index": 1 + }, + "low": { + "color": "green", + "index": 0 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "AGENT IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 173 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Offset" + }, + "properties": [ + { + "id": "custom.width", + "value": 91 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 136, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "name:DetectionSummaryEvent", + "queryType": "randomWalk", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE - DETECTION EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "@metadata_beat": true, + "@metadata_type": true, + "@metadata_version": true, + "CommandLine": true, + "FalconHostLink": true, + "ParentProcessId": true, + "ProcessId": true, + "_id": false, + "_index": true, + "_type": true, + "agent_ephemeral_id": true, + "agent_hostname": true, + "agent_id": true, + "agent_ip": false, + "agent_ip_city_name": true, + "agent_ip_country_code": true, + "agent_ip_geolocation": true, + "agent_labels_customer": true, + "agent_name": true, + "agent_type": true, + "agent_version": true, + "beats_type": true, + "cluster_name": true, + "cluster_node": true, + "collector_node_id": true, + "data_appCerts": true, + "data_appSha256": true, + "data_core_remedy_items_items": true, + "data_core_remedy_items_totalItems": true, + "data_customer_id": true, + "data_data_core_remedy_items_items": true, + "data_data_core_remedy_items_totalItems": true, + "data_data_created_at": true, + "data_data_endpoint_id": true, + "data_data_endpoint_java_id": true, + "data_data_endpoint_platform": true, + "data_data_endpoint_type": true, + "data_data_event_service_id": true, + "data_data_hmpa_exploit_app_name": true, + "data_data_hmpa_exploit_details": true, + "data_data_hmpa_exploit_family_id": true, + "data_data_hmpa_exploit_mitigation": true, + "data_data_hmpa_exploit_process_alias_path": true, + "data_data_hmpa_exploit_process_name": true, + "data_data_hmpa_exploit_process_path": true, + "data_data_hmpa_exploit_process_pid": true, + "data_data_hmpa_exploit_process_version": true, + "data_data_hmpa_exploit_thumbprint": true, + "data_data_hmpa_exploit_type": true, + "data_data_hmpa_exploit_uid": true, + "data_data_hmpa_exploit_version": true, + "data_data_hmpa_exploit_version_city_name": true, + "data_data_hmpa_exploit_version_country_code": true, + "data_data_hmpa_exploit_version_geolocation": true, + "data_data_inserted_at": true, + "data_data_source_app_id": true, + "data_data_source_info_ip": true, + "data_data_source_info_ip_city_name": true, + "data_data_source_info_ip_country_code": true, + "data_data_source_info_ip_geolocation": true, + "data_data_threat_id_counter": true, + "data_data_threat_id_date": true, + "data_data_threat_id_machineIdentifier": true, + "data_data_threat_id_processIdentifier": true, + "data_data_threat_id_time": true, + "data_data_threat_id_timeSecond": true, + "data_data_threat_id_timestamp": true, + "data_data_threat_status": true, + "data_data_user_match_id_counter": true, + "data_data_user_match_id_date": true, + "data_data_user_match_id_machineIdentifier": true, + "data_data_user_match_id_processIdentifier": true, + "data_data_user_match_id_time": true, + "data_data_user_match_id_timeSecond": true, + "data_data_user_match_id_timestamp": true, + "data_data_user_match_uuid": true, + "data_datastream": true, + "data_detection_identity_name": true, + "data_duid": true, + "data_end": true, + "data_endpoint_id": true, + "data_endpoint_type": true, + "data_event_AssociatedFile": true, + "data_event_AuditKeyValues": true, + "data_event_CommandLine": true, + "data_event_ComputerName": false, + "data_event_DetectDescription": true, + "data_event_DetectId": true, + "data_event_DetectName": false, + "data_event_DnsRequests": true, + "data_event_DocumentsAccessed": true, + "data_event_ExecutablesWritten": true, + "data_event_FalconHostLink": true, + "data_event_FileName": false, + "data_event_FilePath": true, + "data_event_GrandparentCommandLine": true, + "data_event_GrandparentImageFileName": true, + "data_event_HostGroups": true, + "data_event_IOCType": true, + "data_event_IOCValue": true, + "data_event_LocalIP": false, + "data_event_MACAddress": true, + "data_event_MD5String": true, + "data_event_MachineDomain": true, + "data_event_NetworkAccesses": true, + "data_event_Objective": true, + "data_event_OperationName": true, + "data_event_ParentCommandLine": true, + "data_event_ParentImageFileName": true, + "data_event_ParentProcessId": true, + "data_event_PatternDispositionDescription": true, + "data_event_PatternDispositionFlags_BlockingUnsupportedOrDisabled": true, + "data_event_PatternDispositionFlags_BootupSafeguardEnabled": true, + "data_event_PatternDispositionFlags_CriticalProcessDisabled": true, + "data_event_PatternDispositionFlags_Detect": true, + "data_event_PatternDispositionFlags_FsOperationBlocked": true, + "data_event_PatternDispositionFlags_HandleOperationDowngraded": true, + "data_event_PatternDispositionFlags_InddetMask": true, + "data_event_PatternDispositionFlags_Indicator": true, + "data_event_PatternDispositionFlags_KillActionFailed": true, + "data_event_PatternDispositionFlags_KillParent": true, + "data_event_PatternDispositionFlags_KillProcess": true, + "data_event_PatternDispositionFlags_KillSubProcess": true, + "data_event_PatternDispositionFlags_OperationBlocked": true, + "data_event_PatternDispositionFlags_PolicyDisabled": true, + "data_event_PatternDispositionFlags_ProcessBlocked": true, + "data_event_PatternDispositionFlags_QuarantineFile": true, + "data_event_PatternDispositionFlags_QuarantineMachine": true, + "data_event_PatternDispositionFlags_RegistryOperationBlocked": true, + "data_event_PatternDispositionFlags_Rooting": true, + "data_event_PatternDispositionFlags_SensorOnly": true, + "data_event_PatternDispositionFlags_SuspendParent": true, + "data_event_PatternDispositionFlags_SuspendProcess": true, + "data_event_PatternDispositionValue": true, + "data_event_ProcessEndTime": true, + "data_event_ProcessId": true, + "data_event_ProcessStartTime": true, + "data_event_QuarantineFiles": true, + "data_event_SHA1String": true, + "data_event_SHA256String": true, + "data_event_SensorId": true, + "data_event_ServiceName": true, + "data_event_Severity": true, + "data_event_Success": true, + "data_event_Tactic": true, + "data_event_Tags": true, + "data_event_Technique": true, + "data_event_UTCTimestamp": true, + "data_event_UserId": true, + "data_event_UserIp": true, + "data_event_UserIp_city_name": true, + "data_event_UserIp_country_code": true, + "data_event_UserIp_geolocation": true, + "data_event_UserName": false, + "data_event_service_event_id": true, + "data_filePath": true, + "data_group": true, + "data_id": true, + "data_metadata_customerIDString": true, + "data_metadata_eventCreationTime": true, + "data_metadata_eventType": true, + "data_metadata_offset": true, + "data_metadata_version": true, + "data_name": true, + "data_origin": true, + "data_rt": true, + "data_source_info_ip": true, + "data_source_info_ip_city_name": true, + "data_source_info_ip_country_code": true, + "data_source_info_ip_geolocation": true, + "data_threat": true, + "data_threat_cleanable": true, + "data_win_eventXML_binaryData": true, + "data_win_eventXML_binaryDataSize": true, + "data_win_eventXML_param1": true, + "data_win_eventdata_binary": true, + "data_win_eventdata_data": true, + "data_win_eventdata_domain": true, + "data_win_eventdata_imagePath": true, + "data_win_eventdata_sID": true, + "data_win_eventdata_serviceName": true, + "data_win_eventdata_serviceType": true, + "data_win_eventdata_startType": true, + "data_win_eventdata_user": true, + "data_win_system_channel": true, + "data_win_system_computer": true, + "data_win_system_eventID": true, + "data_win_system_eventRecordID": true, + "data_win_system_eventSourceName": true, + "data_win_system_keywords": true, + "data_win_system_level": true, + "data_win_system_opcode": true, + "data_win_system_processID": true, + "data_win_system_providerGuid": true, + "data_win_system_providerName": true, + "data_win_system_severityValue": true, + "data_win_system_systemTime": true, + "data_win_system_task": true, + "data_win_system_threadID": true, + "data_win_system_version": true, + "decoder_name": true, + "device_product": true, + "device_vendor": true, + "device_version": true, + "dntdom": true, + "ecs_version": true, + "event_class_id": true, + "externalId": true, + "fileHash": true, + "full_log": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_processing_error": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_collector": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "host_name": true, + "id": true, + "location": true, + "log_file_path": true, + "log_offset": true, + "manager_name": true, + "message": true, + "name": true, + "objective": true, + "outcome": true, + "previous_output": true, + "rt": true, + "rule_description": true, + "rule_firedtimes": true, + "rule_frequency": true, + "rule_gdpr": true, + "rule_gpg13": true, + "rule_group1": true, + "rule_group2": true, + "rule_groups": true, + "rule_hipaa": true, + "rule_id": true, + "rule_level": true, + "rule_mail": true, + "rule_mitre_id": true, + "rule_mitre_tactic": true, + "rule_mitre_technique": true, + "rule_nist_800_53": true, + "rule_pci_dss": true, + "rule_tsc": true, + "sort": true, + "source": true, + "src_ip": true, + "src_ip_city_name": true, + "src_ip_country_code": true, + "src_ip_geolocation": true, + "streams": true, + "syslog_level": true, + "syslog_tag": true, + "syslog_type": true, + "timestamp": false, + "true": true, + "user_name": true, + "win_system_eventID": true, + "windows_event_id": true, + "windows_event_severity": false + }, + "indexByName": { + "CommandLine": 16, + "FalconHostLink": 17, + "Offset": 18, + "ParentProcessId": 19, + "ProcessId": 20, + "_id": 1, + "_index": 2, + "_type": 3, + "device_product": 21, + "device_vendor": 22, + "device_version": 23, + "dhost": 24, + "dntdom": 25, + "duser": 26, + "event_class_id": 27, + "externalId": 28, + "fileHash": 29, + "filePath": 31, + "fname": 30, + "gl2_accounted_message_size": 4, + "gl2_message_id": 5, + "gl2_remote_ip": 6, + "gl2_remote_port": 7, + "gl2_source_input": 8, + "gl2_source_node": 9, + "highlight": 10, + "message": 11, + "msg": 32, + "name": 33, + "objective": 34, + "outcome": 35, + "patternDisposition": 36, + "rt": 37, + "severity": 38, + "sort": 12, + "source": 13, + "streams": 14, + "syslog_type": 15, + "tactic": 39, + "technique": 40, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "_index": "", + "agent_ip": "SRC IP", + "agent_name": "AGENT", + "data_data_source_info_ip": "AGENT IP", + "data_description": "EVENT DESCRIPTION", + "data_event_ComputerName": "CROWDSTRIKE AGENT", + "data_event_DetectName": "DETECTION NAME", + "data_event_FileName": "FILE NAME", + "data_event_LocalIP": "AGENT IP", + "data_event_SeverityName": "SEVERITY", + "data_event_UserName": "ACCOUNT", + "data_metadata_eventType": "EVENT TYPE", + "data_name": "EVENT", + "data_source_info_ip": "AGENT IP", + "data_suser": "USER ACCOUNT", + "data_type": "EVENT TYPE", + "data_win_system_message": "MESSAGE", + "data_win_system_providerGuid": "", + "dhost": "AGENT", + "dntdom": "", + "duser": "USER", + "filePath": "PATH", + "fname": "FILE", + "msg": "MSG", + "patternDisposition": "DISPOSITION", + "rule_level": "RULE LEVEL", + "severity": "SEVERITY", + "syslog_level": "LEVEL", + "tactic": "TACTIC", + "technique": "TECHNIQUE", + "timestamp": "DATE/TIME", + "windows_event_severity": "EVENT LOG SEVERITY" + } + } + } + ], + "transparent": true, + "type": "table" + } + ], + "title": "CROWDSTRIKE - DETECTIONS", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 26 + }, + "id": 144, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "blue", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 4, + "x": 0, + "y": 44 + }, + "id": 145, + "links": [], + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:50", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:48", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "event_class_id:UserActivityAuditEvent", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "USER ACTIVITY EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "text", + "mode": "fixed" + }, + "custom": { + "align": "auto", + "displayMode": "color-text", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "data_event_ComputerName" + }, + "properties": [ + { + "id": "custom.width", + "value": 492 + }, + { + "id": "displayName", + "value": "CROWDSTRIKE AGENT" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 358 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 4, + "y": 44 + }, + "id": 146, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "duser", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "event_class_id:UserActivityAuditEvent", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "USER ACTIVITY - EVENTS BY USER ID", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "data_event_UserId": "USER ID" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "text", + "mode": "fixed" + }, + "custom": { + "align": "auto", + "displayMode": "color-text", + "filterable": false, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "data_name" + }, + "properties": [ + { + "id": "custom.width", + "value": 492 + }, + { + "id": "displayName", + "value": "Blocked App" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 358 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Blocked App" + }, + "properties": [ + { + "id": "custom.width", + "value": 611 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "data_event_DetectDescription" + }, + "properties": [ + { + "id": "custom.width", + "value": 741 + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 44 + }, + "id": 147, + "links": [], + "maxDataPoints": 3, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:73", + "fake": true, + "field": "destinationTranslatedAddress", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "destinationTranslatedAddress_country_code", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:71", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "event_class_id:UserActivityAuditEvent", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "USER ACTIVITY BY SRC IP", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "data_event_DetectDescription": "DESCRIPTION", + "data_event_UserIp": "USER IP", + "data_event_UserIp_country_code": "COUNTRY", + "destinationTranslatedAddress": "IP ADDRESS", + "destinationTranslatedAddress_country_code": "COUNTRY" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 202 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "VIEW EVENT DETAILS", + "url": "https://paschoalotto.soc.gemina.io/explore?left=%5B%22now-6h%22,%22now%22,%22CROWDSTRIKE%22,%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D" + } + ] + }, + { + "id": "custom.width", + "value": 285 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 122 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CROWDSTRIKE AGENT" + }, + "properties": [ + { + "id": "custom.width", + "value": 157 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 239 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "High": { + "color": "red", + "index": 2 + }, + "Medium": { + "color": "orange", + "index": 1 + }, + "low": { + "color": "green", + "index": 0 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "AGENT IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 173 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 123 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER" + }, + "properties": [ + { + "id": "custom.width", + "value": 215 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IP ADDRESS" + }, + "properties": [ + { + "id": "custom.width", + "value": 186 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 51 + }, + "id": 148, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.6", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "event_class_id:UserActivityAuditEvent", + "queryType": "randomWalk", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CROWDSTRIKE - USER ACTIVITY EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "@metadata_beat": true, + "@metadata_type": true, + "@metadata_version": true, + "Offset": true, + "_id": false, + "_index": true, + "_type": true, + "agent_ephemeral_id": true, + "agent_hostname": true, + "agent_id": true, + "agent_ip": false, + "agent_ip_city_name": true, + "agent_ip_country_code": true, + "agent_ip_geolocation": true, + "agent_labels_customer": true, + "agent_name": true, + "agent_type": true, + "agent_version": true, + "beats_type": true, + "cat": true, + "cluster_name": true, + "cluster_node": true, + "collector_node_id": true, + "data_appCerts": true, + "data_appSha256": true, + "data_core_remedy_items_items": true, + "data_core_remedy_items_totalItems": true, + "data_customer_id": true, + "data_data_core_remedy_items_items": true, + "data_data_core_remedy_items_totalItems": true, + "data_data_created_at": true, + "data_data_endpoint_id": true, + "data_data_endpoint_java_id": true, + "data_data_endpoint_platform": true, + "data_data_endpoint_type": true, + "data_data_event_service_id": true, + "data_data_hmpa_exploit_app_name": true, + "data_data_hmpa_exploit_details": true, + "data_data_hmpa_exploit_family_id": true, + "data_data_hmpa_exploit_mitigation": true, + "data_data_hmpa_exploit_process_alias_path": true, + "data_data_hmpa_exploit_process_name": true, + "data_data_hmpa_exploit_process_path": true, + "data_data_hmpa_exploit_process_pid": true, + "data_data_hmpa_exploit_process_version": true, + "data_data_hmpa_exploit_thumbprint": true, + "data_data_hmpa_exploit_type": true, + "data_data_hmpa_exploit_uid": true, + "data_data_hmpa_exploit_version": true, + "data_data_hmpa_exploit_version_city_name": true, + "data_data_hmpa_exploit_version_country_code": true, + "data_data_hmpa_exploit_version_geolocation": true, + "data_data_inserted_at": true, + "data_data_source_app_id": true, + "data_data_source_info_ip": true, + "data_data_source_info_ip_city_name": true, + "data_data_source_info_ip_country_code": true, + "data_data_source_info_ip_geolocation": true, + "data_data_threat_id_counter": true, + "data_data_threat_id_date": true, + "data_data_threat_id_machineIdentifier": true, + "data_data_threat_id_processIdentifier": true, + "data_data_threat_id_time": true, + "data_data_threat_id_timeSecond": true, + "data_data_threat_id_timestamp": true, + "data_data_threat_status": true, + "data_data_user_match_id_counter": true, + "data_data_user_match_id_date": true, + "data_data_user_match_id_machineIdentifier": true, + "data_data_user_match_id_processIdentifier": true, + "data_data_user_match_id_time": true, + "data_data_user_match_id_timeSecond": true, + "data_data_user_match_id_timestamp": true, + "data_data_user_match_uuid": true, + "data_datastream": true, + "data_detection_identity_name": true, + "data_duid": true, + "data_end": true, + "data_endpoint_id": true, + "data_endpoint_type": true, + "data_event_AssociatedFile": true, + "data_event_AuditKeyValues": true, + "data_event_CommandLine": true, + "data_event_ComputerName": false, + "data_event_DetectDescription": true, + "data_event_DetectId": true, + "data_event_DetectName": false, + "data_event_DnsRequests": true, + "data_event_DocumentsAccessed": true, + "data_event_ExecutablesWritten": true, + "data_event_FalconHostLink": true, + "data_event_FileName": false, + "data_event_FilePath": true, + "data_event_GrandparentCommandLine": true, + "data_event_GrandparentImageFileName": true, + "data_event_HostGroups": true, + "data_event_IOCType": true, + "data_event_IOCValue": true, + "data_event_LocalIP": false, + "data_event_MACAddress": true, + "data_event_MD5String": true, + "data_event_MachineDomain": true, + "data_event_NetworkAccesses": true, + "data_event_Objective": true, + "data_event_OperationName": false, + "data_event_ParentCommandLine": true, + "data_event_ParentImageFileName": true, + "data_event_ParentProcessId": true, + "data_event_PatternDispositionDescription": true, + "data_event_PatternDispositionFlags_BlockingUnsupportedOrDisabled": true, + "data_event_PatternDispositionFlags_BootupSafeguardEnabled": true, + "data_event_PatternDispositionFlags_CriticalProcessDisabled": true, + "data_event_PatternDispositionFlags_Detect": true, + "data_event_PatternDispositionFlags_FsOperationBlocked": true, + "data_event_PatternDispositionFlags_HandleOperationDowngraded": true, + "data_event_PatternDispositionFlags_InddetMask": true, + "data_event_PatternDispositionFlags_Indicator": true, + "data_event_PatternDispositionFlags_KillActionFailed": true, + "data_event_PatternDispositionFlags_KillParent": true, + "data_event_PatternDispositionFlags_KillProcess": true, + "data_event_PatternDispositionFlags_KillSubProcess": true, + "data_event_PatternDispositionFlags_OperationBlocked": true, + "data_event_PatternDispositionFlags_PolicyDisabled": true, + "data_event_PatternDispositionFlags_ProcessBlocked": true, + "data_event_PatternDispositionFlags_QuarantineFile": true, + "data_event_PatternDispositionFlags_QuarantineMachine": true, + "data_event_PatternDispositionFlags_RegistryOperationBlocked": true, + "data_event_PatternDispositionFlags_Rooting": true, + "data_event_PatternDispositionFlags_SensorOnly": true, + "data_event_PatternDispositionFlags_SuspendParent": true, + "data_event_PatternDispositionFlags_SuspendProcess": true, + "data_event_PatternDispositionValue": true, + "data_event_ProcessEndTime": true, + "data_event_ProcessId": true, + "data_event_ProcessStartTime": true, + "data_event_QuarantineFiles": true, + "data_event_SHA1String": true, + "data_event_SHA256String": true, + "data_event_SensorId": true, + "data_event_ServiceName": false, + "data_event_Severity": true, + "data_event_Success": true, + "data_event_Tactic": true, + "data_event_Tags": true, + "data_event_Technique": true, + "data_event_UTCTimestamp": true, + "data_event_UserId": false, + "data_event_UserIp": false, + "data_event_UserIp_city_name": true, + "data_event_UserIp_country_code": false, + "data_event_UserIp_geolocation": true, + "data_event_UserName": false, + "data_event_service_event_id": true, + "data_filePath": true, + "data_group": true, + "data_id": true, + "data_metadata_customerIDString": true, + "data_metadata_eventCreationTime": true, + "data_metadata_eventType": true, + "data_metadata_offset": true, + "data_metadata_version": true, + "data_name": true, + "data_origin": true, + "data_rt": true, + "data_source_info_ip": true, + "data_source_info_ip_city_name": true, + "data_source_info_ip_country_code": true, + "data_source_info_ip_geolocation": true, + "data_threat": true, + "data_threat_cleanable": true, + "data_win_eventXML_binaryData": true, + "data_win_eventXML_binaryDataSize": true, + "data_win_eventXML_param1": true, + "data_win_eventdata_binary": true, + "data_win_eventdata_data": true, + "data_win_eventdata_domain": true, + "data_win_eventdata_imagePath": true, + "data_win_eventdata_sID": true, + "data_win_eventdata_serviceName": true, + "data_win_eventdata_serviceType": true, + "data_win_eventdata_startType": true, + "data_win_eventdata_user": true, + "data_win_system_channel": true, + "data_win_system_computer": true, + "data_win_system_eventID": true, + "data_win_system_eventRecordID": true, + "data_win_system_eventSourceName": true, + "data_win_system_keywords": true, + "data_win_system_level": true, + "data_win_system_opcode": true, + "data_win_system_processID": true, + "data_win_system_providerGuid": true, + "data_win_system_providerName": true, + "data_win_system_severityValue": true, + "data_win_system_systemTime": true, + "data_win_system_task": true, + "data_win_system_threadID": true, + "data_win_system_version": true, + "decoder_name": true, + "destinationTranslatedAddress_city_name": true, + "destinationTranslatedAddress_country_code": false, + "destinationTranslatedAddress_geolocation": true, + "deviceProcessName": true, + "device_product": true, + "device_vendor": true, + "device_version": true, + "ecs_version": true, + "event_class_id": true, + "full_log": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_processing_error": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_collector": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "host_name": true, + "id": true, + "location": true, + "log_file_path": true, + "log_offset": true, + "manager_name": true, + "message": false, + "name": true, + "previous_output": true, + "rt": true, + "rule_description": true, + "rule_firedtimes": true, + "rule_frequency": true, + "rule_gdpr": true, + "rule_gpg13": true, + "rule_group1": true, + "rule_group2": true, + "rule_groups": true, + "rule_hipaa": true, + "rule_id": true, + "rule_level": true, + "rule_mail": true, + "rule_mitre_id": true, + "rule_mitre_tactic": true, + "rule_mitre_technique": true, + "rule_nist_800_53": true, + "rule_pci_dss": true, + "rule_tsc": true, + "sort": true, + "source": true, + "src_ip": true, + "src_ip_city_name": true, + "src_ip_country_code": true, + "src_ip_geolocation": true, + "streams": true, + "syslog_level": true, + "syslog_tag": true, + "syslog_type": true, + "timestamp": false, + "true": true, + "user_name": true, + "win_system_eventID": true, + "windows_event_id": true, + "windows_event_severity": false + }, + "indexByName": { + "Offset": 21, + "_id": 1, + "_index": 8, + "_type": 9, + "cat": 5, + "destinationTranslatedAddress": 3, + "destinationTranslatedAddress_city_name": 22, + "destinationTranslatedAddress_country_code": 4, + "destinationTranslatedAddress_geolocation": 23, + "deviceProcessName": 24, + "device_product": 25, + "device_vendor": 26, + "device_version": 27, + "duser": 2, + "event_class_id": 28, + "gl2_accounted_message_size": 10, + "gl2_message_id": 11, + "gl2_remote_ip": 12, + "gl2_remote_port": 13, + "gl2_source_input": 14, + "gl2_source_node": 15, + "highlight": 16, + "message": 6, + "name": 29, + "rt": 30, + "severity": 7, + "sort": 17, + "source": 18, + "streams": 19, + "syslog_type": 20, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "_index": "", + "agent_ip": "SRC IP", + "agent_name": "AGENT", + "cat": "CATEGORY", + "data_data_source_info_ip": "AGENT IP", + "data_description": "EVENT DESCRIPTION", + "data_event_ComputerName": "CROWDSTRIKE AGENT", + "data_event_DetectName": "DETECTION NAME", + "data_event_FileName": "FILE NAME", + "data_event_LocalIP": "AGENT IP", + "data_event_OperationName": "OPERATION", + "data_event_ServiceName": "SERVICE", + "data_event_SeverityName": "SEVERITY", + "data_event_UserId": "USER ID", + "data_event_UserIp": "USER IP", + "data_event_UserIp_country_code": "COUNTRY", + "data_event_UserName": "ACCOUNT", + "data_metadata_eventType": "EVENT TYPE", + "data_name": "EVENT", + "data_source_info_ip": "AGENT IP", + "data_suser": "USER ACCOUNT", + "data_type": "EVENT TYPE", + "data_win_system_message": "MESSAGE", + "data_win_system_providerGuid": "", + "destinationTranslatedAddress": "IP ADDRESS", + "destinationTranslatedAddress_country_code": "COUNTRY", + "duser": "USER", + "message": "MESSAGE", + "rule_level": "RULE LEVEL", + "severity": "SEVERITY", + "syslog_level": "LEVEL", + "timestamp": "DATE/TIME", + "windows_event_severity": "EVENT LOG SEVERITY" + } + } + } + ], + "transparent": true, + "type": "table" + } + ], + "title": "CROWDSTRIKE - USER ACTIVITY (CROWDSTRIKE PORTAL)", + "type": "row" + } + ], + "refresh": "", + "schemaVersion": 37, + "style": "dark", + "tags": ["EDR"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"dhost\", \"query\": \"\", \"size\": 1024}", + "hide": 0, + "includeAll": true, + "label": "CROWDSTRIKE AGENT", + "multi": false, + "name": "crowdstrike_agent", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"dhost\", \"query\": \"\", \"size\": 1024}", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"severity\", \"query\": \"\", \"size\": 1024}", + "hide": 0, + "includeAll": true, + "label": "CrowdStrike Severity", + "multi": false, + "name": "crowdstrike_severity", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"severity\", \"query\": \"\", \"size\": 1024}", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": ["10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d"], + "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] + }, + "timezone": "", + "title": "EDR - CROWDSTRIKE EVENTS AND ALERTS", + "version": 1, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_system_logs.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_system_logs.json new file mode 100644 index 000000000..2b4846337 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_system_logs.json @@ -0,0 +1,1776 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - SYSTEM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693209263, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET SYSTEM"], + "targetBlank": true, + "title": "FORTINET SYSTEM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "subtype", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY SUBTYPE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "critical" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 15, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "logdesc", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SYSTEM LOGS BY DESCRIPTION (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 422 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "INDICATOR" + }, + "properties": [ + { + "id": "custom.width", + "value": 439 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 9, + "x": 15, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "msg", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SYSTEM LOGS EVENTS BY MSG", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 222 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 296 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "error": { + "color": "red", + "index": 5 + }, + "information": { + "color": "green", + "index": 1 + }, + "notice": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:event AND !subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "dstport": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logdesc": false, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": false, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "logdesc": "DESCRIPTION", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "subtype": "SUBTYPE", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET SYSTEM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:event AND !subtype:vpn\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:event AND !subtype:vpn\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:event AND !subtype:vpn\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:event AND !subtype:vpn\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - SYSTEM LOGS", + "version": 5, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_anomalies.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_anomalies.json new file mode 100644 index 000000000..9ee309bb5 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_anomalies.json @@ -0,0 +1,1901 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693472915, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET UTM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "attack", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY DETECTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "service", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY PROTOCOL (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 32 + }, + "id": 17, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "msg", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES BY MSG", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 422 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND action:blocked AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - ANOMALIES EVENTS BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 139 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "green", + "index": 1 + }, + "notice": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 336 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DETECTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 339 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:anomaly AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "attackid": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "ref": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "attack": "DETECTION", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:anomaly\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:anomaly\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:anomaly\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:anomaly\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM ANOMALIES", + "version": 2, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_app_control.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_app_control.json new file mode 100644 index 000000000..e4bd3c806 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_app_control.json @@ -0,0 +1,1895 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693545433, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET THREAT DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "appcat", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY CATEGORY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APP CONTROL BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "app", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity AND action:block", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APPs BLOCKED (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 32 + }, + "id": 17, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "appcat", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND action:block AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APPs BLOCKED BY CATEGORY", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 422 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND action:block AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - APPs BLOCKED BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "semi-dark-red", + "index": 5 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "high": { + "color": "red", + "index": 3 + }, + "information": { + "color": "blue", + "index": 0 + }, + "notice": { + "color": "green", + "index": 1 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:app AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "appid": true, + "applist": true, + "apprisk": true, + "authserver": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "appcat": "CAT", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:app\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:app\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:app\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:app\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS APP CONTROL", + "version": 4, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dlp.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dlp.json new file mode 100644 index 000000000..732376dfd --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dlp.json @@ -0,0 +1,1908 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693642095, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET UTM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY FW PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "log-only" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "group", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP EVENTS BY GROUP (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 32 + }, + "id": 17, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "service", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP EVENTS BY PROTOCOL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 422 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DLP EVENTS BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "block": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "green", + "index": 1 + }, + "log-only": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:dlp AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "app": true, + "authserver": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "ref": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "agent": "CLIENT", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "filename": "FILENAME", + "filetype": "FILETYPE", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:dlp\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:dlp\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:dlp\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:dlp\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS DLP", + "version": 3, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dns.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dns.json new file mode 100644 index 000000000..0c8dfdcc2 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_dns.json @@ -0,0 +1,2148 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET UTM"], + "targetBlank": true, + "title": "FORTINET THREAT DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "365d" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY FW PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 6, + "y": 24 + }, + "id": 19, + "maxDataPoints": 1, + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "dstip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "DNS - RESOLVED IP GeoIP", + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 10, + "x": 14, + "y": 24 + }, + "id": 20, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "dstip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY COUNTRY AND ACTION", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "FW ACTION", + "devname": "FIREWALL", + "dstip_country_code": "COUNTRY" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 34 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "qname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS QNAMEs", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 34 + }, + "id": 17, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "qtype", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS BY QTYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "qtype": "QTYPE", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 362 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 34 + }, + "id": 14, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "eventtype", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - DNS EVENT TYPES", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "eventtype": "EVENT TYPE", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "semi-dark-red", + "index": 6 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "error": { + "color": "red", + "index": 5 + }, + "high": { + "color": "red", + "index": 3 + }, + "information": { + "color": "blue", + "index": 0 + }, + "notice": { + "color": "green", + "index": 1 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 43 + }, + "id": 16, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:dns AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "date": true, + "devid": true, + "direction": true, + "dstcountry": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtime": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "ipaddr": true, + "ipaddr_city_name": true, + "ipaddr_country_code": true, + "ipaddr_geolocation": true, + "level": true, + "logid": true, + "logver": true, + "message": true, + "method": true, + "msg": false, + "policyid": true, + "policytype": true, + "poluuid": true, + "proto": true, + "qclass": true, + "qtypeval": true, + "rcode": true, + "rcvdbyte": true, + "ref": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srccountry": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcip_reserved_ip": true, + "srcmac": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_customer": true, + "syslog_type": true, + "time": true, + "type": true, + "tz": true, + "user": true, + "vd": true, + "xid": true + }, + "indexByName": { + "_id": 1, + "_index": 8, + "_type": 9, + "action": 4, + "cat": 22, + "catdesc": 18, + "date": 23, + "devid": 24, + "devname": 2, + "dstcountry": 25, + "dstintf": 26, + "dstintfrole": 27, + "dstip": 10, + "dstip_city_name": 28, + "dstip_country_code": 29, + "dstip_geolocation": 30, + "dstport": 11, + "eventtime": 31, + "eventtype": 32, + "facility": 33, + "facility_num": 34, + "gl2_accounted_message_size": 12, + "gl2_message_id": 13, + "gl2_remote_ip": 14, + "gl2_remote_port": 15, + "gl2_source_input": 16, + "gl2_source_node": 17, + "highlight": 35, + "ipaddr": 36, + "ipaddr_city_name": 37, + "ipaddr_country_code": 38, + "ipaddr_geolocation": 39, + "level": 41, + "logid": 43, + "message": 19, + "msg": 44, + "policyid": 45, + "policytype": 46, + "poluuid": 47, + "profile": 7, + "proto": 48, + "qclass": 49, + "qname": 40, + "qtype": 42, + "qtypeval": 50, + "rcode": 51, + "sessionid": 52, + "sort": 53, + "source": 3, + "srccountry": 54, + "srcintf": 55, + "srcintfrole": 56, + "srcip": 6, + "srcip_reserved_ip": 57, + "srcmac": 58, + "srcport": 59, + "streams": 20, + "subtype": 60, + "syslog_customer": 61, + "syslog_level": 5, + "syslog_type": 21, + "time": 62, + "timestamp": 0, + "type": 63, + "tz": 64, + "vd": 65, + "xid": 66 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "msg": "MSG", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "qname": "QNAME", + "qtype": "QTYPE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "refresh": "", + "schemaVersion": 38, + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:dns\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:dns\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:dns\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:dns\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS DNS", + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ips.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ips.json new file mode 100644 index 000000000..fd075ccd5 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ips.json @@ -0,0 +1,1903 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693719648, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET UTM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY FW PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "dropped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "attack", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS DETECTIONS (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 32 + }, + "id": 17, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "service", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS DETECTIONS BY PROTOCOL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 422 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - IPS DETECTIONS BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "blue", + "index": 0 + }, + "notice": { + "color": "green", + "index": 1 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:ips AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "attackid": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "ref": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "attack": "DETECTION", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:ips\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:ips\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:ips\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:ips\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS IPS", + "version": 3, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ssl.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ssl.json new file mode 100644 index 000000000..65cf8f73d --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_ssl.json @@ -0,0 +1,1885 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693784008, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET UTM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY FW PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "hostname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL EVENTS BY HOSTNAME (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "INDICATOR" + }, + "properties": [ + { + "id": "custom.width", + "value": 318 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 32 + }, + "id": 17, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "msg", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL EVENTS BY MSG", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 363 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - SSL EVENTS BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "green", + "index": 1 + }, + "notice": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:ssl AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": false, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL", + "user": "USER" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:ssl\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:ssl\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:ssl\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:ssl\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS SSL", + "version": 2, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_summary.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_summary.json new file mode 100644 index 000000000..651819a39 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_summary.json @@ -0,0 +1,1221 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693378341, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET UTM"], + "targetBlank": true, + "title": "FORTINET UTM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 6, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "subtype", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY TYPE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY UTM PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "critical" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "subtype", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY FIREWALL AND TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL", + "subtype": "LOG SUBTYPE" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "allow" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 32 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS BY ACTION", + "type": "piechart" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm\"}", + "description": "PALO ALTO FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "\t{ \"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "\t{ \"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm\"}", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM _SUMMARY", + "version": 3, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_virus.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_virus.json new file mode 100644 index 000000000..57456c41a --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_virus.json @@ -0,0 +1,1875 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1657693855768, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET UTM DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "1y" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "hidden", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY FW PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right" + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 317 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 18, + "x": 6, + "y": 24 + }, + "id": 10, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS BY FIREWALL AND THREAT TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "ACTION", + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 32 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "msg", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS EVENTS MSG (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 32 + }, + "id": 17, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "service", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VIRUS EVENTS BY PROTOCOL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 422 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 32 + }, + "id": 14, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - URLs BLOCKED BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "green", + "index": 1 + }, + "notice": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 16, + "options": { + "footer": { + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.0.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:virus AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "authserver": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "agent": "CLIENT", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "filename": "FILENAME", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "schemaVersion": 36, + "style": "dark", + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:virus\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:virus\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:virus\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:virus\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS VIRUS", + "version": 3, + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_webfilter.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_webfilter.json new file mode 100644 index 000000000..03bb2e044 --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_utm_webfilter.json @@ -0,0 +1,2083 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - UTM LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET THREAT"], + "targetBlank": true, + "title": "FORTINET THREAT DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "365d" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 8, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 13, + "y": 0 + }, + "id": 5, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "profile", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY FW PROFILE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 18, + "x": 6, + "y": 8 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 16 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 6, + "x": 0, + "y": 24 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 6, + "y": 24 + }, + "id": 19, + "maxDataPoints": 1, + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "dstip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity AND direction:outgoing", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "WEB TRAFFIC - OUTGOING IP GeoIP", + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 10, + "x": 14, + "y": 24 + }, + "id": 20, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "dstip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity AND direction:outgoing", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - WEBFILTER BY COUNTRY AND ACTION", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "FW ACTION", + "devname": "FIREWALL", + "dstip_country_code": "COUNTRY" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 34 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "url", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity AND action:blocked", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - URLs BLOCKED (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "catdesc" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "URL CATEGORY" + }, + "properties": [ + { + "id": "custom.width", + "value": 372 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 10, + "y": 34 + }, + "id": 17, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "catdesc", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND action:blocked AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - URLs BLOCKED BY WEB CATEGORY", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "catdesc": "URL CATEGORY", + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "USER ACCOUNT" + }, + "properties": [ + { + "id": "custom.width", + "value": 362 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 17, + "y": 34 + }, + "id": 14, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND action:blocked AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - URLs BLOCKED BY USER ACCOUNT", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR", + "user": "USER ACCOUNT" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 81 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "semi-dark-red", + "index": 6 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "error": { + "color": "red", + "index": 5 + }, + "high": { + "color": "red", + "index": 3 + }, + "information": { + "color": "blue", + "index": 0 + }, + "notice": { + "color": "green", + "index": 1 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 214 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 43 + }, + "id": 16, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:utm AND subtype:webfilter AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FIREWALL EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "ref": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL" + } + } + } + ], + "type": "table" + } + ], + "refresh": "", + "schemaVersion": 38, + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:webfilter\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:utm AND subtype:webfilter\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:webfilter\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:utm AND subtype:webfilter\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - UTM LOGS WEBFILTER", + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_vpn.json b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_vpn.json new file mode 100644 index 000000000..335ca469d --- /dev/null +++ b/backend/app/connectors/grafana/dashboards/Fortinet/fortinet_vpn.json @@ -0,0 +1,3858 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "FORTINET - VPN LOGS", + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [ + { + "asDropdown": true, + "icon": "external link", + "includeVars": true, + "keepTime": true, + "tags": ["FORTINET VPN"], + "targetBlank": true, + "title": "FORTINET VPN DASHBOARDS", + "tooltip": "", + "type": "dashboards", + "url": "" + } + ], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 30, + "panels": [], + "title": "VPN SUMMARY (SDWAN + FORTICLIENT)", + "type": "row" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 1 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 1 + }, + "id": 23, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity AND action:\"ssl-login-fail\"", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN FAILED AUTHs (FORTICLIENT)", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 9, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "365d" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "devname", + "id": "1", + "type": "cardinality" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS: FIREWALLS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 12, + "y": 1 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS BY FIREWALL", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 17, + "y": 1 + }, + "id": 5, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS BY FIREWALL", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "error" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 9 + }, + "id": 11, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "syslog_level", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 5, + "x": 6, + "y": 9 + }, + "id": 24, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": false + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "tunneltype", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS BY VPN TYPE", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source" + }, + "properties": [ + { + "id": "custom.width", + "value": 473 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 11, + "y": 9 + }, + "id": 25, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "tunneltype", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS BY VPN TYPE", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "devname": "FIREWALL" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 17, + "y": 9 + }, + "id": 8, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "msg", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN LOGS BY STATUS", + "type": "piechart" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 28, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 18 + }, + "id": 31, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "information" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "notice" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "warning" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "alert" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "block-url" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "passthrough" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "tunnel-stats" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "tunnel-up" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "tunnel-down" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 4, + "y": 18 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "action", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "15" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN - VPN LOGS BY ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 14, + "x": 10, + "y": 18 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "devname", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "20" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "5m", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN - VPN LOGS BY FIREWALL - HISTOGRAM (TOP 20)", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 0, + "y": 26 + }, + "id": 20, + "maxDataPoints": 1, + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "remip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN - REMOTE IP GeoIP", + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "REMOTE IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 191 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 8, + "y": 26 + }, + "id": 21, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "remip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "remip", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN - REMOTE IP AND GeoIP", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "REMOTE IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 191 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 9, + "x": 15, + "y": 26 + }, + "id": 32, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "remip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "action", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN - REMOTE GeoIP AND ACTION", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "action": "TUNNEL ACTION", + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 147 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "green", + "index": 1 + }, + "notice": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.mynetassist.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 35 + }, + "id": 16, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:ipsec AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SDWAN EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "locip_city_name": true, + "locip_country_code": true, + "locip_geolocation": true, + "locport": true, + "logdesc": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "remip_city_name": true, + "remip_country_code": true, + "remip_geolocation": true, + "remport": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "tunneltype": true, + "type": true, + "user": true, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 11, + "_type": 12, + "action": 5, + "alert_category": 13, + "alert_definitions_version": 14, + "alert_signature": 15, + "app": 16, + "catdesc": 41, + "devname": 2, + "dstip": 17, + "dstport": 18, + "gl2_accounted_message_size": 31, + "gl2_message_id": 32, + "gl2_remote_ip": 33, + "gl2_remote_port": 34, + "gl2_source_input": 35, + "gl2_source_node": 36, + "message": 42, + "profile": 9, + "source": 3, + "srcip": 7, + "streams": 77, + "syslog_level": 6, + "syslog_type": 78, + "target_user_email": 79, + "timestamp": 0 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "duration": "DURATION", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "locip": "LOCAL IP", + "locip_country_code": "", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "remip": "REMOTE IP", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL", + "user": "USER" + } + } + } + ], + "transparent": true, + "type": "table" + } + ], + "title": "SDWAN", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 34, + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 0, + "y": 19 + }, + "id": 39, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT EVENTS", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 4, + "y": 19 + }, + "id": 40, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity AND action:\"ssl-login-fail\"", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "VPN FAILED AUTHs (FORTICLIENT)", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "USER" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Count" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 8, + "y": 19 + }, + "id": 36, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND devname:$firewall AND syslog_level:$severity AND action:\"ssl-login-fail\"", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT - FAILED AUTHs BY USER", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY", + "user": "USER" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "REMOTE IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 191 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 15, + "y": 19 + }, + "id": 37, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "duration", + "id": "5", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT - USER AND DURATION", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "duration": "DURATION", + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY", + "user": "USER" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 0, + "y": 27 + }, + "id": 35, + "maxDataPoints": 1, + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "remip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT - REMOTE IP GeoIP", + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "REMOTE IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 191 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 7, + "x": 8, + "y": 27 + }, + "id": 41, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "remip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "remip", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT - REMOTE IP AND GeoIP", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "REMOTE IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 191 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 9, + "x": 15, + "y": 27 + }, + "id": 42, + "maxDataPoints": 1, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "remip_country_code", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "user", + "id": "4", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT - REMOTE GeoIP AND USER", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY", + "user": "USER" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 36 + }, + "id": 13, + "options": { + "displayMode": "gradient", + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "valueMode": "color" + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "user", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "UTM EVENTS - VPN LOGS EVENTS BY USER (TOP 10)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "msg": "INDICATOR" + } + } + } + ], + "transparent": true, + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 14, + "x": 10, + "y": 36 + }, + "id": 43, + "options": { + "legend": { + "calcs": ["mean"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.5.1", + "targets": [ + { + "alias": "BYTES RCVD", + "bucketAggs": [ + { + "field": "timestamp", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "1", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "rcvdbyte", + "id": "1", + "type": "avg" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + }, + { + "alias": "BYTES SENT", + "bucketAggs": [ + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "hide": false, + "metrics": [ + { + "field": "sentbyte", + "id": "1", + "type": "avg" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "B", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT - VPN TRAFFIC", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "FIREWALL" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 147 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SEVERITY" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "mappings", + "value": [ + { + "options": { + "alert": { + "color": "red", + "index": 3 + }, + "critical": { + "color": "dark-red", + "index": 4 + }, + "information": { + "color": "green", + "index": 1 + }, + "notice": { + "color": "blue", + "index": 0 + }, + "warning": { + "color": "orange", + "index": 2 + } + }, + "type": "value" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SRC PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 87 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IF IN" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "APP" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DST PORT" + }, + "properties": [ + { + "id": "custom.width", + "value": 93 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22FORTINET%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-1h%22,%22to%22:%22now%22%7D%7D" + } + ] + }, + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVICE" + }, + "properties": [ + { + "id": "custom.width", + "value": 95 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DATE/TIME" + }, + "properties": [ + { + "id": "custom.width", + "value": 188 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PROFILE" + }, + "properties": [ + { + "id": "custom.width", + "value": 234 + } + ] + } + ] + }, + "gridPos": { + "h": 15, + "w": 24, + "x": 0, + "y": 45 + }, + "id": 38, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.0", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "settings": { + "size": "500" + }, + "type": "raw_data" + } + ], + "query": "type:event AND subtype:vpn AND tunneltype:\"ssl-tunnel\" AND devname:$firewall AND syslog_level:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "FORTICLIENT EVENTS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "_index": true, + "_type": true, + "alert_category": true, + "alert_definitions_version": true, + "alertlight": true, + "cat": true, + "catdesc": true, + "craction": true, + "crlevel": true, + "crscore": true, + "devid": true, + "direction": true, + "dstintf": true, + "dstintfrole": true, + "dstip_city_name": true, + "dstip_country_code": true, + "dstip_geolocation": true, + "eventtype": true, + "facility": true, + "facility_num": true, + "gl2_accounted_message_size": true, + "gl2_message_id": true, + "gl2_remote_ip": true, + "gl2_remote_port": true, + "gl2_source_input": true, + "gl2_source_node": true, + "group": true, + "highlight": true, + "hostname": true, + "hostname_city_name": true, + "hostname_country_code": true, + "hostname_geolocation": true, + "level": true, + "locip_city_name": true, + "locip_country_code": true, + "locip_geolocation": true, + "locport": true, + "logdesc": true, + "logver": true, + "message": true, + "method": true, + "msg": true, + "policyid": true, + "proto": true, + "rcvdbyte": true, + "remip_city_name": true, + "remip_country_code": false, + "remip_geolocation": true, + "remport": true, + "reqtype": true, + "sentbyte": true, + "sessionid": true, + "sort": true, + "source": true, + "srcintf": true, + "srcintfrole": true, + "srcip_city_name": true, + "srcip_country_code": true, + "srcip_geolocation": true, + "srcport": true, + "streams": true, + "subtype": true, + "syslog_type": true, + "tunneltype": true, + "type": true, + "user": false, + "vd": true + }, + "indexByName": { + "_id": 1, + "_index": 9, + "_type": 10, + "action": 7, + "devid": 20, + "devname": 2, + "duration": 21, + "facility": 22, + "facility_num": 23, + "gl2_accounted_message_size": 11, + "gl2_message_id": 12, + "gl2_remote_ip": 13, + "gl2_remote_port": 14, + "gl2_source_input": 15, + "gl2_source_node": 16, + "group": 24, + "highlight": 25, + "level": 26, + "logdesc": 27, + "logver": 28, + "message": 17, + "msg": 29, + "rcvdbyte": 30, + "remip": 4, + "remip_city_name": 31, + "remip_country_code": 5, + "remip_geolocation": 32, + "sentbyte": 33, + "sort": 34, + "source": 6, + "streams": 18, + "subtype": 35, + "syslog_level": 8, + "syslog_type": 19, + "timestamp": 0, + "tunneltype": 36, + "type": 37, + "user": 3, + "vd": 38 + }, + "renameByName": { + "_id": "EVENT ID", + "action": "ACTION", + "alert_signature": "SIGNATURE", + "app": "APP", + "destination_location_name": "LOCATION", + "devname": "FIREWALL", + "dstip": "DST IP", + "dstport": "DST PORT", + "duration": "DURATION", + "event_log_name": "", + "http_method": "METHOD", + "http_user_agent_name": "HTTP AGENT", + "locip": "LOCAL IP", + "locip_country_code": "", + "network_interface_in": "IF IN", + "network_interface_out": "IF OUT", + "network_transport": "", + "profile": "PROFILE", + "remip": "REMOTE IP", + "remip_country_code": "COUNTRY", + "rule_name": "RULE", + "service": "SERVICE", + "source": "", + "source_port": "SRC PORT", + "srcip": "SRC IP", + "syslog_level": "SEVERITY", + "timestamp": "DATE/TIME", + "url": "URL", + "user": "USER" + } + } + } + ], + "transparent": true, + "type": "table" + } + ], + "title": "FORTICLIENT", + "type": "row" + } + ], + "refresh": "", + "schemaVersion": 38, + "tags": ["FORTINET UTM"], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "Filters", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:event AND subtype:vpn\"}", + "description": "FORTINET FIREWALL", + "hide": 0, + "includeAll": true, + "label": "Firewall", + "multi": false, + "name": "firewall", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"devname\", \"query\": \"type:event AND subtype:vpn\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:event AND subtype:vpn\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{\"find\": \"terms\", \"field\": \"syslog_level\", \"query\": \"type:event AND subtype:vpn\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "FORTINET - VPN LOGS", + "weekStart": "" +} diff --git a/backend/app/connectors/grafana/dashboards/Office365/active_directory.json b/backend/app/connectors/grafana/dashboards/Office365/active_directory.json index 0d22f365b..d18b2b5ec 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/active_directory.json +++ b/backend/app/connectors/grafana/dashboards/Office365/active_directory.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -251,7 +251,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -311,14 +313,16 @@ }, "id": 54, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -336,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -375,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -411,7 +415,6 @@ "y": 0 }, "id": 59, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -422,10 +425,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -442,7 +447,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -463,7 +468,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -473,7 +478,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -533,14 +540,16 @@ }, "id": 60, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -558,7 +567,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -597,7 +606,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -633,7 +642,6 @@ "y": 7 }, "id": 65, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -644,10 +652,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -664,7 +674,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -685,7 +695,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -793,7 +803,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -809,12 +819,11 @@ } ], "title": "USERS ADDED EVENTS (Results)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -824,7 +833,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -881,8 +892,10 @@ }, "properties": [ { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } }, { "id": "mappings", @@ -914,14 +927,16 @@ }, "id": 67, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -939,7 +954,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -979,7 +994,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -989,7 +1004,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -1046,8 +1063,10 @@ }, "properties": [ { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } }, { "id": "mappings", @@ -1079,14 +1098,16 @@ }, "id": 68, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1115,7 +1136,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1156,7 +1177,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1192,7 +1213,6 @@ "y": 14 }, "id": 69, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1203,10 +1223,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1223,7 +1245,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1244,7 +1266,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1254,7 +1276,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -1311,8 +1335,10 @@ }, "properties": [ { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } }, { "id": "mappings", @@ -1340,14 +1366,16 @@ }, "id": 70, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1365,7 +1393,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1405,7 +1433,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1415,7 +1443,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -1472,8 +1502,10 @@ }, "properties": [ { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } }, { "id": "mappings", @@ -1501,14 +1533,16 @@ }, "id": 71, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1537,7 +1571,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1579,7 +1613,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1615,7 +1649,6 @@ "y": 14 }, "id": 73, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1626,10 +1659,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1646,7 +1681,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1667,7 +1702,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1677,7 +1712,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -1734,8 +1771,10 @@ }, "properties": [ { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } }, { "id": "mappings", @@ -1763,14 +1802,16 @@ }, "id": 74, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1799,7 +1840,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1841,7 +1882,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1877,7 +1918,6 @@ "y": 21 }, "id": 61, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1888,10 +1928,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1907,7 +1949,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1926,40 +1968,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 14, "w": 10, "x": 4, "y": 21 }, - "hideEmpty": false, - "hideZero": false, "id": 62, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1987,7 +2111,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2002,16 +2126,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "AUTHS NON TRUSTED SOURCE BY COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2021,7 +2149,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -2058,8 +2188,10 @@ "id": "custom.align" }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -2074,8 +2206,10 @@ "value": 377 }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -2090,8 +2224,10 @@ "value": 166 }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -2102,8 +2238,10 @@ }, "properties": [ { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] } @@ -2117,7 +2255,9 @@ }, "id": 63, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -2125,7 +2265,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2165,7 +2305,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2208,7 +2348,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2244,7 +2384,6 @@ "y": 28 }, "id": 64, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -2255,10 +2394,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2274,7 +2415,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2294,7 +2435,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2343,8 +2484,9 @@ "y": 35 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -2353,9 +2495,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2371,7 +2514,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2393,7 +2536,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2402,6 +2545,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -2415,6 +2559,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -2492,7 +2637,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2512,7 +2657,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2548,7 +2693,6 @@ "y": 42 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -2559,10 +2703,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2579,7 +2725,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2600,7 +2746,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2636,7 +2782,6 @@ "y": 48 }, "id": 52, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -2647,10 +2792,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2667,7 +2814,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2687,40 +2834,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 10, "x": 4, "y": 48 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2748,7 +2977,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2763,16 +2992,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "AZURE AD - ALL AUTH EVENTS BY COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -2782,7 +3015,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": true, "inspect": false }, @@ -2820,8 +3055,10 @@ "id": "custom.align" }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -2836,8 +3073,10 @@ "value": 377 }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -2852,8 +3091,10 @@ "value": 326 }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } }, { "id": "links", @@ -2877,7 +3118,9 @@ }, "id": 58, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -2885,7 +3128,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -2907,7 +3150,7 @@ "settings": { "min_doc_count": "1", "order": "desc", - "orderBy": "_term", + "orderBy": "_count", "size": "10" }, "type": "terms" @@ -2925,7 +3168,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2942,12 +3185,6 @@ ], "title": "FAILED AUTHS BY ACCOUNT AND ERROR", "transformations": [ - { - "id": "merge", - "options": { - "reducers": [] - } - }, { "id": "organize", "options": { @@ -2967,7 +3204,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -3003,7 +3240,6 @@ "y": 54 }, "id": 18, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -3014,10 +3250,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -3034,7 +3272,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -3055,7 +3293,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -3089,17 +3327,21 @@ "id": 57, "options": { "displayMode": "gradient", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": ["sum"], "fields": "", "values": false }, - "showUnfilled": true + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "alias": "", @@ -3128,7 +3370,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -3147,7 +3389,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -3181,17 +3423,21 @@ "id": 72, "options": { "displayMode": "gradient", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": ["sum"], "fields": "", "values": false }, - "showUnfilled": true + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "alias": "", @@ -3220,7 +3466,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -3239,7 +3485,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -3249,7 +3495,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": true, "inspect": false }, @@ -3288,8 +3536,11 @@ "value": -1 }, { - "id": "custom.displayMode", - "value": "color-background" + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } }, { "id": "custom.align" @@ -3415,8 +3666,10 @@ ] }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -3466,7 +3719,9 @@ }, "id": 27, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "enablePagination": true, "fields": "", "reducer": ["sum"], @@ -3475,12 +3730,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.3.6", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -4089,14 +4344,13 @@ } ], "refresh": false, - "schemaVersion": 37, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -4113,7 +4367,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:AzureActiveDirectory\"}", @@ -4140,7 +4394,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -4160,7 +4414,7 @@ ] }, "time": { - "from": "now-24h", + "from": "now-6h", "to": "now" }, "timepicker": { diff --git a/backend/app/connectors/grafana/dashboards/Office365/applications.json b/backend/app/connectors/grafana/dashboards/Office365/applications.json index 1ca8b7f46..0b60263ce 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/applications.json +++ b/backend/app/connectors/grafana/dashboards/Office365/applications.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY WORKLOAD (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -380,7 +380,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -473,7 +473,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -489,12 +489,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -575,7 +574,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -593,7 +592,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -633,7 +632,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -682,8 +681,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -692,9 +692,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -710,7 +711,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -732,7 +733,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -741,6 +742,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -754,6 +756,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -831,7 +834,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -851,7 +854,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -887,7 +890,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -898,10 +900,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -918,7 +922,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -938,40 +942,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 10, "x": 0, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 64, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -999,7 +1085,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1014,16 +1100,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "APPLICATIONS ACCESS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1135,7 +1225,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1175,7 +1265,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1218,7 +1308,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1239,7 +1329,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -1283,7 +1374,8 @@ "mode": "absolute", "steps": [ { - "color": "#37872D" + "color": "#37872D", + "value": null }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1460,12 +1552,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2278,14 +2370,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2302,7 +2393,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Workload\", \"query\": \"!data_office365_Workload:AzureActiveDirectory\"}", @@ -2329,7 +2420,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"!data_office365_Workload:AzureActiveDirectory\"}", diff --git a/backend/app/connectors/grafana/dashboards/Office365/compliance_center.json b/backend/app/connectors/grafana/dashboards/Office365/compliance_center.json index b44ded8ba..0cb3e9f67 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/compliance_center.json +++ b/backend/app/connectors/grafana/dashboards/Office365/compliance_center.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -251,7 +251,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -323,7 +325,9 @@ }, "id": 54, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -331,7 +335,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -349,7 +353,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -389,7 +393,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -425,7 +429,6 @@ "y": 0 }, "id": 55, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -436,10 +439,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -455,7 +460,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -475,7 +480,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -485,7 +490,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -569,7 +576,9 @@ }, "id": 57, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -577,7 +586,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -595,7 +604,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -630,7 +639,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -679,8 +688,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -689,9 +699,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -707,7 +718,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -729,7 +740,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -738,6 +749,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -751,6 +763,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -828,7 +841,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -848,7 +861,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -884,7 +897,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -895,10 +907,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -915,7 +929,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -936,7 +950,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -946,7 +960,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": true, "inspect": false }, @@ -985,8 +1001,11 @@ "value": -1 }, { - "id": "custom.displayMode", - "value": "color-background" + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } }, { "id": "custom.align" @@ -1141,7 +1160,9 @@ }, "id": 27, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -1149,12 +1170,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1519,14 +1540,13 @@ } ], "refresh": false, - "schemaVersion": 37, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -1543,7 +1563,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:SecurityComplianceCenter\"}", @@ -1570,7 +1590,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -1590,7 +1610,7 @@ ] }, "time": { - "from": "now-12h", + "from": "now-6h", "to": "now" }, "timepicker": { @@ -1599,7 +1619,5 @@ }, "timezone": "", "title": "O365 - SECURITY COMPLIANCE CENTER", - "uid": "itiq7wq7z", - "version": 1, "weekStart": "" } diff --git a/backend/app/connectors/grafana/dashboards/Office365/defender_for_identity.json b/backend/app/connectors/grafana/dashboards/Office365/defender_for_identity.json index e28e18b09..63b03e606 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/defender_for_identity.json +++ b/backend/app/connectors/grafana/dashboards/Office365/defender_for_identity.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -428,8 +428,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -438,9 +439,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -456,7 +458,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -478,7 +480,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -487,6 +489,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -500,6 +503,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -577,7 +581,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -597,7 +601,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -633,7 +637,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -644,10 +647,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -664,7 +669,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -685,7 +690,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -779,7 +784,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -797,7 +802,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -838,40 +843,122 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 8, "x": 7, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -899,7 +986,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -914,16 +1001,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "Endpoint - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1005,7 +1096,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1034,7 +1125,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1076,7 +1167,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1393,12 +1484,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2132,14 +2223,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2156,7 +2246,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:MicrosoftDefenderForIdentity\"}", @@ -2183,7 +2273,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"data_office365_Workload:MicrosoftDefenderForIdentity\"}", diff --git a/backend/app/connectors/grafana/dashboards/Office365/dlp.json b/backend/app/connectors/grafana/dashboards/Office365/dlp.json index f99076b40..692dcd0be 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/dlp.json +++ b/backend/app/connectors/grafana/dashboards/Office365/dlp.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY WORKLOAD (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -251,7 +251,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -311,14 +313,16 @@ }, "id": 54, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -336,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -376,7 +380,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -425,8 +429,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -435,9 +440,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -453,7 +459,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -475,7 +481,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -484,6 +490,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -497,6 +504,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -574,7 +582,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -594,7 +602,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -630,7 +638,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -641,10 +648,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -661,7 +670,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -682,7 +691,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -692,7 +701,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -729,8 +740,10 @@ "id": "custom.align" }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -745,8 +758,10 @@ "value": 377 }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -761,8 +776,10 @@ "value": 326 }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] } @@ -776,7 +793,9 @@ }, "id": 58, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -784,7 +803,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -802,7 +821,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -843,7 +862,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -877,17 +896,21 @@ "id": 57, "options": { "displayMode": "gradient", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": ["sum"], "fields": "", "values": false }, - "showUnfilled": true + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "alias": "", @@ -916,7 +939,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -935,7 +958,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -969,17 +992,21 @@ "id": 59, "options": { "displayMode": "gradient", + "maxVizHeight": 300, "minVizHeight": 10, "minVizWidth": 0, + "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": ["sum"], "fields": "", "values": false }, - "showUnfilled": true + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "alias": "", @@ -1008,7 +1035,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1027,7 +1054,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1037,7 +1064,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": true, "inspect": false }, @@ -1046,7 +1075,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -1075,8 +1105,11 @@ "value": -1 }, { - "id": "custom.displayMode", - "value": "color-background" + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } }, { "id": "custom.align" @@ -1087,7 +1120,8 @@ "mode": "absolute", "steps": [ { - "color": "#37872D" + "color": "#37872D", + "value": null }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1230,7 +1264,9 @@ }, "id": 27, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -1238,12 +1274,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.0.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1869,14 +1905,13 @@ } ], "refresh": false, - "schemaVersion": 37, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -1893,7 +1928,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Workload\", \"query\": \"data_office365_Operation:DLPRuleMatch OR data_office365_Operation:DlpRuleMatch\"}", @@ -1920,7 +1955,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -1949,7 +1984,5 @@ }, "timezone": "", "title": "O365 - DLP DETECTIONS", - "uid": "fpSr7wq7z", - "version": 1, "weekStart": "" } diff --git a/backend/app/connectors/grafana/dashboards/Office365/endpoint.json b/backend/app/connectors/grafana/dashboards/Office365/endpoint.json index f7b9df38f..bca580731 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/endpoint.json +++ b/backend/app/connectors/grafana/dashboards/Office365/endpoint.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -460,7 +460,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -478,7 +478,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -519,7 +519,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -568,8 +568,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -578,9 +579,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -596,7 +598,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -618,7 +620,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -627,6 +629,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -640,6 +643,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -717,7 +721,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -737,7 +741,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -773,7 +777,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -784,10 +787,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -804,7 +809,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -825,7 +830,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -919,7 +924,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -948,7 +953,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -988,40 +993,122 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 8, "x": 7, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1049,7 +1136,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1064,16 +1151,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "Endpoint - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1155,7 +1246,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1184,7 +1275,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1226,7 +1317,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1247,8 +1338,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1292,8 +1382,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1543,12 +1632,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2280,14 +2369,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2304,7 +2392,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:Endpoint\"}", @@ -2331,7 +2419,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"data_office365_Workload:Endpoint\"}", @@ -2351,7 +2439,7 @@ ] }, "time": { - "from": "now-12h", + "from": "now-6h", "to": "now" }, "timepicker": { diff --git a/backend/app/connectors/grafana/dashboards/Office365/exchange.json b/backend/app/connectors/grafana/dashboards/Office365/exchange.json index 4a7aa3ef9..11f95c9a3 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/exchange.json +++ b/backend/app/connectors/grafana/dashboards/Office365/exchange.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -428,8 +428,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -438,9 +439,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -456,7 +458,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -478,7 +480,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -487,6 +489,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -500,6 +503,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -577,7 +581,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -597,7 +601,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -633,7 +637,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -644,10 +647,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -664,7 +669,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -685,7 +690,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -721,7 +726,6 @@ "y": 20 }, "id": 52, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -732,10 +736,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -752,7 +758,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -772,40 +778,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 10, "x": 4, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -833,7 +921,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -848,16 +936,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "EXCHANGE - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -939,7 +1031,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -968,7 +1060,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1010,7 +1102,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1046,7 +1138,6 @@ "y": 26 }, "id": 18, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1057,10 +1148,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1077,7 +1170,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1098,7 +1191,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1119,8 +1212,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1164,8 +1256,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1367,12 +1458,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2075,14 +2166,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2099,7 +2189,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:Exchange\"}", @@ -2126,7 +2216,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -2146,7 +2236,7 @@ ] }, "time": { - "from": "now-12h", + "from": "now-6h", "to": "now" }, "timepicker": { diff --git a/backend/app/connectors/grafana/dashboards/Office365/forms.json b/backend/app/connectors/grafana/dashboards/Office365/forms.json index a392f59cb..21a33875f 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/forms.json +++ b/backend/app/connectors/grafana/dashboards/Office365/forms.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -460,7 +460,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -478,7 +478,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -519,7 +519,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -568,8 +568,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -578,9 +579,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -596,7 +598,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -618,7 +620,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -627,6 +629,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -640,6 +643,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -717,7 +721,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -737,7 +741,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -773,7 +777,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -784,10 +787,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -804,7 +809,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -825,7 +830,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -907,7 +912,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -925,7 +930,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -968,40 +973,122 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 8, "x": 8, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1029,7 +1116,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1044,16 +1131,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "MS-FORMS - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1135,7 +1226,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1164,7 +1255,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1206,7 +1297,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1227,8 +1318,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1272,8 +1362,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1511,12 +1600,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2279,14 +2368,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2303,7 +2391,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:MicrosoftForms\"}", @@ -2330,7 +2418,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"data_office365_Workload:MicrosoftForms\"}", @@ -2350,7 +2438,7 @@ ] }, "time": { - "from": "now-2d", + "from": "now-6h", "to": "now" }, "timepicker": { diff --git a/backend/app/connectors/grafana/dashboards/Office365/mitre.json b/backend/app/connectors/grafana/dashboards/Office365/mitre.json index 1f39aa7c3..fe9d6b431 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/mitre.json +++ b/backend/app/connectors/grafana/dashboards/Office365/mitre.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -105,10 +105,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "alias": "MITRE ENRICHED EVENTS", @@ -126,7 +128,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -154,7 +156,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "hide": false, @@ -174,7 +176,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -209,10 +211,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -229,7 +233,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -250,7 +254,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -285,10 +289,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -306,7 +312,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -329,7 +335,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -339,7 +345,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -363,14 +371,16 @@ }, "id": 13, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -388,7 +398,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -411,7 +421,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -439,7 +449,6 @@ "y": 0 }, "id": 15, - "links": [], "maxDataPoints": 3, "options": { "displayLabels": [], @@ -492,7 +501,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -513,7 +522,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -541,7 +550,6 @@ "y": 7 }, "id": 16, - "links": [], "options": { "displayLabels": [], "legend": { @@ -593,7 +601,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -614,14 +622,16 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": false, "inspect": false }, @@ -671,9 +681,10 @@ "y": 7 }, "id": 28, - "links": [], "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -681,7 +692,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -700,7 +711,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -733,14 +744,16 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": false, "inspect": false }, @@ -777,16 +790,17 @@ "y": 7 }, "id": 33, - "links": [], "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -805,7 +819,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -839,7 +853,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -867,7 +881,6 @@ "y": 18 }, "id": 29, - "links": [], "options": { "displayLabels": [], "legend": { @@ -919,7 +932,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -940,14 +953,16 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": false, "inspect": false }, @@ -997,9 +1012,10 @@ "y": 18 }, "id": 30, - "links": [], "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -1007,7 +1023,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1026,7 +1042,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1059,7 +1075,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1069,7 +1085,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [ @@ -1119,7 +1137,9 @@ }, "id": 17, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -1127,7 +1147,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1146,7 +1166,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1180,7 +1200,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1189,6 +1209,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -1202,6 +1223,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1279,7 +1301,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1299,7 +1321,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1309,7 +1331,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -1431,8 +1455,11 @@ "value": -1 }, { - "id": "custom.displayMode", - "value": "color-background" + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } }, { "id": "custom.align" @@ -1546,7 +1573,7 @@ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1628,14 +1655,13 @@ } ], "refresh": "", - "schemaVersion": 37, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -1652,7 +1678,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Workload\", \"query\": \"_exists_:rule_mitre_tactic\"}", @@ -1679,7 +1705,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -1707,7 +1733,5 @@ }, "timezone": "", "title": "O365 - MITRE ATT&CK", - "uid": "Nipjnw37k", - "version": 1, "weekStart": "" } diff --git a/backend/app/connectors/grafana/dashboards/Office365/onedrive.json b/backend/app/connectors/grafana/dashboards/Office365/onedrive.json index 427bc0c39..621050852 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/onedrive.json +++ b/backend/app/connectors/grafana/dashboards/Office365/onedrive.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -428,8 +428,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -438,9 +439,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -456,7 +458,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -478,7 +480,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -487,6 +489,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -500,6 +503,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -577,7 +581,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -597,7 +601,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -633,7 +637,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -644,10 +647,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -664,7 +669,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -685,7 +690,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -721,7 +726,6 @@ "y": 20 }, "id": 52, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -732,10 +736,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -752,7 +758,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -772,40 +778,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 10, "x": 4, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -833,7 +921,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -848,16 +936,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "ONEDRIVE - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -939,7 +1031,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -968,7 +1060,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1010,7 +1102,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1046,7 +1138,6 @@ "y": 26 }, "id": 18, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1057,10 +1148,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1077,7 +1170,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1098,7 +1191,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1119,8 +1212,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1164,8 +1256,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1379,12 +1470,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2129,14 +2220,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2153,7 +2243,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:OneDrive\"}", @@ -2180,7 +2270,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -2200,7 +2290,7 @@ ] }, "time": { - "from": "now-12h", + "from": "now-6h", "to": "now" }, "timepicker": { diff --git a/backend/app/connectors/grafana/dashboards/Office365/powerbi.json b/backend/app/connectors/grafana/dashboards/Office365/powerbi.json index 53bc307dd..b068b056b 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/powerbi.json +++ b/backend/app/connectors/grafana/dashboards/Office365/powerbi.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -460,7 +460,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -478,7 +478,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -520,7 +520,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -569,8 +569,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -579,9 +580,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -597,7 +599,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -619,7 +621,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -628,6 +630,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -641,6 +644,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -718,7 +722,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -738,7 +742,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -774,7 +778,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -785,10 +788,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -805,7 +810,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -826,7 +831,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -908,7 +913,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -926,7 +931,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -970,40 +975,122 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 8, "x": 8, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1031,7 +1118,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1046,16 +1133,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "MS-PowerBI - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1137,7 +1228,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1166,7 +1257,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1208,7 +1299,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1229,8 +1320,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1274,8 +1364,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1513,12 +1602,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2295,14 +2384,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2319,7 +2407,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:PowerBI\"}", @@ -2346,7 +2434,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"data_office365_Workload:PowerBI\"}", diff --git a/backend/app/connectors/grafana/dashboards/Office365/sharepoint.json b/backend/app/connectors/grafana/dashboards/Office365/sharepoint.json index 3776e39c6..6a7db86e8 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/sharepoint.json +++ b/backend/app/connectors/grafana/dashboards/Office365/sharepoint.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -322,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -340,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -379,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -460,7 +460,7 @@ }, "showHeader": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -478,7 +478,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -518,7 +518,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -567,8 +567,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -577,9 +578,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -595,7 +597,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -617,7 +619,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -626,6 +628,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -639,6 +642,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -716,7 +720,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -736,7 +740,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -772,7 +776,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -783,10 +786,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -803,7 +808,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -824,7 +829,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -906,7 +911,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -935,7 +940,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -977,40 +982,122 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 8, "x": 8, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1038,7 +1125,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1053,16 +1140,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "SHAREPOINT - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1144,7 +1235,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1173,7 +1264,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1215,7 +1306,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1236,8 +1327,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1281,8 +1371,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1520,12 +1609,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.0.3", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2282,14 +2371,13 @@ } ], "refresh": "", - "schemaVersion": 38, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2306,7 +2394,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:SharePoint\"}", @@ -2333,7 +2421,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"data_office365_Workload:SharePoint\"}", diff --git a/backend/app/connectors/grafana/dashboards/Office365/summary.json b/backend/app/connectors/grafana/dashboards/Office365/summary.json index 6ef8107b5..7d9bfb745 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/summary.json +++ b/backend/app/connectors/grafana/dashboards/Office365/summary.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -240,7 +241,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -256,7 +257,6 @@ } ], "title": "EVENTS BY WORKLOAD (Top 10)", - "transformations": [], "type": "piechart" }, { @@ -342,7 +342,7 @@ }, "showHeader": true }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -360,7 +360,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -399,7 +399,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -492,7 +492,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -508,12 +508,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -594,7 +593,7 @@ }, "showHeader": true }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -612,7 +611,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -652,7 +651,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -701,7 +700,6 @@ "y": 7 }, "id": 16, - "links": [], "options": { "minVizHeight": 75, "minVizWidth": 75, @@ -713,9 +711,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -731,7 +730,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -768,7 +767,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, - "drawStyle": "line", + "drawStyle": "bars", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { @@ -787,7 +786,7 @@ "spanNulls": false, "stacking": { "group": "A", - "mode": "none" + "mode": "normal" }, "thresholdsStyle": { "mode": "off" @@ -816,7 +815,7 @@ "x": 4, "y": 7 }, - "id": 58, + "id": 57, "options": { "legend": { "calcs": [], @@ -857,7 +856,6 @@ "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "format": "table", "metrics": [ { "id": "1", @@ -865,17 +863,17 @@ } ], "query": "data_office365_Workload:$workload AND rule_level:$rule_level", - "queryType": "lucene", "refId": "A", "timeField": "timestamp" } ], "title": "TOP 10 WORKLOADS - HISTOGRAM", + "transparent": true, "type": "timeseries" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -911,7 +909,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -922,10 +919,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -942,7 +941,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -963,7 +962,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -999,7 +998,6 @@ "y": 20 }, "id": 52, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1010,10 +1008,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1030,7 +1030,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1050,40 +1050,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 10, "x": 4, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1111,7 +1193,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1126,16 +1208,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "AZURE AD - ALL AUTH EVENTS BY COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1229,7 +1315,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1247,7 +1333,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1288,7 +1374,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1324,7 +1410,6 @@ "y": 26 }, "id": 18, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1335,10 +1420,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1355,7 +1442,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1376,7 +1463,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1578,7 +1665,7 @@ "properties": [ { "id": "custom.width", - "value": 206 + "value": 332 } ] }, @@ -1645,10 +1732,6 @@ "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22O365%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-6h%22,%22to%22:%22now%22%7D%7D" } ] - }, - { - "id": "custom.width", - "value": 317 } ] }, @@ -1663,30 +1746,6 @@ "value": 146 } ] - }, - { - "matcher": { - "id": "byName", - "options": "RULE DESCRIPTION" - }, - "properties": [ - { - "id": "custom.width", - "value": 1105 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "LEVEL" - }, - "properties": [ - { - "id": "custom.width", - "value": 112 - } - ] } ] }, @@ -1709,12 +1768,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1740,8 +1799,6 @@ "names": [ "timestamp", "_id", - "data_office365_Operation", - "data_office365_Workload", "rule_description", "rule_mitre_id", "rule_mitre_tactic", @@ -2058,7 +2115,7 @@ "data_office365_ObjectId": true, "data_office365_ObjectName": true, "data_office365_ObjectType": true, - "data_office365_Operation": false, + "data_office365_Operation": true, "data_office365_OperationDetails": true, "data_office365_OperationScope": true, "data_office365_OrgAppPermission_permissions": true, @@ -2173,7 +2230,7 @@ "data_office365_VersionId": true, "data_office365_WebId": true, "data_office365_WorkSpaceName": true, - "data_office365_Workload": false, + "data_office365_Workload": true, "data_office365_WorkspaceId": true, "data_office365_YammerNetworkId": true, "data_osquery_action": true, @@ -2544,7 +2601,7 @@ "syscheck_win_perm_after_3_allowed": true, "syscheck_win_perm_after_3_name": true, "syslog_customer": true, - "syslog_level": false, + "syslog_level": true, "syslog_tag": true, "syslog_type": true, "sysmon_event_description": true, @@ -2552,7 +2609,7 @@ "threat_indicated": true, "threat_names": true, "time": true, - "timestamp": true, + "timestamp": false, "true": true, "user_name": true, "win_registry_key": true, @@ -2564,27 +2621,82 @@ "windows_logon_type": true }, "indexByName": { - "_id": 1, - "data_office365_Operation": 4, - "data_office365_Workload": 3, - "rule_description": 2, - "rule_mitre_id": 6, - "rule_mitre_tactic": 7, - "rule_mitre_technique": 8, - "syslog_level": 5, - "timestamp": 0 + "_id": 2, + "_index": 7, + "_type": 8, + "agent_id": 9, + "agent_name": 3, + "cluster_name": 10, + "cluster_node": 11, + "data_office365_Actor": 12, + "data_office365_ActorContextId": 13, + "data_office365_ActorIpAddress": 14, + "data_office365_ActorIpAddress_city_name": 15, + "data_office365_ActorIpAddress_country_code": 16, + "data_office365_ActorIpAddress_geolocation": 17, + "data_office365_ApplicationId": 18, + "data_office365_AzureActiveDirectoryEventType": 19, + "data_office365_ClientIP": 20, + "data_office365_ClientIP_city_name": 21, + "data_office365_ClientIP_country_code": 22, + "data_office365_ClientIP_geolocation": 23, + "data_office365_CreationTime": 0, + "data_office365_DeviceProperties": 24, + "data_office365_ErrorNumber": 25, + "data_office365_ExtendedProperties": 26, + "data_office365_Id": 27, + "data_office365_InterSystemsId": 28, + "data_office365_IntraSystemId": 29, + "data_office365_LogonError": 30, + "data_office365_ModifiedProperties": 31, + "data_office365_ObjectId": 32, + "data_office365_Operation": 33, + "data_office365_OrganizationId": 34, + "data_office365_RecordType": 35, + "data_office365_ResultStatus": 36, + "data_office365_Target": 37, + "data_office365_TargetContextId": 38, + "data_office365_UserId": 39, + "data_office365_UserKey": 40, + "data_office365_UserType": 41, + "data_office365_Version": 42, + "data_office365_Workload": 43, + "decoder_name": 44, + "gl2_accounted_message_size": 45, + "gl2_message_id": 46, + "gl2_processing_error": 47, + "gl2_remote_ip": 48, + "gl2_remote_port": 49, + "gl2_source_input": 50, + "gl2_source_node": 51, + "highlight": 52, + "id": 53, + "location": 54, + "manager_name": 55, + "message": 56, + "rule_description": 4, + "rule_firedtimes": 57, + "rule_group1": 58, + "rule_groups": 59, + "rule_id": 6, + "rule_level": 5, + "rule_mail": 60, + "sort": 61, + "source": 62, + "streams": 63, + "syslog_level": 64, + "syslog_type": 65, + "timestamp": 1, + "true": 66 }, "renameByName": { "_id": "EVENT ID", "data_office365_CreationTime": "EVENT TIME", - "data_office365_Operation": "OPERATION", - "data_office365_Workload": "WORKLOAD", "rule_description": "DESCRIPTION", "rule_id": "RULE ID", "rule_mitre_id": "MITRE ID", "rule_mitre_tactic": "MITRE TACTIC", "rule_mitre_technique": "MITRE TECHNIQUE", - "syslog_level": "LEVEL", "timestamp": "Date/Time" } } @@ -2595,13 +2707,13 @@ } ], "refresh": "", - "schemaVersion": 38, + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2618,7 +2730,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Workload\", \"query\": \"\"}", @@ -2645,7 +2757,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{\"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", diff --git a/backend/app/connectors/grafana/dashboards/Office365/teams.json b/backend/app/connectors/grafana/dashboards/Office365/teams.json index 7b268181a..15081653a 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/teams.json +++ b/backend/app/connectors/grafana/dashboards/Office365/teams.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,10 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -107,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -127,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -220,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -236,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -251,7 +251,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -311,14 +313,16 @@ }, "id": 54, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false }, "showHeader": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -336,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -375,7 +379,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -424,8 +428,9 @@ "y": 7 }, "id": 16, - "links": [], "options": { + "minVizHeight": 75, + "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": ["max"], @@ -434,9 +439,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -452,7 +458,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -474,7 +480,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -483,6 +489,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -496,6 +503,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -573,7 +581,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -593,7 +601,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -629,7 +637,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -640,10 +647,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -660,7 +669,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -681,7 +690,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -717,7 +726,6 @@ "y": 20 }, "id": 52, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -728,10 +736,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -748,7 +758,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -768,40 +778,122 @@ "type": "stat" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 10, "x": 4, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -829,7 +921,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -844,16 +936,20 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "TEAMS - ALL EVENTS BY SRC COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -863,7 +959,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "inspect": false }, "mappings": [], @@ -923,7 +1021,9 @@ }, "id": 58, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -931,7 +1031,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -960,7 +1060,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1002,7 +1102,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1038,7 +1138,6 @@ "y": 26 }, "id": 18, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -1049,10 +1148,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1069,7 +1170,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1090,7 +1191,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -1100,7 +1201,9 @@ }, "custom": { "align": "auto", - "displayMode": "auto", + "cellOptions": { + "type": "auto" + }, "filterable": true, "inspect": false }, @@ -1109,8 +1212,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1139,8 +1241,11 @@ "value": -1 }, { - "id": "custom.displayMode", - "value": "color-background" + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } }, { "id": "custom.align" @@ -1151,8 +1256,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1266,8 +1370,10 @@ ] }, { - "id": "custom.displayMode", - "value": "color-text" + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } } ] }, @@ -1317,7 +1423,9 @@ }, "id": 27, "options": { + "cellHeight": "sm", "footer": { + "countRows": false, "fields": "", "reducer": ["sum"], "show": false @@ -1325,12 +1433,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "9.2.0", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1999,14 +2107,13 @@ } ], "refresh": false, - "schemaVersion": 37, - "style": "dark", + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2023,7 +2130,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:MicrosoftTeams\"}", @@ -2050,7 +2157,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -2070,7 +2177,7 @@ ] }, "time": { - "from": "now-12h", + "from": "now-6h", "to": "now" }, "timepicker": { @@ -2079,7 +2186,5 @@ }, "timezone": "", "title": "O365 - MICROSOFT TEAMS", - "uid": "dslr7w3nz", - "version": 1, "weekStart": "" } diff --git a/backend/app/connectors/grafana/dashboards/Office365/threat_intelligence.json b/backend/app/connectors/grafana/dashboards/Office365/threat_intelligence.json index 97c525860..1c8cab736 100644 --- a/backend/app/connectors/grafana/dashboards/Office365/threat_intelligence.json +++ b/backend/app/connectors/grafana/dashboards/Office365/threat_intelligence.json @@ -41,7 +41,7 @@ "panels": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -77,7 +77,6 @@ "y": 0 }, "id": 43, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -88,11 +87,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, "textMode": "auto", "wideLayout": true }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -108,7 +108,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -128,7 +128,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -221,7 +221,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -237,12 +237,11 @@ } ], "title": "EVENTS BY OPERATION (Top 10)", - "transformations": [], "type": "piechart" }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -323,7 +322,7 @@ }, "showHeader": true }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -341,7 +340,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -461,7 +460,7 @@ }, "showHeader": true }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -479,7 +478,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -637,7 +636,7 @@ }, "showHeader": true }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -655,7 +654,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -691,7 +690,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -740,7 +739,6 @@ "y": 7 }, "id": 16, - "links": [], "options": { "minVizHeight": 75, "minVizWidth": 75, @@ -752,9 +750,10 @@ }, "showThresholdLabels": false, "showThresholdMarkers": true, + "sizing": "auto", "text": {} }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -770,7 +769,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -792,7 +791,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -893,7 +892,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -913,7 +912,7 @@ }, { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "fieldConfig": { @@ -949,7 +948,6 @@ "y": 14 }, "id": 51, - "links": [], "options": { "colorMode": "value", "graphMode": "area", @@ -960,11 +958,12 @@ "fields": "", "values": false }, + "showPercentChange": false, "text": {}, "textMode": "auto", "wideLayout": true }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -981,7 +980,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1084,7 +1083,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1102,7 +1101,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1140,40 +1139,122 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": ["rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)"], "datasource": { "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, - "decimals": 0, - "esMetric": "Count", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 0 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 10 + } + ] + } + }, + "overrides": [] + }, "gridPos": { "h": 12, "w": 7, "x": 7, "y": 20 }, - "hideEmpty": false, - "hideZero": false, "id": 50, - "initialZoom": 1, - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, "maxDataPoints": 1, - "mouseWheelZoom": false, - "showLegend": true, - "stickyLabels": false, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "mode": "lookup" + }, + "name": "Layer 0", + "tooltip": true, + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } }, + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1201,7 +1282,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1217,12 +1298,16 @@ "timeField": "timestamp" } ], - "thresholds": "0,10", "title": "ALL EVENTS BY SENDER COUNTRY", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": ["sum"] + } + } + ], + "type": "geomap" }, { "datasource": { @@ -1308,7 +1393,7 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [ @@ -1326,7 +1411,7 @@ } ], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -1385,8 +1470,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1430,8 +1514,7 @@ "mode": "absolute", "steps": [ { - "color": "#37872D", - "value": null + "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", @@ -1633,12 +1716,12 @@ "showHeader": true, "sortBy": [] }, - "pluginVersion": "10.2.2", + "pluginVersion": "10.4.0", "targets": [ { "bucketAggs": [], "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "metrics": [ @@ -2373,13 +2456,13 @@ } ], "refresh": "", - "schemaVersion": 38, + "schemaVersion": 39, "tags": ["O365"], "templating": { "list": [ { "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "filters": [], @@ -2396,7 +2479,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"data_office365_Operation\", \"query\": \"data_office365_Workload:ThreatIntelligence\"}", @@ -2423,7 +2506,7 @@ "value": "$__all" }, "datasource": { - "type": "elasticsearch", + "type": "grafana-opensearch-datasource", "uid": "replace_datasource_uid" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule_level\", \"query\": \"\"}", @@ -2452,6 +2535,5 @@ }, "timezone": "", "title": "O365 - THREAT INTELLIGENCE", - "version": 5, "weekStart": "" } diff --git a/backend/app/connectors/grafana/schema/dashboards.py b/backend/app/connectors/grafana/schema/dashboards.py index d0942b9a0..1c700f764 100644 --- a/backend/app/connectors/grafana/schema/dashboards.py +++ b/backend/app/connectors/grafana/schema/dashboards.py @@ -79,6 +79,24 @@ class CarbonBlackDashboard(Enum): CARBONBLACK_SUMMARY = ("CarbonBlack", "summary.json") +class FortinetDashboard(Enum): + FORTINET_SYSTEM_LOGS = ("Fortinet", "fortinet_system_logs.json") + FORTINET_UTM_ANOMALIES = ("Fortinet", "fortinet_utm_anomalies.json") + FORTINET_UTM_APP_CONTROL = ("Fortinet", "fortinet_utm_app_control.json") + FOTINET_UTM_DLP = ("Fortinet", "fortinet_utm_dlp.json") + FORTINET_UTM_DNS = ("Fortinet", "fortinet_utm_dns.json") + FORTINET_UTM_IPS = ("Fortinet", "fortinet_utm_ips.json") + FORTINET_UTM_SSL = ("Fortinet", "fortinet_utm_ssl.json") + FORTINET_UTM_SUMMARY = ("Fortinet", "fortinet_utm_summary.json") + FORTINET_UTM_VIRUS = ("Fortinet", "fortinet_utm_virus.json") + FORTINET_UTM_WEBFILTER = ("Fortinet", "fortinet_utm_webfilter.json") + FORTINET_VPN = ("Fortinet", "fortinet_vpn.json") + + +class CrowdstrikeDashboard(Enum): + CROWDSTRIKE_SUMMARY = ("Crowdstrike", "summary.json") + + class DashboardProvisionRequest(BaseModel): dashboards: List[str] = Field( ..., @@ -108,6 +126,8 @@ def check_dashboard_exists(cls, e): + list(SapSiemDashboard) + list(HuntressDashboard) + list(CarbonBlackDashboard) + + list(FortinetDashboard) + + list(CrowdstrikeDashboard) } if e not in valid_dashboards: raise ValueError(f'Dashboard identifier "{e}" is not recognized.') diff --git a/backend/app/connectors/grafana/services/dashboards.py b/backend/app/connectors/grafana/services/dashboards.py index 4f052bed5..9a196c670 100644 --- a/backend/app/connectors/grafana/services/dashboards.py +++ b/backend/app/connectors/grafana/services/dashboards.py @@ -5,7 +5,9 @@ from loguru import logger from app.connectors.grafana.schema.dashboards import CarbonBlackDashboard +from app.connectors.grafana.schema.dashboards import CrowdstrikeDashboard from app.connectors.grafana.schema.dashboards import DashboardProvisionRequest +from app.connectors.grafana.schema.dashboards import FortinetDashboard from app.connectors.grafana.schema.dashboards import GrafanaDashboard from app.connectors.grafana.schema.dashboards import GrafanaDashboardResponse from app.connectors.grafana.schema.dashboards import HuntressDashboard @@ -177,6 +179,8 @@ async def provision_dashboards( + list(SapSiemDashboard) + list(HuntressDashboard) + list(CarbonBlackDashboard) + + list(FortinetDashboard) + + list(CrowdstrikeDashboard) } for dashboard_name in dashboard_request.dashboards: diff --git a/backend/app/connectors/graylog/services/collector.py b/backend/app/connectors/graylog/services/collector.py index 56c381f3b..9b146d464 100644 --- a/backend/app/connectors/graylog/services/collector.py +++ b/backend/app/connectors/graylog/services/collector.py @@ -219,3 +219,90 @@ async def get_url_whitelist_entries() -> UrlWhitelistEntryResponse: success=False, message="Failed to collect URL whitelist entries", ) + + +async def get_stream_id_by_stream_name(stream_name: str) -> str: + """Get stream ID from Graylog by stream name. + + Args: + stream_name (str): The name of the stream. + + Returns: + str: The ID of the stream. + + Raises: + HTTPException: If there is an error collecting the stream ID. + """ + logger.info(f"Getting stream ID from Graylog for stream {stream_name}") + streams_collected = await send_get_request(endpoint="/api/streams") + try: + if streams_collected["success"]: + for stream in streams_collected["data"]["streams"]: + if stream["title"] == stream_name: + return stream["id"] + else: + return "" + except KeyError as e: + logger.error(f"Failed to collect stream ID key: {e}") + raise HTTPException( + status_code=500, + detail=f"Failed to collect stream ID key: {e}", + ) + + +async def get_input_id_by_input_name(input_name: str) -> str: + """Get input ID from Graylog by input name. + + Args: + input_name (str): The name of the input. + + Returns: + str: The ID of the input. + + Raises: + HTTPException: If there is an error collecting the input ID. + """ + logger.info(f"Getting input ID from Graylog for input {input_name}") + inputs_collected = await send_get_request(endpoint="/api/system/inputs") + try: + if inputs_collected["success"]: + for input in inputs_collected["data"]["inputs"]: + if input["title"] == input_name: + return input["id"] + else: + return "" + except KeyError as e: + logger.error(f"Failed to collect input ID key: {e}") + raise HTTPException( + status_code=500, + detail=f"Failed to collect input ID key: {e}", + ) + + +async def get_content_pack_id_by_content_pack_name(content_pack_name: str) -> str: + """Get content pack ID from Graylog by content pack name. + + Args: + content_pack_name (str): The name of the content pack. + + Returns: + str: The ID of the content pack. + + Raises: + HTTPException: If there is an error collecting the content pack ID. + """ + logger.info(f"Getting content pack ID from Graylog for content pack {content_pack_name}") + content_packs_collected = await send_get_request(endpoint="/api/system/content_packs") + try: + if content_packs_collected["success"]: + for content_pack in content_packs_collected["data"]["content_packs"]: + if content_pack["name"] == content_pack_name: + return content_pack["id"] + else: + return "" + except KeyError as e: + logger.error(f"Failed to collect content pack ID key: {e}") + raise HTTPException( + status_code=500, + detail=f"Failed to collect content pack ID key: {e}", + ) diff --git a/backend/app/connectors/graylog/services/streams.py b/backend/app/connectors/graylog/services/streams.py index 8c1fd797b..e63234122 100644 --- a/backend/app/connectors/graylog/services/streams.py +++ b/backend/app/connectors/graylog/services/streams.py @@ -6,6 +6,7 @@ from app.connectors.graylog.schema.streams import GraylogStreamsResponse from app.connectors.graylog.schema.streams import Stream from app.connectors.graylog.utils.universal import send_get_request +from app.connectors.graylog.utils.universal import send_put_request async def get_streams() -> GraylogStreamsResponse: @@ -71,3 +72,27 @@ async def get_stream_ids() -> List[str]: except Exception as e: logger.error(f"Failed to collect streams: {e}") raise HTTPException(status_code=500, detail=f"Failed to collect streams: {e}") + + +async def assign_stream_to_index(stream_id: str, index_id: str) -> bool: + """Assign a stream to an index. + + Args: + stream_id (str): The ID of the stream to assign. + index_id (str): The ID of the index to assign the stream to. + + Returns: + bool: True if the stream is successfully assigned to the index, False if it is not. + + Raises: + HTTPException: If there is an error assigning the stream to the index. + """ + logger.info(f"Assigning stream {stream_id} to index {index_id}") + response = await send_put_request(endpoint=f"/api/streams/{stream_id}", data={"index_set_id": index_id}) + if response["success"]: + return True + else: + raise HTTPException( + status_code=500, + detail=f"Failed to assign stream {stream_id} to index {index_id}", + ) diff --git a/backend/app/connectors/wazuh_indexer/schema/monitoring.py b/backend/app/connectors/wazuh_indexer/schema/monitoring.py index a4d6477e2..4cda0b6e8 100644 --- a/backend/app/connectors/wazuh_indexer/schema/monitoring.py +++ b/backend/app/connectors/wazuh_indexer/schema/monitoring.py @@ -47,11 +47,17 @@ class NodeAllocationResponse(BaseModel): class IndicesStats(BaseModel): - docs_count: str + docs_count: Optional[str] = Field( + "Docs count not found", + description="Number of documents in the index", + ) health: str index: str replica_count: str - store_size: str + store_size: Optional[str] = Field( + "Store size not found", + description="Number of store size in the index", + ) class IndicesStatsResponse(BaseModel): diff --git a/backend/app/connectors/wazuh_indexer/utils/universal.py b/backend/app/connectors/wazuh_indexer/utils/universal.py index d2b7ac683..e78c86a06 100644 --- a/backend/app/connectors/wazuh_indexer/utils/universal.py +++ b/backend/app/connectors/wazuh_indexer/utils/universal.py @@ -88,7 +88,7 @@ async def create_wazuh_indexer_client(connector_name: str) -> Elasticsearch: status_code=500, detail=f"No {connector_name} connector found in the database", ) - if attributes["connector_url"] == "https://1.1.1.1:9200": + if attributes["connector_url"] == "https://127.1.1.1:9200": raise HTTPException( status_code=500, detail=f"Please update the {connector_name} connector URL", @@ -191,7 +191,7 @@ async def collect_indices() -> Indices: logger.info("Collecting indices from Elasticsearch") es = await create_wazuh_indexer_client("Wazuh-Indexer") try: - indices_dict = es.indices.get_alias("*") + indices_dict = es.indices.get_alias("*", expand_wildcards="open") indices_list = list(indices_dict.keys()) # Check if the index is valid index_config = IndexConfigModel() diff --git a/backend/app/customer_provisioning/routes/provision.py b/backend/app/customer_provisioning/routes/provision.py index 27c436ae4..8edbfc692 100644 --- a/backend/app/customer_provisioning/routes/provision.py +++ b/backend/app/customer_provisioning/routes/provision.py @@ -173,7 +173,7 @@ async def update_customer_meta_table( customer_name=request.customer_name, customer_meta_graylog_index=request.graylog_index_id, customer_meta_graylog_stream=request.graylog_stream_id, - customer_meta_grafana_org_id=request.dashboards_to_include.organizationId, + customer_meta_grafana_org_id=request.grafana_org_id, customer_meta_wazuh_group=request.customer_code, customer_meta_index_retention=str(request.hot_data_retention), customer_meta_wazuh_registration_port=request.wazuh_registration_port, diff --git a/backend/app/customer_provisioning/schema/provision.py b/backend/app/customer_provisioning/schema/provision.py index 9efd192e2..1e004aa96 100644 --- a/backend/app/customer_provisioning/schema/provision.py +++ b/backend/app/customer_provisioning/schema/provision.py @@ -77,6 +77,7 @@ class ProvisionNewCustomer(BaseModel): wazuh_cluster_key: Optional[str] = Field("n/a", description="Password for the Wazuh cluster") wazuh_master_ip: Optional[str] = Field("n/a", description="IP address of the Wazuh master") grafana_url: str = Field(..., description="URL of the Grafana instance") + grafana_org_id: Optional[str] = Field("0", description="ID of the Grafana organization") only_insert_into_db: Optional[bool] = Field( False, description="Whether to only insert the customer into the database without provisioning any services", diff --git a/backend/app/customer_provisioning/services/grafana.py b/backend/app/customer_provisioning/services/grafana.py index d62c97013..9e6f41f5e 100644 --- a/backend/app/customer_provisioning/services/grafana.py +++ b/backend/app/customer_provisioning/services/grafana.py @@ -198,3 +198,37 @@ async def delete_grafana_organization(organization_id: int): logger.info(f"Organization deleted: {organization_deleted}") return organization_deleted return organization_deleted + + +async def delete_grafana_dashboard_folder(organization_id: int, folder_uid: str): + """ + Deletes a Grafana dashboard folder. + + Args: + folder_uid (str): The ID of the folder to delete. + """ + logger.info("Deleting Grafana folder") + grafana_client = await create_grafana_client("Grafana") + grafana_client.user.switch_actual_user_organisation(organization_id) + folder_deleted = grafana_client.folder.delete_folder( + uid=folder_uid, + ) + logger.info(f"Folder deleted: {folder_deleted}") + return folder_deleted + + +async def delete_grafana_datasource(organization_id: int, datasource_uid: str): + """ + Deletes a Grafana datasource. + + Args: + datasource_uid (int): The ID of the datasource to delete. + """ + logger.info("Deleting Grafana datasource") + grafana_client = await create_grafana_client("Grafana") + grafana_client.user.switch_actual_user_organisation(organization_id) + datasource_deleted = grafana_client.datasource.delete_datasource_by_uid( + datasource_uid=datasource_uid, + ) + logger.info(f"Datasource deleted: {datasource_deleted}") + return datasource_deleted diff --git a/backend/app/customer_provisioning/services/graylog.py b/backend/app/customer_provisioning/services/graylog.py index f62f2ac7c..ce959e013 100644 --- a/backend/app/customer_provisioning/services/graylog.py +++ b/backend/app/customer_provisioning/services/graylog.py @@ -6,6 +6,7 @@ from app.connectors.graylog.services.pipelines import get_pipelines from app.connectors.graylog.utils.universal import send_delete_request +from app.connectors.graylog.utils.universal import send_get_request from app.connectors.graylog.utils.universal import send_post_request from app.customer_provisioning.schema.graylog import GraylogIndexSetCreationResponse from app.customer_provisioning.schema.graylog import StreamConnectionToPipelineRequest @@ -269,3 +270,55 @@ async def delete_index_set(index_set_id: str): endpoint=f"/api/system/indices/index_sets/{index_set_id}", ) return response + + +async def get_content_pack_installation_id(content_pack_id: str): + """ + Retrieves the installation ID of a content pack. + + Args: + content_pack_id (str): The ID of the content pack. + + Returns: + str: The installation ID of the content pack. + """ + logger.info(f"Getting installation ID for content pack {content_pack_id}") + response = await send_get_request( + endpoint=f"/api/system/content_packs/{content_pack_id}/installations", + ) + return response["data"]["installations"][0]["_id"] + + +async def uninstall_content_pack(content_pack_id: str): + """ + Uninstalls a content pack. + + Args: + content_pack_id (str): The ID of the content pack to be deleted. + + Returns: + The result of the content pack deletion request. + """ + logger.info(f"Deleting content pack {content_pack_id}") + installation_id = await get_content_pack_installation_id(content_pack_id) + response = await send_delete_request( + endpoint=f"/api/system/content_packs/{content_pack_id}/installations/{installation_id}", + ) + return response + + +async def delete_content_pack(content_pack_id: str): + """ + Deletes a content pack. + + Args: + content_pack_id (str): The ID of the content pack to be deleted. + + Returns: + The result of the content pack deletion request. + """ + logger.info(f"Deleting content pack {content_pack_id}") + response = await send_delete_request( + endpoint=f"/api/system/content_packs/{content_pack_id}", + ) + return response diff --git a/backend/app/db/db_populate.py b/backend/app/db/db_populate.py index 7e56b6783..f03732b35 100644 --- a/backend/app/db/db_populate.py +++ b/backend/app/db/db_populate.py @@ -272,6 +272,7 @@ def get_available_integrations_list(): ("SAP SIEM", "Integrate SAP SIEM with SOCFortress."), ("Huntress", "Integrate Huntress with SOCFortress."), ("CarbonBlack", "Integrate CarbonBlack with SOCFortress."), + ("Crowdstrike", "Integrate Crowdstrike with SOCFortress."), # ... Add more available integrations as needed ... ] @@ -380,6 +381,10 @@ async def get_available_integrations_auth_keys_list(session: AsyncSession): ("CarbonBlack", "API_URL"), ("CarbonBlack", "API_ID"), ("CarbonBlack", "ORGANIZATION_KEY"), + ("Crowdstrike", "CLIENT_ID"), + ("Crowdstrike", "CLIENT_SECRET"), + ("Crowdstrike", "BASE_URL"), + ("Crowdstrike", "SYSLOG_PORT"), # ... Add more available integrations auth keys as needed ... ] logger.info("Getting available integrations auth keys.") diff --git a/backend/app/integrations/crowdstrike/routes/provision.py b/backend/app/integrations/crowdstrike/routes/provision.py new file mode 100644 index 000000000..9a1eea613 --- /dev/null +++ b/backend/app/integrations/crowdstrike/routes/provision.py @@ -0,0 +1,128 @@ +from typing import Dict + +from fastapi import APIRouter +from fastapi import Depends +from fastapi import HTTPException +from fastapi import Security +from sqlalchemy.ext.asyncio import AsyncSession + +from app.auth.utils import AuthHandler +from app.db.db_session import get_db +from app.integrations.crowdstrike.schema.provision import CrowdstrikeCustomerDetails +from app.integrations.crowdstrike.schema.provision import ProvisionCrowdstrikeAuthKeys +from app.integrations.crowdstrike.schema.provision import ProvisionCrowdstrikeRequest +from app.integrations.crowdstrike.schema.provision import ProvisionCrowdstrikeResponse +from app.integrations.crowdstrike.services.provision import provision_crowdstrike +from app.integrations.routes import find_customer_integration +from app.integrations.routes import get_customer_integrations_by_customer_code +from app.integrations.schema import CustomerIntegrations +from app.integrations.schema import CustomerIntegrationsResponse + +integration_crowdstrike_router = APIRouter() + + +async def get_customer_integration_response( + customer_code: str, + session: AsyncSession, +) -> CustomerIntegrationsResponse: + """ + Retrieves the integration response for a customer. + + Args: + customer_code (str): The code of the customer. + session (AsyncSession): The async session object for database operations. + + Returns: + CustomerIntegrationsResponse: The integration response for the customer. + + Raises: + HTTPException: If the customer integration settings are not found. + """ + customer_integration_response = await get_customer_integrations_by_customer_code( + customer_code, + session, + ) + if customer_integration_response.available_integrations == []: + raise HTTPException( + status_code=404, + detail="Customer integration settings not found.", + ) + return customer_integration_response + + +def extract_crowdstrike_auth_keys( + customer_integration: CustomerIntegrations, +) -> Dict[str, str]: + """ + Extracts the authentication keys for Crowdstrike integration from the given customer integration. + + Args: + customer_integration (CustomerIntegrations): The customer integration object. + + Returns: + Dict[str, str]: A dictionary containing the authentication keys for Crowdstrike integration. + + Raises: + HTTPException: If no authentication keys are found for Crowdstrike integration. + """ + crowdstrike_auth_keys = {} + for subscription in customer_integration.integration_subscriptions: + if subscription.integration_service.service_name == "Crowdstrike": + for auth_key in subscription.integration_auth_keys: + crowdstrike_auth_keys[auth_key.auth_key_name] = auth_key.auth_value + if not crowdstrike_auth_keys: + raise HTTPException( + status_code=404, + detail="No auth keys found for Crowdstrike integration. Please create auth keys for Crowdstrike integration.", + ) + return crowdstrike_auth_keys + + +@integration_crowdstrike_router.post( + "/provision", + response_model=ProvisionCrowdstrikeResponse, + description="Provision Crowdstrike integration for a customer.", + dependencies=[Security(AuthHandler().require_any_scope("admin", "analyst"))], +) +async def provision_crowdstrike_route( + provision_crowdstrike_request: ProvisionCrowdstrikeRequest, + session: AsyncSession = Depends(get_db), +) -> ProvisionCrowdstrikeResponse: + """ + Provisions Crowdstrike integration for a customer. + + Args: + provision_crowdstrike_request (ProvisionCrowdstrikeRequest): The request object containing the necessary information for provisioning. + session (AsyncSession, optional): The database session. Defaults to Depends(get_db). + + Returns: + ProvisionCrowdstrikeResponse: The response object containing the result of the provisioning. + """ + customer_integration_response = await get_customer_integration_response( + provision_crowdstrike_request.customer_code, + session, + ) + + customer_integration = await find_customer_integration( + provision_crowdstrike_request.customer_code, + provision_crowdstrike_request.integration_name, + customer_integration_response, + ) + + crowdstrike_auth_keys = extract_crowdstrike_auth_keys(customer_integration) + + auth_keys = ProvisionCrowdstrikeAuthKeys(**crowdstrike_auth_keys) + # logger.info(f"Provisioning Crowdstrike for customer {provision_crowdstrike_request.customer_code} with auth keys: {auth_keys.dict()}") + + return await provision_crowdstrike( + customer_details=CrowdstrikeCustomerDetails( + customer_code=provision_crowdstrike_request.customer_code, + customer_name=customer_integration.customer_name, + protocal_type="TCP", + syslog_port=int(auth_keys.SYSLOG_PORT), + hot_data_retention=provision_crowdstrike_request.hot_data_retention, + index_replicas=provision_crowdstrike_request.index_replicas, + ), + keys=auth_keys, + session=session, + ) diff --git a/backend/app/integrations/crowdstrike/schema/provision.py b/backend/app/integrations/crowdstrike/schema/provision.py new file mode 100644 index 000000000..1e4ed6590 --- /dev/null +++ b/backend/app/integrations/crowdstrike/schema/provision.py @@ -0,0 +1,96 @@ +from typing import Any +from typing import Dict + +from pydantic import BaseModel +from pydantic import Field +from pydantic import root_validator + + +class ProvisionCrowdstrikeRequest(BaseModel): + customer_code: str = Field( + ..., + description="The customer code.", + examples=["00001"], + ) + integration_name: str = Field( + "Crowdstrike", + description="The integration name.", + examples=["Crowdstrike"], + ) + hot_data_retention: int = Field( + ..., + example=30, + description="Number of days to retain hot data", + ) + index_replicas: int = Field( + ..., + example=1, + description="Number of replicas for the customer's Graylog instance", + ) + + # ensure the `integration_name` is always set to "Crowdstrike" + @root_validator(pre=True) + def set_integration_name(cls, values: Dict[str, Any]) -> Dict[str, Any]: + values["integration_name"] = "Crowdstrike" + return values + + +class ProvisionCrowdstrikeResponse(BaseModel): + success: bool + message: str + + +class ProvisionCrowdstrikeAuthKeys(BaseModel): + CLIENT_ID: str = Field( + ..., + description="The client id.", + examples=["00002"], + ) + CLIENT_SECRET: str = Field( + ..., + description="The client secret.", + examples=["00002"], + ) + BASE_URL: str = Field( + ..., + description="The api type.", + examples=["https://api.crowdstrike.com"], + ) + SYSLOG_PORT: str = Field( + ..., + description="The syslog port.", + examples=["5556"], + ) + + +class CrowdstrikeCustomerDetails(BaseModel): + customer_name: str = Field( + ..., + description="The customer name.", + examples=["Customer 1"], + ) + customer_code: str = Field( + ..., + description="The customer code.", + examples=["00002"], + ) + protocal_type: str = Field( + ..., + description="The protocal type.", + examples=["TCP"], + ) + syslog_port: int = Field( + ..., + description="The syslog port.", + examples=[514], + ) + hot_data_retention: int = Field( + ..., + example=30, + description="Number of days to retain hot data", + ) + index_replicas: int = Field( + ..., + example=1, + description="Number of replicas for the customer's Graylog instance", + ) diff --git a/backend/app/integrations/crowdstrike/services/provision.py b/backend/app/integrations/crowdstrike/services/provision.py new file mode 100644 index 000000000..b6bd28cf6 --- /dev/null +++ b/backend/app/integrations/crowdstrike/services/provision.py @@ -0,0 +1,515 @@ +import json +import os +from datetime import datetime + +import aiofiles +from fastapi import HTTPException +from loguru import logger +from sqlalchemy.ext.asyncio import AsyncSession + +from app.connectors.grafana.schema.dashboards import CrowdstrikeDashboard +from app.connectors.grafana.schema.dashboards import DashboardProvisionRequest +from app.connectors.grafana.services.dashboards import provision_dashboards +from app.connectors.grafana.utils.universal import create_grafana_client +from app.connectors.graylog.services.collector import ( + get_content_pack_id_by_content_pack_name, +) +from app.connectors.graylog.services.collector import get_input_id_by_input_name +from app.connectors.graylog.services.collector import get_stream_id_by_stream_name +from app.connectors.graylog.services.streams import assign_stream_to_index +from app.connectors.graylog.utils.universal import send_post_request +from app.connectors.wazuh_indexer.services.monitoring import ( + output_shard_number_to_be_set_based_on_nodes, +) +from app.customer_provisioning.schema.grafana import GrafanaDatasource +from app.customer_provisioning.schema.grafana import GrafanaDataSourceCreationResponse +from app.customer_provisioning.schema.graylog import GraylogIndexSetCreationResponse +from app.customer_provisioning.schema.graylog import StreamConnectionToPipelineRequest +from app.customer_provisioning.schema.graylog import TimeBasedIndexSet +from app.customer_provisioning.schema.provision import ProvisionNewCustomer +from app.customer_provisioning.services.grafana import create_grafana_folder +from app.customer_provisioning.services.grafana import get_opensearch_version +from app.customer_provisioning.services.graylog import connect_stream_to_pipeline +from app.customer_provisioning.services.graylog import get_pipeline_id +from app.customers.routes.customers import get_customer_meta +from app.integrations.crowdstrike.schema.provision import CrowdstrikeCustomerDetails +from app.integrations.crowdstrike.schema.provision import ProvisionCrowdstrikeAuthKeys +from app.integrations.crowdstrike.schema.provision import ProvisionCrowdstrikeResponse +from app.network_connectors.models.network_connectors import ( + CustomerNetworkConnectorsMeta, +) +from app.stack_provisioning.graylog.schema.provision import ContentPackKeywords +from app.stack_provisioning.graylog.schema.provision import ( + ProvisionNetworkContentPackRequest, +) +from app.stack_provisioning.graylog.services.provision import ( + provision_content_pack_network_connector, +) +from app.utils import get_connector_attribute +from app.utils import get_customer_meta_attribute + + +#### ! GRAYLOG ! #### +async def build_index_set_config(request: CrowdstrikeCustomerDetails) -> TimeBasedIndexSet: + """ + Build the configuration for a time-based index set. + + Args: + request (CrowdstrikeCustomerDetails): The request object containing customer information. + + Returns: + TimeBasedIndexSet: The configured time-based index set. + """ + return TimeBasedIndexSet( + title=f"{request.customer_name} - CROWDSTRIKE EVENTS", + description=f"{request.customer_name} - CROWDSTRIKE EVENTS", + index_prefix=f"crowdstrike-{request.customer_code}", + rotation_strategy_class="org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy", + rotation_strategy={ + "type": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig", + "rotation_period": "P1D", + "rotate_empty_index_set": False, + "max_rotation_period": None, + }, + retention_strategy_class="org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy", + retention_strategy={ + "type": "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig", + "max_number_of_indices": request.hot_data_retention, + }, + creation_date=datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%fZ"), + index_analyzer="standard", + shards=await output_shard_number_to_be_set_based_on_nodes(), + replicas=request.index_replicas, + index_optimization_max_num_segments=1, + index_optimization_disabled=False, + writable=True, + field_type_refresh_interval=5000, + ) + + +# Function to send the POST request and handle the response +async def send_index_set_creation_request( + index_set: TimeBasedIndexSet, +) -> GraylogIndexSetCreationResponse: + """ + Sends a request to create an index set in Graylog. + + Args: + index_set (TimeBasedIndexSet): The index set to be created. + + Returns: + GraylogIndexSetCreationResponse: The response from Graylog after creating the index set. + """ + json_index_set = json.dumps(index_set.dict()) + logger.info(f"json_index_set set: {json_index_set}") + response_json = await send_post_request( + endpoint="/api/system/indices/index_sets", + data=index_set.dict(), + ) + return GraylogIndexSetCreationResponse(**response_json) + + +# Refactored create_index_set function +async def create_index_set( + request: ProvisionNewCustomer, +) -> GraylogIndexSetCreationResponse: + """ + Creates an index set for a new customer. + + Args: + request (ProvisionNewCustomer): The request object containing the customer information. + + Returns: + GraylogIndexSetCreationResponse: The response object containing the result of the index set creation. + """ + logger.info(f"Creating index set for customer {request.customer_name}") + index_set_config = await build_index_set_config(request) + return await send_index_set_creation_request(index_set_config) + + +async def provision_content_pack(customer_details): + """ + Provisions a content pack for a customer. + + Args: + customer_details (CustomerDetails): The details of the customer. + + Returns: + ContentPack: The provisioned content pack. + """ + return await provision_content_pack_network_connector( + content_pack_request=ProvisionNetworkContentPackRequest( + content_pack_name="CROWDSTRIKE", + keywords=ContentPackKeywords( + customer_name=customer_details.customer_name, + customer_code=customer_details.customer_code, + protocol_type=customer_details.protocal_type, + syslog_port=customer_details.syslog_port, + ), + ), + ) + + +async def get_stream_and_index_ids(customer_details): + """ + Retrieves the stream ID and index ID for a given customer. + + Args: + customer_details (CustomerDetails): The details of the customer. + + Returns: + tuple: A tuple containing the stream ID and index ID. + """ + stream_id = await get_stream_id_by_stream_name(stream_name=f"{customer_details.customer_name} - CROWDSTRIKE LOGS AND EVENTS") + index_id = (await create_index_set(request=customer_details)).data.id + content_pack_stream_id = await get_content_pack_id_by_content_pack_name( + content_pack_name=f"{customer_details.customer_name}_CROWDSTRIKE_STREAM", + ) + if customer_details.protocal_type == "TCP": + content_pack_input_id = await get_content_pack_id_by_content_pack_name( + content_pack_name=f"{customer_details.customer_name}_CROWDSTRIKE_INPUT_TCP", + ) + elif customer_details.protocal_type == "UDP": + content_pack_input_id = await get_content_pack_id_by_content_pack_name( + content_pack_name=f"{customer_details.customer_name}_CROWDSTRIKE_INPUT_SYSLOG_UDP", + ) + return stream_id, index_id, content_pack_stream_id, content_pack_input_id + + +#### ! GRAFANA ! #### +async def create_grafana_datasource( + customer_code: str, + session: AsyncSession, +) -> GrafanaDataSourceCreationResponse: + """ + Creates a Grafana datasource for the specified customer. + + Args: + customer_code (str): The customer code. + session (AsyncSession): The async session. + + Returns: + GrafanaDataSourceCreationResponse: The response containing the created datasource details. + """ + logger.info("Creating Grafana datasource") + grafana_client = await create_grafana_client("Grafana") + # Switch to the newly created organization + grafana_client.user.switch_actual_user_organisation( + (await get_customer_meta(customer_code, session)).customer_meta.customer_meta_grafana_org_id, + ) + datasource_payload = GrafanaDatasource( + name="CROWDSTRIKE", + type="grafana-opensearch-datasource", + typeName="OpenSearch", + access="proxy", + url=await get_connector_attribute( + connector_id=1, + column_name="connector_url", + session=session, + ), + database=f"crowdstrike-{customer_code}*", + basicAuth=True, + basicAuthUser=await get_connector_attribute( + connector_id=1, + column_name="connector_username", + session=session, + ), + secureJsonData={ + "basicAuthPassword": await get_connector_attribute( + connector_id=1, + column_name="connector_password", + session=session, + ), + }, + isDefault=False, + jsonData={ + "database": f"crowdstrike-{customer_code}*", + "flavor": "opensearch", + "includeFrozen": False, + "logLevelField": "severity", + "logMessageField": "summary", + "maxConcurrentShardRequests": 5, + "pplEnabled": True, + "timeField": "timestamp", + "tlsSkipVerify": True, + "version": await get_opensearch_version(), + }, + readOnly=True, + ) + results = grafana_client.datasource.create_datasource( + datasource=datasource_payload.dict(), + ) + return GrafanaDataSourceCreationResponse(**results) + + +async def create_customer_network_connector_meta( + customer_details, + stream_id, + index_id, + content_pack_stream_id, + content_pack_input_id, + session, +): + """ + Create a CustomerNetworkConnectorsMeta object with the provided details. + + Args: + customer_details (CustomerDetails): Details of the customer. + stream_id (int): ID of the Graylog stream. + index_id (int): ID of the Graylog index. + session (Session): Database session. + + Returns: + CustomerNetworkConnectorsMeta: The created CustomerNetworkConnectorsMeta object. + """ + return CustomerNetworkConnectorsMeta( + customer_code=customer_details.customer_code, + network_connector_name="CROWDSTRIKE", + graylog_stream_id=stream_id, + graylog_input_id=(await get_input_id_by_input_name(input_name=f"{customer_details.customer_name} - CROWDSTRIKE LOGS AND EVENTS")), + graylog_pipeline_id=((await get_pipeline_id(subscription="CROWDSTRIKE"))[0]), + graylog_content_pack_input_id=content_pack_input_id, + graylog_content_pack_stream_id=content_pack_stream_id, + grafana_org_id=( + await get_customer_meta_attribute( + session=session, + customer_code=customer_details.customer_code, + column_name="customer_meta_grafana_org_id", + ) + ), + graylog_index_id=index_id, + grafana_dashboard_folder_id=None, + grafana_datasource_uid=None, + ) + + +async def validate_grafana_organization_id(customer_code, session): + """ + Validate the Grafana organization ID for the customer. + + Args: + customer_code (str): The customer code. + session (Session): Database session. + + Returns: + int: The Grafana organization ID. + """ + return await get_customer_meta_attribute(session=session, customer_code=customer_code, column_name="customer_meta_grafana_org_id") + + +async def provision_crowdstrike( + customer_details: CrowdstrikeCustomerDetails, + keys: ProvisionCrowdstrikeAuthKeys, + session: AsyncSession, +) -> ProvisionCrowdstrikeResponse: + """ + Provisions a Crowdstrike customer by performing the following steps: + 1. Provisions the content pack for the customer. + 2. Retrieves the stream and index IDs for the customer. + 3. Creates customer network connector metadata. + 4. Assigns the stream to the index. + 5. Retrieves the pipeline ID for the "CROWDSTRIKE" subscription. + 6. Connects the stream to the pipeline. + 7. Inserts the customer network connector metadata into the database. + 8. Creates a directory for the customer to store the docker compose and falconhose cfg. + + Args: + customer_details (CrowdstrikeCustomerDetails): The details of the Crowdstrike customer. + keys (ProvisionCrowdstrikeKeys): The keys required for provisioning. + session (AsyncSession): The database session. + + Returns: + None + """ + # If customer name contains a space, replace it with a _ + if " " in customer_details.customer_name: + customer_details.customer_name = customer_details.customer_name.replace(" ", "_") + if await validate_grafana_organization_id(customer_details.customer_code, session) is None: + raise HTTPException(status_code=404, detail="Grafana organization ID not found. Please provision Grafana for the customer first.") + await provision_content_pack(customer_details) + stream_id, index_id, content_pack_stream_id, content_pack_input_id = await get_stream_and_index_ids(customer_details) + customer_network_connector_meta = await create_customer_network_connector_meta( + customer_details, + stream_id, + index_id, + content_pack_stream_id, + content_pack_input_id, + session, + ) + await assign_stream_to_index(stream_id=stream_id, index_id=index_id) + pipeline_id = await get_pipeline_id(subscription="CROWDSTRIKE") + await connect_stream_to_pipeline(stream_and_pipeline=StreamConnectionToPipelineRequest(stream_id=stream_id, pipeline_ids=pipeline_id)) + # Grafana Deployment + customer_network_connector_meta.grafana_datasource_uid = ( + await create_grafana_datasource( + customer_code=customer_details.customer_code, + session=session, + ) + ).datasource.uid + grafana_folder = await create_grafana_folder( + organization_id=( + await get_customer_meta( + customer_details.customer_code, + session, + ) + ).customer_meta.customer_meta_grafana_org_id, + folder_title="CROWDSTRIKE", + ) + await provision_dashboards( + DashboardProvisionRequest( + dashboards=[dashboard.name for dashboard in CrowdstrikeDashboard], + organizationId=( + await get_customer_meta( + customer_details.customer_code, + session, + ) + ).customer_meta.customer_meta_grafana_org_id, + folderId=grafana_folder.id, + datasourceUid=customer_network_connector_meta.grafana_datasource_uid, + ), + ) + customer_network_connector_meta.grafana_dashboard_folder_id = grafana_folder.uid + await insert_into_customer_network_connectors_meta_table( + customer_network_connectors_meta=customer_network_connector_meta, + session=session, + ) + await create_customer_directory_if_needed(customer_name=customer_details.customer_name) + file = await load_and_replace_docker_compose(customer_name=customer_details.customer_name) + await save_uploaded_file( + file=file, + filename=f"{customer_details.customer_name}_docker-compose.yml", + customer_name=customer_details.customer_name, + ) + await load_and_replace_falconhose_cfg(customer_details=customer_details, keys=keys, session=session) + + return ProvisionCrowdstrikeResponse( + message="Crowdstrike customer provisioned successfully", + success=True, + ) + + +async def insert_into_customer_network_connectors_meta_table( + customer_network_connectors_meta: CustomerNetworkConnectorsMeta, + session: AsyncSession, +) -> None: + """ + Insert the customer network connectors meta into the database. + + Args: + customer_network_connectors_meta (CustomerNetworkConnectorsMeta): The customer network connectors meta to insert. + session (AsyncSession): The async session object for database operations. + + Returns: + None + """ + logger.info("Inserting customer network connectors meta into the database") + session.add(customer_network_connectors_meta) + await session.commit() + logger.info("Customer network connectors meta inserted successfully") + return None + + +# ! Add the docker-compose.yml file to the `data` folder +project_root = os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +UPLOAD_FOLDER = os.path.join(project_root, "data") + + +async def create_customer_directory_if_needed(customer_name: str): + """ + Create a directory for the customer in the UPLOAD_FOLDER if it doesn't exist. + + Args: + customer_name (str): The name of the customer. + """ + # Create the path to the customer's directory + # If customer name contains a space, replace it with a _ + if " " in customer_name: + customer_name = customer_name.replace(" ", "_") + customer_directory = os.path.join(UPLOAD_FOLDER, customer_name) + # Check if the directory exists + if not os.path.exists(customer_directory): + # If it doesn't exist, create it + os.makedirs(customer_directory) + + +async def load_and_replace_docker_compose(customer_name: str): + """ + Load the docker-compose.yml file and replace the placeholder with the customer name. + + Args: + customer_name (str): The name of the customer. + + Returns: + str: The content of the docker-compose.yml file with the placeholder replaced. + """ + # Get the current directory: + current_directory = os.path.dirname(os.path.abspath(__file__)) + # Go up one level + parent_directory = os.path.dirname(current_directory) + # If customer name contains a space, replace it with a _ + if " " in customer_name: + customer_name = customer_name.replace(" ", "_") + # Open the docker-compose.yml file and read the content + with open(os.path.join(parent_directory, "templates", "docker-compose.yml"), "r") as file: + data = file.read() + data = data.replace("CUSTOMER_NAME", customer_name) + return data + + +async def save_uploaded_file(file, filename, customer_name): + """ + Save the uploaded file to the server. + + Args: + file: The file to save. + filename: The name of the file. + + Returns: + str: The path to the saved file. + """ + # If customer name contains a space, replace it with a _ + if " " in customer_name: + customer_name = customer_name.replace(" ", "_") + customer_upload_folder = os.path.join(UPLOAD_FOLDER, customer_name) + async with aiofiles.open(os.path.join(customer_upload_folder, filename), "wb") as f: + await f.write(file.encode()) + return os.path.join(customer_upload_folder, filename) + + +async def load_and_replace_falconhose_cfg( + customer_details: CrowdstrikeCustomerDetails, + keys: ProvisionCrowdstrikeAuthKeys, + session: AsyncSession, +): + """ + Load the falconhose.cfg file and replace the placeholders with the customer details. + + Args: + customer_details (CrowdstrikeCustomerDetails): The details of the customer. + keys (ProvisionCrowdstrikeAuthKeys): The authentication keys for Crowdstrike. + + Returns: + str: The content of the falconhose.cfg file with the placeholders replaced. + """ + # Get the current directory: + current_directory = os.path.dirname(os.path.abspath(__file__)) + # Go up one level + parent_directory = os.path.dirname(current_directory) + connector_url = str(await get_connector_attribute(connector_id=3, column_name="connector_url", session=session)) + connector_url = connector_url.replace("https://", "").replace("http://", "").replace(":9000", "") + # Open the falconhose.cfg file and read the content + with open(os.path.join(parent_directory, "templates", "cs.falconhoseclient.cfg"), "r") as file: + data = file.read() + data = data.replace("REPLACE_BASE_URL", keys.BASE_URL) + data = data.replace("REPLACE_CLIENT_ID", keys.CLIENT_ID) + data = data.replace("REPLACE_CLIENT_SECRET", keys.CLIENT_SECRET) + data = data.replace("REPLACE_SYSLOG_HOST", connector_url) + data = data.replace("REPLACE_SYSLOG_PORT", keys.SYSLOG_PORT) + # Save the file + # If customer name contains a space, replace it with a _ + if " " in customer_details.customer_name: + customer_details.customer_name = customer_details.customer_name.replace(" ", "_") + customer_upload_folder = os.path.join(UPLOAD_FOLDER, customer_details.customer_name) + async with aiofiles.open(os.path.join(customer_upload_folder, "cs.falconhoseclient.cfg"), "w") as f: + await f.write(data) + return os.path.join(customer_upload_folder, "cs.falconhoseclient.cfg") diff --git a/backend/app/integrations/crowdstrike/templates/cs.falconhoseclient.cfg b/backend/app/integrations/crowdstrike/templates/cs.falconhoseclient.cfg new file mode 100644 index 000000000..2c1ea2662 --- /dev/null +++ b/backend/app/integrations/crowdstrike/templates/cs.falconhoseclient.cfg @@ -0,0 +1,1280 @@ +[Settings] +version = 3 +api_url = REPLACE_BASE_URL/sensors/entities/datafeed/v2 +request_token_url = https://api.crowdstrike.com/oauth2/token +app_id = SIEM-Connector-v2.0.0 + +enable_correlation_id = false +format_floats_as_scientific = true + +# API Client ID +client_id = REPLACE_CLIENT_ID +# API Client Secret +client_secret = REPLACE_CLIENT_SECRET + +# Amount of time (in seconds) we will wait for a connect to complete. +connection_timeout = 10 +# Amount of time to wait (in seconds) for a server's response headers after fully writing the request. +read_timeout = 30 + +# Specify partition number 0 to n or 'all' (without quote) for all partitions +partition = all + +http_proxy = + +# Output formats +# Supported formats are +# 1.syslog: will output syslog format with flat key=value pairs uses the mapping configuration below. +; Use syslog format if CEF/LEEF output is required. +# 2.json: will output raw json format received from FalconHose API (default) +output_format = syslog + +# Will be true regardless if Syslog is not enabled +# If path does not exist or user has no permission, log file will be used +output_to_file = false +output_path = /var/log/crowdstrike/falconhoseclient/output + +# Offset file full filepath and filename +offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets + +[Output_File_Rotation] +# If the output is writing to a file, then the settings below will govern output file rotation +# +# If true, then the rotation rules will apply. If not, the client will continue to write to the same file. +rotate_file = true +# Maximum individual output file size in MB +max_size = 500 +# Number of backups of the output file to be stored +max_backups = 10 +# Maximum age of backup output files before it is deleted in DAYS +max_age = 30 + +[Logging] +verbose_log = true +# Maximum individual log file size in MB +max_size = 500 +# Number of backups to be stored +max_backups = 10 +# Maximum age of backup files before it is deleted in DAYS +max_age = 30 + +[Syslog] +send_to_syslog_server = true +host = REPLACE_SYSLOG_HOST +port = REPLACE_SYSLOG_PORT +protocol = tcp + +# CEF/LEEF Headers, header_prefix will be appended before any other header information +# Within each mapping section, we can add __header.{n} (note double underscore) where n is consecutive integer +# starting with 0 which will be added sequentially. +# Value of headers can be: +# 1. As specified: enclose by single-quote +# 2. Field value: just specify which field name +header_delim = | +header_prefix = CEF:0|CrowdStrike|FalconHost|1.0| + +# Character Escaping Setting +# Syntax Guidelines: +# - Enclose characters with double-quote i.e. "|" +# - From and To characters are delimited by colon +# - Character(s) that needs to be escaped is placed on the left side of a colon (:) and character to replace with is on the right i.e. "from":"to" +# - Multiple character escape setting is delimited by a common i.e. "from1":"to1","from2":"to2" and so on +# - header_prefix setting (above) will not be escaped +escape_header = "|":"\|","\\":"\\\\" +escape_ext = "\\":"\\\\","=":"\=","\n":"\\n","\r":"\\r" + +# Delimiter separating key and value, example: if the delimiter is '='(equal): filename=abc.txt +key_val_delim = = + +# Delimiter separating 2 key-value pairs , example: if the delimiter is ','(comma): filename=abc.txt,domain=www.google.com +# Note: For space just leave it empty +field_delim = + +val_enclosure = + +# These fields will be converted to time format, field name should be the key on the mapping section (RFC3339) +time_fields = deviceCustomDate1 +time_format = MMM dd yyyy HH:mm:ss + +# This will be use for filtering +event_type_field = metadata.eventType +event_subtype_field = event.subType + +# Max length of syslog line in bytes +max_length = 2048 + +# Send retry interval in seconds (applicable only for TCP) +retry_interval_secs = 10 + +# Static order fields +keys_ordered = true + +[EventTypeCollection] +DetectionSummaryEvent = true +AuthActivityAuditEvent = true +UserActivityAuditEvent = true +HashSpreadingEvent = true +RemoteResponseSessionStartEvent = true +RemoteResponseSessionEndEvent = true +FirewallMatchEvent = true +CSPMSearchStreamingEvent = true +CSPMIOAStreamingEvent = true +IncidentSummaryEvent = true +CustomerIOCEvent = true +IdentityProtectionEvent = true +ReconNotificationSummaryEvent = true +ScheduledReportNotificationEvent = true +MobileDetectionSummaryEvent = true +XdrDetectionSummaryEvent = true +IdpDetectionSummaryEvent = true + +# ---------------------------------------------------------------------------------------------------------------- +# Below configurations only applies if syslog is ENABLED (under Syslog: enabled=true +# ---------------------------------------------------------------------------------------------------------------- + +[EventSubTypeCollection] +# Format: _ = true/false +DetectionSummaryEvent_DnsRequests = true +DetectionSummaryEvent_NetworkAccesses = true +DetectionSummaryEvent_DocumentsAccessed = true +DetectionSummaryEvent_ScanResults = true +DetectionSummaryEvent_ExecutablesWritten = true +DetectionSummaryEvent_QuarantineFiles = true +HashSpreadingEvent_Sensors = true +RemoteResponseSessionEndEvent_Commands = true +MobileDetectionSummaryEvent_MobileAppsDetails = true +MobileDetectionSummaryEvent_MobileNetworkConnections = true +MobileDetectionSummaryEvent_MobileDnsRequests = true +MobileDetectionSummaryEvent_MountedVolumes = true +MobileDetectionSummaryEvent_Trampolines = true +MobileDetectionSummaryEvent_LoadedObjects = true +MobileDetectionSummaryEvent_ObjectiveCRuntimesAltered = true +MobileDetectionSummaryEvent_RootAccessIndicators = true +MobileDetectionSummaryEvent_Certificates = true +MobileDetectionSummaryEvent_EnvironmentVariables = true +MobileDetectionSummaryEvent_SystemProperties = true + + +# FIELD MAPPINGS +# Section name format: OR _ +# Reserved keys: +# __header.{n} where n is integer starting with 0 +# +# There are 2 possible values for the mapping +# 1. Literals which will be used as-is (for labelling) should be enclosed by single quotes +# 2. Value based on incoming event +# +# If field mapping is not specified, then field will not appear in the results +# DetectName has been deprecated because CrowdStrike now supports MITRE framework + +[DetectionSummaryEvent] +__header.0 = metadata.eventType +__header.1 = metadata.eventType +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +cn1Label = 'ParentProcessId' +cn1 = event.ParentProcessId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +fname = event.FileName +filePath = event.FilePath +cs5Label = 'CommandLine' +cs5 = event.CommandLine +fileHash = event.MD5String +dntdom = event.MachineDomain +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + + +[DetectionSummaryEvent_DnsRequests] +__header.0 = 'DNS Request In A Detection Summary Event' +__header.1 = 'DNS Request In A Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +dhost = event.ComputerName +duser = event.UserName +fname = event.FileName +filePath = event.FilePath +dntdom = event.MachineDomain +cs5Label = 'CommandLine' +cs5 = event.CommandLine +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'DNS Request Time' +deviceCustomDate1 = event.DnsRequests.LoadTime +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + + +[DetectionSummaryEvent_NetworkAccesses] +__header.0 = 'Network Access In A Detection Summary Event' +__header.1 = 'Network Access In A Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +dhost = event.ComputerName +duser = event.UserName +fname = event.FileName +filePath = event.FilePath +cs5Label = 'CommandLine' +cs5 = event.CommandLine +dntdom = event.MachineDomain +src = event.NetworkAccesses.LocalAddress +c6a2 = event.NetworkAccesses.LocalAddress +dst = event.NetworkAccesses.RemoteAddress +c6a3 = event.NetworkAccesses.RemoteAddress +spt = event.NetworkAccesses.LocalPort +dpt = event.NetworkAccesses.RemotePort +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'Network Access Timestamp' +deviceCustomDate1 = event.NetworkAccesses.AccessTimestamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + + +[DetectionSummaryEvent_DocumentsAccessed] +__header.0 = 'Document Access In A Detection Summary Event' +__header.1 = 'Document Access In A Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +dhost = event.ComputerName +duser = event.UserName +fname = event.FileName +filePath = event.FilePath +dntdom = event.MachineDomain +cs2Label = 'AccessedDocFileName' +cs2 = event.DocumentsAccessed.FileName +cs3Label = 'AccessedDocFilePath' +cs3 = event.DocumentsAccessed.FilePath +cs5Label = 'CommandLine' +cs5 = event.CommandLine +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'Document Accessed Timestamp' +deviceCustomDate1 = event.DocumentsAccessed.Timestamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + +[DetectionSummaryEvent_ScanResults] +__header.0 = 'AV Scan Results In A Detection Summary Event' +__header.1 = 'AV Scan Results In A Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +dhost = event.ComputerName +duser = event.UserName +fname = event.FileName +filePath = event.FilePath +fileHash = event.MD5String +dntdom = event.MachineDomain +cs2Label = 'ScanResultEngine' +cs2 = event.ScanResults.Engine +cs1Label = 'ScanResultName' +cs1 = event.ScanResults.ResultName +cs4Label = 'ScanResultVersion' +cs4 = event.ScanResults.Version +cs5Label = 'CommandLine' +cs5 = event.CommandLine +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + +[DetectionSummaryEvent_ExecutablesWritten] +__header.0 = 'Executable Written In A Detection Summary Event' +__header.1 = 'Executable Written In A Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +dhost = event.ComputerName +duser = event.UserName +fname = event.FileName +filePath = event.FilePath +dntdom = event.MachineDomain +cs2Label = 'WrittenExeFileName' +cs2 = event.ExecutablesWritten.FileName +cs3Label = 'WrittenExeFilePath' +cs3 = event.ExecutablesWritten.FilePath +cs5Label = 'CommandLine' +cs5 = event.CommandLine +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ExeWrittenTimestamp' +deviceCustomDate1 = event.ExecutablesWritten.Timestamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + +[DetectionSummaryEvent_QuarantineFiles] +__header.0 = 'Quarantined Files In A Detection Summary Event' +__header.1 = 'Quarantined Files In A Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +cn2Label = 'ProcessId' +cn2 = event.ProcessId +dhost = event.ComputerName +duser = event.UserName +fname = event.FileName +filePath = event.FilePath +dntdom = event.MachineDomain +cs2Label = 'QuarantineFileSHA256' +cs2 = event.QuarantineFiles.SHA256HashData +cs3Label = 'QuarantineFilePath' +cs3 = event.QuarantineFiles.ImageFileName +cs5Label = 'CommandLine' +cs5 = event.CommandLine +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ExeWrittenTimestamp' +deviceCustomDate1 = event.ExecutablesWritten.Timestamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective +patternDisposition = event.PatternDispositionDescription +outcome = event.PatternDispositionValue + +[UserActivityAuditEvent] +__header.0 = metadata.eventType +__header.1 = event.OperationName +__header.2 = '1' + +cat = metadata.eventType +destinationTranslatedAddress = event.UserIp +duser = event.UserId +deviceProcessName = event.ServiceName +cn3Label = 'Offset' +cn3 = metadata.offset +outcome = event.Success +rt = metadata.eventCreationTime + +[AuthActivityAuditEvent] +__header.0 = event.OperationName +__header.1 = event.OperationName +__header.2 = '1' + +cat = metadata.eventType +destinationTranslatedAddress = event.UserIp +duser = event.UserId +deviceProcessName = event.ServiceName +cn3Label = 'Offset' +cn3 = metadata.offset +outcome = event.Success +deviceCustomDate1Label = 'Timestamp' +deviceCustomDate1 = event.UTCTimestamp +rt = metadata.eventCreationTime + +[HashSpreadingEvent] +__header.0 = 'Hash Spreading Summary' +__header.1 = 'Hash Spreading Event-Summary' +__header.2 = '5' + +cat = event.ExecutionType +deviceCustomDate1Label = 'DocAccessTimestamp' +deviceCustomDate1 = event.AlertTime +fname=event.FileName +fileHash=event.SHA256String +deviceCustomDate2Label = 'HashSpreadingEventTime' +deviceCustomDate2 = metadata.eventCreationTime + +[HashSpreadingEvent_Sensors] +__header.0 = 'Hash Spreading Sensor' +__header.1 = 'Hash Spreading Event-Sensor Details' +__header.2 = '5' + +cat = event.ExecutionType +deviceCustomDate1Label = 'DocAccessTimestamp' +deviceCustomDate1 = event.AlertTime +fname = event.Sensors.Filename +fileHash=event.SHA256String +dhost = event.Sensors.HostnameField +deviceCustomDate2Label = 'HashSpreadingSensorEventTime' +deviceCustomDate2 = event.Sensors.LastWriteTime + +[RemoteResponseSessionStartEvent] +__header.0 = metadata.eventType +__header.1 = 'Remote Response Session Start event' +__header.2 = '1' + +cat = metadata.eventType +cn3Label = 'Offset' +cn3 = metadata.offset +rt = metadata.eventCreationTime +dhost = event.HostnameField +duser = event.UserName +sessionStartTimestampLabel = 'RemoteResponseSessionStartTimestamp' +sessionStartTimestamp = event.StartTimestamp + +[RemoteResponseSessionEndEvent] +__header.0 = metadata.eventType +__header.1 = 'Remote Response Session End event' +__header.2 = '1' + +cat = metadata.eventType +cn3Label = 'Offset' +cn3 = metadata.offset +rt = metadata.eventCreationTime +dhost = event.HostnameField +duser = event.UserName +sessionEndTimestampLabel = 'RemoteResponseSessionEndTimestamp' +sessionEndTimestamp = event.EndTimestamp + +[RemoteResponseSessionEndEvent_Commands] +__header.0 = metadata.eventType +__header.1 = 'Remote Response Session End event' +__header.2 = '1' + +cat = metadata.eventType +cn3Label = 'Offset' +cn3 = metadata.offset +rt = metadata.eventCreationTime +dhost = event.HostnameField +duser = event.UserName +sessionEndTimestampLabel = 'RemoteResponseSessionEndTimestamp' +sessionEndTimestamp = event.EndTimestamp +cmdLabel = 'Command' +cmd = event.Commands + + +[FirewallMatchEvent] +__header.0 = metadata.eventType +__header.1 = 'Firewall Match event' +__header.2 = '1' + +cat = metadata.eventType +deviceId = event.DeviceId +ipVLabel = 'IpV' +ipV = event.IpV +cmdLineLabel = 'Command Line' +cmdLine = event.CommandLine +connectionDirectionLabel = 'Connection Direction' +connectionDirection = event.ConnectionDirection +eventType = event.EventType +flags = event.Flags +hostName = event.HostName +icmpCodeLabel = 'ICMP Code' +icmpCode = event.ICMPCode +icmpTypeLabel = 'ICMP Type' +icmpType = event.ICMPType +imageFileNameLabel = 'Image File Name' +imageFileName = event.ImageFileName +localAddressLabel = 'Local Address' +localAddress = event.LocalAddress +localPortLabel = 'Local Port' +localPort = event.LocalPort +matchCountLabel = 'Match Count' +matchCount = event.MatchCount +matchCountSinceLastReportLabel = 'Match Count Since Last Report' +matchCount = event.MatchCountSinceLastReport +networkProfileLabel = 'Network Profile' +networkProfile = event.NetworkProfile +PolicyNameLabel = 'Policy Name' +networkProfile = event.PolicyName +protocolLabel = 'Protocol' +protocol = event.Protocol +remoteAddressLabel = 'Remote Address' +remoteAddress = event.RemoteAddress +remotePortLabel = 'Remote Port' +remotePort = event.RemotePort +ruleActionLabel = 'Rule Action' +ruleAction = event.RuleAction +ruleDescriptionLabel = 'Rule Description' +ruleDescription = event.RuleDescription +ruleGroupNameLabel = 'Rule Group Name' +ruleGroupName = event.RuleGroupName +ruleNameLabel = 'Rule Name' +ruleName = event.RuleName +statusLabel = 'Status' +status = event.Status +cn3Label = 'Offset' +cn3 = metadata.offset +rt = metadata.eventCreationTime + + +[CSPMSearchStreamingEvent] +__header.0 = metadata.eventType +__header.1 = 'CSPM Search Streaming event' +__header.2 = '1' + +cat = metadata.eventType +accountIdLabel = 'AccountId' +accountId = event.AccountId +regionLabel = 'Region' +region = event.Region +resourceIdLabel = 'ResourceId' +resourceId = event.ResourceId +resourceIdTypeLabel = 'ResourceIdType' +resourceIdType = event.ResourceIdType +resourceNameLabel = 'ResourceName' +resourceName = event.ResourceName +resourceCreateTimeLabel = 'ResourceCreateTime' +resourceCreateTime = event.ResourceCreateTime +policyStatementLabel = 'PolicyStatement' +policyStatement = event.PolicyStatement +severityNameLabel = 'SeverityName' +severityName = event.SeverityName +cloudPlatformLabel = 'CloudPlatform' +cloudPlatform = event.CloudPlatform +cloudServiceLabel = 'CloudService' +cloudService = event.CloudService +dispositionLabel = 'Disposition' +disposition = event.Disposition +resourceUrlLabel = 'ResourceUrl' +resourceUrl = event.ResourceUrl +findingLabel = 'Finding' +finding = event.Finding +resourceAttributesLabel = 'ResourceAttributes' +resourceAttributes = event.ResourceAttributes +tagsLabel = 'Tags' +tags = event.Tags +timestampLabel = 'Timestamp' +timestamp = event.Timestamp + +[CSPMIOAStreamingEvent] +__header.0 = metadata.eventType +__header.1 = 'CSPM IOA Streaming event' +__header.2 = '1' + +cat = metadata.eventType +accountIdLabel = 'AccountId' +accountId = event.AccountId +policyStatementLabel = 'PolicyStatement' +policyStatement = event.PolicyStatement +cloudProviderLabel = 'CloudProvider' +cloudProvider = event.CloudProvider +cloudServiceLabel = 'CloudService' +cloudService = event.CloudService +severityNameLabel = 'SeverityName' +severityName = event.SeverityName +eventActionLabel = 'EventAction' +eventAction = event.EventAction +eventSourceLabel = 'EventSource' +eventSource = event.EventSource +eventCreatedTimeLabel = 'EventCreatedTimestamp' +eventCreatedTime = event.EventCreatedTimestamp +userIdLabel = 'UserId' +userId = event.UserId +userNameLabel = 'UserName' +userName = event.UserName +userSourceIpLabel = 'UserSourceIp' +userSourceIp = event.UserSourceIp +tacticLabel = 'Tactic' +tactic = event.Tactic +techniqueLabel = 'Technique' +technique = event.Technique + +[CustomerIOCEvent] +__header.0 = 'Indicator of Compromise' +cat = metadata.eventType +devTimeFormat='yyyy-MM-dd HH:mm:ss' +devTime = metadata.eventCreationTime +commandLine = event.CommandLine +resource = event.ComputerName +fileName = event.FileName +filePath = event.FilePath +dnsRequestDomain = event.DomainName +dstIPv4 = event.IPv4 +dstIPv6 = event.IPv6 +md5 = event.MD5String +sha1 = event.SHA1String +sha256 = event.SHA256String + +[IncidentSummaryEvent] +__header.0 = metadata.eventType +__header.1 = metadata.eventType +__header.2 = '5' +cat = metadata.eventType +cs1Label = 'FalconHostLink' +cs1 = event.FalconHostLink +cs2Label = 'State' +cs2 = event.State +cn3Label = 'FineScore' +cn3 = event.FineScore +deviceCustomDate1Label = 'IncidentStartTime' +deviceCustomDate1 = event.IncidentStartTime +deviceCustomDate2Label = 'IncidentEndTime' +deviceCustomDate2 = event.IncidentEndTime +deviceCustomDate2 = event.IncidentEndTime + +[IdentityProtectionEvent] +__header.0 = event.Category +__header.1 = event.Severity + +cat = event.Category +cs1Label = 'incidentType' +cs1 = event.IncidentType +severityNameLabel = 'severityName' +severityName = event.SeverityName +msg = event.IncidentDescription +deviceCustomDate1Label = 'startTime' +deviceCustomDate1 = event.StartTime +deviceCustomDate2Label = 'endTime' +deviceCustomDate2 = event.EndTime +cs2Label = 'identityProtectionIncidentId' +cs2 = event.IdentityProtectionIncidentId +duser = event.UserName +dhost = event.EndpointName +cs3Label = 'endpointIp' +cs3 = event.EndpointIp +cn1Label = 'numberOfCompromisedEntities' +cn1 = event.NumberOfCompromisedEntities +cn2Label = 'numbersOfAlerts' +cn2 = event.NumbersOfAlerts +cs4Label = 'falconHostLink' +cs4 = event.FalconHostLink +stateLabel = 'state' +state = event.State + +[ReconNotificationSummaryEvent] +__header.0 = metadata.eventType +__header.1 = 'Recon Notification Summary Event' +__header.2 = '1' + +cat = metadata.eventType +notificationIdLabel = 'NotificationId' +notificationId = event.NotificationId +highlightsLabel = 'MatchHighlights' +highlights = event.Highlights +matchedTimestampLabel = 'MatchTimestamp' +matchedTimestamp = event.MatchedTimestamp +ruleIdLabel = 'MonitoringRuleId' +ruleId = event.RuleId +ruleNameLabel = 'MonitoringRuleName' +ruleName = event.RuleName +ruleTopicLabel = 'MonitoringRuleTopic' +ruleTopic = event.RuleTopic +rulePriorityLabel = 'MonitoringRulePriority' +rulePriority = event.RulePriority +itemIdLabel = 'RawIntelligenceItemId' +itemId = event.ItemId +itemTypeLabel = 'RawIntelligenceItemType' +itemType = event.ItemType +itemPostedTimestampLabel = 'RawIntelligenceItemPostedTimestamp' +itemPostedTimestamp = event.ItemPostedTimestamp + +[ScheduledReportNotificationEvent] +__header.0 = metadata.eventType +__header.1 = 'Scheduled Report Notification Event' +__header.2 = '1' + +cat = metadata.eventType +userUUIDLabel = 'UserUUID' +userUUID = event.UserUUID +userIDLabel = 'UserID' +userID = event.UserID +executionIDLabel = 'ExecutionID' +executionID = event.ExecutionID +reportIDLabel = 'ReportID' +reportID = event.ReportID +reportNameLabel = 'ReportName' +reportName = event.ReportName +reportTypeLabel = 'ReportType' +reportType = event.ReportType +reportFileReferenceLabel = 'ReportFileReference' +reportFileReference = event.ReportFileReference +statusLabel = 'Status' +status = event.Status +statusMessageLabel = 'StatusMessage' +statusMessage = event.StatusMessage +executionMetadataLabel = 'ExecutionMetadata' +executionMetadata = event.ExecutionMetadata + +[MobileDetectionSummaryEvent] +__header.0 = metadata.eventType +__header.1 = metadata.eventType +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cn1Label = 'SELinuxEnforcementPolicy' +cn1 = event.SELinuxEnforcementPolicy +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_MobileAppsDetails] +__header.0 = 'Mobile Application Details In A Mobile Detection Summary Event' +__header.1 = 'Mobile Application Details In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'AppIdentifier' +cs1 = event.MobileAppsDetails.AppIdentifier +cs2Label = 'AppInstallerInformation' +cs2 = event.MobileAppsDetails.AppInstallerInformation +fname = event.MobileAppsDetails.ImageFileName +fileHash = event.MobileAppsDetails.SHA256HashData +cs3Label = 'DexFileHashes' +cs3 = event.MobileAppsDetails.DexFileHashes +cs4Label = 'AndroidAppVersionName' +cs4 = event.MobileAppsDetails.AndroidAppVersionName +cn1Label = 'HarmfulAppCategory' +cn1 = event.MobileAppsDetails.HarmfulAppCategory +cs5Label = 'AndroidComponentName' +cs5 = event.MobileAppsDetails.AndroidComponentName +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_MobileNetworkConnections] +__header.0 = 'Network Connection In A Mobile Detection Summary Event' +__header.1 = 'Network Connection In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'Protocol' +cs1 = event.MobileNetworkConnections.Protocol +cn1Label = 'ConnectionFlags' +cn1 = event.MobileNetworkConnections.ConnectionFlags +src = event.MobileNetworkConnections.LocalAddress +c6a2 = event.MobileNetworkConnections.LocalAddress +dst = event.MobileNetworkConnections.RemoteAddress +c6a3 = event.MobileNetworkConnections.RemoteAddress +spt = event.MobileNetworkConnections.LocalPort +dpt = event.MobileNetworkConnections.RemotePort +deviceDirection = MobileNetworkConnections.ConnectionDirection +request = event.MobileNetworkConnections.Url +cs2Label = 'AppIdentifier' +cs2 = event.MobileNetworkConnections.AppIdentifier +cs3Label = 'IsAndroidAppContainerized' +cs3 = event.MobileNetworkConnections.IsAndroidAppContainerized +cn2Label = 'ContextProcessId' +cn2 = event.MobileNetworkConnections.ContextProcessId +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'Network Connection Timestamp' +deviceCustomDate1 = event.MobileNetworkConnections.AccessTimestamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_MobileDnsRequests] +__header.0 = 'Dns Request In A Mobile Detection Summary Event' +__header.1 = 'Dns Request In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +destinationDnsDomain = event.MobileDnsRequests.DomainName +cs1Label = 'RequestType' +cs1 = event.MobileDnsRequests.RequestType +cs2Label = 'AppIdentifier' +cs2 = event.MobileDnsRequests.AppIdentifier +dst = event.MobileDnsRequests.IpAddress +c6a3 = event.MobileDnsRequests.IpAddress +cn1Label = 'ContextProcessId' +cn1 = event.MobileDnsRequests.ContextProcessId +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'DNS Request Timestamp' +deviceCustomDate1 = event.MobileDnsRequests.AccessTimestamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_MountedVolumes] +__header.0 = 'Mounted Volume In A Mobile Detection Summary Event' +__header.1 = 'Mounted Volume In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'Type' +cs1 = event.MountedVolumes.Type +cs2Label = 'MountPoint' +cs2 = event.MountedVolumes.MountPoint +cs3Label = 'MountFlags' +cs3 = event.MountedVolumes.MountFlags +cs4Label = 'RealDeviceName' +cs4 = event.MountedVolumes.RealDeviceName +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_Trampolines] +__header.0 = 'Trampoline In A Mobile Detection Summary Event' +__header.1 = 'Trampoline In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'FunctionName' +cs1 = event.Trampolines.FunctionName +cs2Label = 'ExecutableBytes' +cs2 = event.Trampolines.ExecutableBytes +fname = event.Trampolines.ImageFileName +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_LoadedObjects] +__header.0 = 'Loaded Object In A Mobile Detection Summary Event' +__header.1 = 'Loaded Object In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +fname = event.LoadedObjects.FileName +fileHash = event.LoadedObjects.SHA256HashData +cs1Label = 'CodeSigningFlags' +cs1 = event.LoadedObjects.CodeSigningFlags +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_ObjectiveCRuntimesAltered] +__header.0 = 'ObjectiveC Runtime Altered In A Mobile Detection Summary Event' +__header.1 = 'ObjectiveC Runtime Altered In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'MethodSignature' +cs1 = event.ObjectiveCRuntimesAltered.MethodSignature +fname = event.ObjectiveCRuntimesAltered.ImageFileName +cs2Label = 'ExpectedImageFileName' +cs2 = event.ObjectiveCRuntimesAltered.ExpectedImageFileName +cs3Label = 'SuspectAddress' +cs3 = event.ObjectiveCRuntimesAltered.SuspectAddress +cs4Label = 'ExpectedAddress' +cs4 = event.ObjectiveCRuntimesAltered.ExpectedAddress +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_RootAccessIndicators] +__header.0 = 'Root Access Indicators In A Mobile Detection Summary Event' +__header.1 = 'Root Access Indicators In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'LogcatMessage' +cs1 = event.RootAccessIndicators.LogcatMessage +cs2Label = 'AndroidStackTrace' +cs2 = event.RootAccessIndicators.AndroidStackTrace +cs3Label = 'HookedFunctionName' +cs3 = event.RootAccessIndicators.HookedFunctionName +cs4Label = 'AndroidInitServiceName' +cs4 = event.RootAccessIndicators.AndroidInitServiceName +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_Certificates] +__header.0 = 'Certificate In A Mobile Detection Summary Event' +__header.1 = 'Certificate In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'CertificateName' +cs1 = event.Certificates.Name +cs2Label = 'CertificateIssuer' +cs2 = event.Certificates.Issuer +cs3Label = 'CertificateFingerPrint' +cs3 = event.Certificates.FingerPrint +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_EnvironmentVariables] +__header.0 = 'Environment Variable In A Mobile Detection Summary Event' +__header.1 = 'Environment Variable In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'EnvironmentVariableName' +cs1 = event.EnvironmentVariables.Name +cs2Label = 'EnvironmentVariableValue' +cs2 = event.EnvironmentVariables.Value +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[MobileDetectionSummaryEvent_SystemProperties] +__header.0 = 'System Property In A Mobile Detection Summary Event' +__header.1 = 'System Property In A Mobile Detection Summary Event' +__header.2 = event.Severity + +cat = event.Tactic +externalId = event.SensorId +dhost = event.ComputerName +duser = event.UserName +msg = event.DetectDescription +dvcpid = event.ProcessId +cs1Label = 'SystemPropertyName' +cs1 = event.SystemProperties.Name +cs2Label = 'SystemPropertyValue' +cs2 = event.SystemProperties.Value +cs6Label = 'FalconHostLink' +cs6 = event.FalconHostLink +cn3Label = 'Offset' +cn3 = metadata.offset +deviceCustomDate1Label = 'ContextTimeStamp' +deviceCustomDate1 = event.ContextTimeStamp +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique +objective = event.Objective + +[XdrDetectionSummaryEvent] +__header.0 = metadata.eventType +__header.1 = 'XDR Detection Summary Event' +__header.2 = event.Severity + +cat = metadata.eventType +msg = event.Description +rt = metadata.eventCreationTime +tactics = event.Tactics +techniques = event.Techniques +xdrTypeLabel = 'XdrType' +xdrType = event.XdrType +authorLabel = 'Author' +author = event.Author + +scheduledSearchExecutionIdLabel = 'ScheduledSearchExecutionId' +scheduledSearchExecutionId = event.ScheduledSearchExecutionId +scheduledSearchIdLabel = 'ScheduledSearchId' +scheduledSearchId = event.ScheduledSearchId +scheduledSearchUserIdLabel = 'ScheduledSearchUserId' +scheduledSearchUserId = event.ScheduledSearchUserId +scheduledSearchUserUUIDLabel = 'ScheduledSearchUserUUID' +scheduledSearchUserUUID = event.ScheduledSearchUserUUID + +sourceProductsLabel = 'SourceProducts' +sourceProducts = event.SourceProducts +sourceVendorsLabel = 'SourceVendors' +sourceVendors = event.SourceVendors +dataDomainsLabel = 'DataDomains' +dataDomains = event.DataDomains +ipv4AddressesLabel = 'IPv4Addresses' +ipv4Addresses = event.IPv4Addresses +ipv6AddressesLabel = 'IPv6Addresses' +ipv6Addresses = event.IPv6Addresses +hostNamesLabel = 'HostNames' +hostNames = event.HostNames +domainNamesLabel = 'DomainNames' +domainNames = event.DomainNames +emailAddressesLabel = 'EmailAddresses' +emailAddresses = event.EmailAddresses +sha256HashesLabel = 'SHA256Hashes' +sha256Hashes = event.SHA256Hashes +md5HashesLabel = 'MD5Hashes' +md5Hashes = event.MD5Hashes +usersLabel = 'Users' +users = event.Users + +cn3Label = 'Offset' +cn3 = metadata.offset + + + +[IdpDetectionSummaryEvent] +__header.0 = metadata.eventType +__header.1 = 'Identity Protection Detection Summary Event' +__header.2 = event.Severity + +cat = metadata.eventType +msg = event.DetectDescription +rt = metadata.eventCreationTime +tactic = event.Tactic +technique = event.Technique + +targetServiceAccessIdentifierLabel = 'TargetServiceAccessIdentifier' +targetServiceAccessIdentifier = event.TargetServiceAccessIdentifier +targetEndpointSensorIdLabel = 'TargetEndpointSensorId' +targetEndpointSensorId = event.TargetEndpointSensorId +targetEndpointHostNameLabel = 'TargetEndpointHostName' +targetEndpointHostName = event.TargetEndpointHostName +targetEndpointAccountObjectSidLabel = 'TargetEndpointAccountObjectSid' +targetEndpointAccountObjectSid = event.TargetEndpointAccountObjectSid +targetEndpointAccountObjectGuidLabel = 'TargetEndpointAccountObjectGuid' +targetEndpointAccountObjectGuid = event.TargetEndpointAccountObjectGuid +targetAccountUpnLabel = 'TargetAccountUpn' +targetAccountUpn = event.TargetAccountUpn +targetAccountObjectSidLabel = 'TargetAccountObjectSid' +targetAccountObjectSid = event.TargetAccountObjectSid +targetAccountNameLabel = 'TargetAccountName' +targetAccountName = event.TargetAccountName +targetAccountDomainLabel = 'TargetAccountDomain' +targetAccountDomain = event.TargetAccountDomain +suspiciousMachineAccountAlterationTypeLabel = 'SuspiciousMachineAccountAlterationType' +suspiciousMachineAccountAlterationType = event.SuspiciousMachineAccountAlterationType +startTimeLabel = 'StartTime' +startTime = event.StartTime +ssoApplicationIdentifierLabel = 'SsoApplicationIdentifier' +ssoApplicationIdentifier = event.SsoApplicationIdentifier +sourceEndpointSensorIdLabel = 'SourceEndpointSensorId' +sourceEndpointSensorId = event.SourceEndpointSensorId +sourceEndpointIpReputationLabel = 'SourceEndpointIpReputation' +sourceEndpointIpReputation = event.SourceEndpointIpReputation +sourceEndpointIpAddressLabel = 'SourceEndpointIpAddress' +sourceEndpointIpAddress = event.SourceEndpointIpAddress +sourceEndpointHostNameLabel = 'SourceEndpointHostName' +sourceEndpointHostName = event.SourceEndpointHostName +sourceEndpointAccountObjectSidLabel = 'SourceEndpointAccountObjectGuid' +sourceEndpointAccountObjectSid = event.SourceEndpointAccountObjectGuid +sourceEndpointAccountObjectSidLabel = 'SourceEndpointAccountObjectSid' +sourceEndpointAccountObjectSid = event.SourceEndpointAccountObjectSid +sourceAccountUpnLabel = 'SourceAccountUpn' +sourceAccountUpn = event.SourceAccountUpn +sourceAccountObjectSidLabel = 'SourceAccountObjectSid' +sourceAccountObjectSid = event.SourceAccountObjectSid +sourceAccountNameLabel = 'SourceAccountName' +sourceAccountName = event.SourceAccountName +sourceAccountDomainLabel = 'SourceAccountDomain' +sourceAccountDomain = event.SourceAccountDomain +severityNameLabel = 'SeverityName' +severityName = event.SeverityName +rpcOpClassificationLabel = 'RpcOpClassification' +rpcOpClassification = event.RpcOpClassification +protocolAnomalyClassificationLabel = 'ProtocolAnomalyClassification' +protocolAnomalyClassification = event.ProtocolAnomalyClassification +previousPrivilegesLabel = 'PreviousPrivileges' +previousPrivileges = event.PreviousPrivileges +precedingActivityTimeStampLabel = 'PrecedingActivityTimeStamp' +precedingActivityTimeStamp = event.PrecedingActivityTimeStamp +patternIdLabel = 'PatternId' +patternId = event.PatternId +objectiveLabel = 'Objective' +objective = event.Objective +mostRecentActivityTimeStampLabel = 'MostRecentActivityTimeStamp' +mostRecentActivityTimeStamp = event.MostRecentActivityTimeStamp +locationCountryCodeLabel = 'LocationCountryCode' +locationCountryCode = event.LocationCountryCode +ldapSearchQueryAttackLabel = 'LdapSearchQueryAttack' +ldapSearchQueryAttack = event.LdapSearchQueryAttack +idpPolicyRuleTriggerLabel = 'IdpPolicyRuleTrigger' +idpPolicyRuleTrigger = event.IdpPolicyRuleTrigger +idpPolicyRuleNameLabel = 'IdpPolicyRuleName' +idpPolicyRuleName = event.IdpPolicyRuleName +idpPolicyRuleActionLabel = 'IdpPolicyRuleAction' +idpPolicyRuleAction = event.IdpPolicyRuleAction +falconHostLinkLabel = 'FalconHostLink' +falconHostLink = event.FalconHostLink +endTimeLabel = 'EndTime' +endTime = event.EndTime +detectNameLabel = 'DetectName' +detectName = event.DetectName +detectIdLabel = 'DetectId' +detectId = event.DetectId +contextTimeStampLabel = 'ContextTimeStamp' +contextTimeStamp = event.ContextTimeStamp +attemptOutcomeLabel = 'AttemptOutcome' +attemptOutcome = event.AttemptOutcome +anomalousTicketContentClassificationLabel = 'AnomalousTicketContentClassification' +anomalousTicketContentClassification = event.AnomalousTicketContentClassification +additionalSsoApplicationIdentifierLabel = 'AdditionalSsoApplicationIdentifier' +additionalSsoApplicationIdentifier = event.AdditionalSsoApplicationIdentifier +additionalLocationCountryCodeLabel = 'AdditionalLocationCountryCode' +additionalLocationCountryCode = event.AdditionalLocationCountryCode +additionalEndpointSensorIdLabel = 'AdditionalEndpointSensorId' +additionalEndpointSensorId = event.AdditionalEndpointSensorId +additionalEndpointIpAddressLabel = 'AdditionalEndpointIpAddress' +additionalEndpointIpAddress = event.AdditionalEndpointIpAddress +additionalEndpointHostNameLabel = 'AdditionalEndpointHostName' +additionalEndpointHostName = event.AdditionalEndpointHostName +additionalEndpointAccountObjectSidLabel = 'AdditionalEndpointAccountObjectSid' +additionalEndpointAccountObjectSid = event.AdditionalEndpointAccountObjectSid +additionalEndpointAccountObjectGuidLabel = 'AdditionalEndpointAccountObjectGuid' +additionalEndpointAccountObjectGuid = event.AdditionalEndpointAccountObjectGuid +additionalActivityIdLabel = 'AdditionalActivityId' +additionalActivityId = event.AdditionalActivityId +additionalAccountUpnLabel = 'AdditionalAccountUpn' +additionalAccountUpn = event.AdditionalAccountUpn +additionalAccountObjectSidLabel = 'AdditionalAccountObjectSid' +additionalAccountObjectSid = event.AdditionalAccountObjectSid +additionalAccountNameLabel = 'AdditionalAccountName' +additionalAccountName = event.AdditionalAccountName +additionalAccountDomainLabel = 'AdditionalAccountDomain' +additionalAccountDomain = event.AdditionalAccountDomain +addedPrivilegeLabel = 'AddedPrivilege' +addedPrivilege = event.AddedPrivilege +activityIdLabel = 'ActivityId' +activityId = event.ActivityId +accountCreationTimeStampLabel = 'AccountCreationTimeStamp' +accountCreationTimeStamp = event.AccountCreationTimeStamp + +cn3Label = 'Offset' +cn3 = metadata.offset diff --git a/backend/app/integrations/crowdstrike/templates/docker-compose.yml b/backend/app/integrations/crowdstrike/templates/docker-compose.yml new file mode 100644 index 000000000..96c7a1864 --- /dev/null +++ b/backend/app/integrations/crowdstrike/templates/docker-compose.yml @@ -0,0 +1,8 @@ +version: "3.8" + +services: + crowdstrike-connector-CUSTOMER_NAME: + image: ghcr.io/socfortress/crowdstrike-connector + volumes: + - /opt/CoPilot/data/data/CUSTOMER_NAME/cs.falconhoseclient.cfg:/opt/crowdstrike/etc/cs.falconhoseclient.cfg + restart: unless-stopped diff --git a/backend/app/integrations/markdown/crowdstrike.md b/backend/app/integrations/markdown/crowdstrike.md new file mode 100644 index 000000000..642c193ec --- /dev/null +++ b/backend/app/integrations/markdown/crowdstrike.md @@ -0,0 +1,81 @@ +# [Crowdstrike Integration](https://www.crowdstrike.com/blog/tech-center/integrate-with-your-siem) + +## Prerequisites + +Before using the Falcon SIEM Connector, you’ll want to first define the API client and set its scope. Refer to this guide (https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) to getting access to the CrowdStrike API for setting up a new API client key. For the new API client, make sure the scope includes read access for Event streams. + +![Crowdstrike API Settings](/images/crowdstrike/crowdstrike_api_settings.png) + + + +## Configuration + +The configuration for our API creds and syslog forwarder settings are stored within `/opt/crowdstrike/etc/cs.falconhoseclient.cfg`. Adjust to make your changes. **NOTE that the `api_url` , `cliend_id` , `client_secret` , and `syslog_host` will need to be updated.** Below is an example, CoPilot will take care of this for you. + +```yaml +[Settings] +version = 3 +api_url = REPLACE_BASE_URL/sensors/entities/datafeed/v2 +request_token_url = https://api.crowdstrike.com/oauth2/token +app_id = SIEM-Connector-v2.0.0 + +enable_correlation_id = false +format_floats_as_scientific = true + +# API Client ID +client_id = REPLACE_CLIENT_ID +# API Client Secret +client_secret = REPLACE_CLIENT_SECRET + +# Amount of time (in seconds) we will wait for a connect to complete. +connection_timeout = 10 +# Amount of time to wait (in seconds) for a server's response headers after fully writing the request. +read_timeout = 30 + +# Specify partition number 0 to n or 'all' (without quote) for all partitions +partition = all + +http_proxy = + +# Output formats +# Supported formats are +# 1.syslog: will output syslog format with flat key=value pairs uses the mapping configuration below. +; Use syslog format if CEF/LEEF output is required. +# 2.json: will output raw json format received from FalconHose API (default) +output_format = syslog + +# Will be true regardless if Syslog is not enabled +# If path does not exist or user has no permission, log file will be used +output_to_file = false +output_path = /var/log/crowdstrike/falconhoseclient/output + +# Offset file full filepath and filename +offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets + +[Output_File_Rotation] +# If the output is writing to a file, then the settings below will govern output file rotation +# +# If true, then the rotation rules will apply. If not, the client will continue to write to the same file. +rotate_file = true +# Maximum individual output file size in MB +max_size = 500 +# Number of backups of the output file to be stored +max_backups = 10 +# Maximum age of backup output files before it is deleted in DAYS +max_age = 30 + +[Logging] +verbose_log = true +# Maximum individual log file size in MB +max_size = 500 +# Number of backups to be stored +max_backups = 10 +# Maximum age of backup files before it is deleted in DAYS +max_age = 30 + +[Syslog] +send_to_syslog_server = true +host = REPLACE_SYSLOG_HOST +port = REPLACE_SYSLOG_PORT +protocol = tcp +``` diff --git a/backend/app/integrations/modules/routes/sap_siem.py b/backend/app/integrations/modules/routes/sap_siem.py new file mode 100644 index 000000000..08aaa40a0 --- /dev/null +++ b/backend/app/integrations/modules/routes/sap_siem.py @@ -0,0 +1,303 @@ +from fastapi import APIRouter +from fastapi import Depends +from loguru import logger +from sqlalchemy.ext.asyncio import AsyncSession + +from app.db.db_session import get_db +from app.integrations.modules.schema.sap_siem import CollectSapSiemRequest +from app.integrations.modules.schema.sap_siem import CustomerDetails +from app.integrations.modules.schema.sap_siem import InvokeSapSiemAnalysis +from app.integrations.modules.schema.sap_siem import InvokeSapSiemRequest +from app.integrations.modules.schema.sap_siem import InvokeSAPSiemResponse +from app.integrations.modules.schema.sap_siem import SapSiemAuthKeys +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_brute_force_failed_logins_multiple_ips, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_brute_force_failed_logins_same_ip, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_collect, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_same_user_failed_login_from_different_geo_location, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_same_user_failed_login_from_different_ip, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_same_user_successful_login_from_different_geo_location, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_sap_siem_successful_user_login_with_different_ip, +) +from app.integrations.modules.services.sap_siem.collect import ( + post_to_copilot_sap_module_successful_login_after_multiple_failed_logins, +) +from app.integrations.routes import find_customer_integration +from app.integrations.utils.utils import extract_auth_keys +from app.integrations.utils.utils import get_customer_integration_response +from app.utils import get_customer_meta_attribute + +module_sap_siem_router = APIRouter() + + +@module_sap_siem_router.post( + "", + response_model=InvokeSAPSiemResponse, + description="Pull down SAP SIEM Events.", +) +async def collect_sap_siem_route(sap_siem_request: InvokeSapSiemRequest, session: AsyncSession = Depends(get_db)): + """Pull down SAP SIEM Events.""" + customer_integration_response = await get_customer_integration_response( + sap_siem_request.customer_code, + session, + ) + + customer_integration = await find_customer_integration( + sap_siem_request.customer_code, + sap_siem_request.integration_name, + customer_integration_response, + ) + + sap_siem_auth_keys = extract_auth_keys(customer_integration, service_name="SAP SIEM") + + logger.info(f"SAP SIEM Auth Keys: {sap_siem_auth_keys}") + + auth_keys = SapSiemAuthKeys(**sap_siem_auth_keys) + # if multiple apiKey values are present, make a loop to iterate through them + # and collect the data for each apiKey + if "," in auth_keys.API_KEY: + api_keys = auth_keys.API_KEY.split(",") + for key in api_keys: + await post_to_copilot_sap_module_collect( + data=CollectSapSiemRequest( + auth_keys=SapSiemAuthKeys( + API_KEY=key, + SECRET_KEY=auth_keys.SECRET_KEY, + USER_KEY=auth_keys.USER_KEY, + API_DOMAIN=auth_keys.API_DOMAIN, + ), + customer_code=sap_siem_request.customer_code, + integration_name=sap_siem_request.integration_name, + threshold=sap_siem_request.threshold, + time_range=sap_siem_request.time_range, + customer_details=CustomerDetails( + customer_code=sap_siem_request.customer_code, + iris_customer_id=( + await get_customer_meta_attribute( + customer_code=sap_siem_request.customer_code, + column_name="customer_meta_iris_customer_id", + session=session, + ) + ), + ), + ), + ) + else: + await post_to_copilot_sap_module_collect( + data=InvokeSapSiemRequest( + auth_keys=SapSiemAuthKeys( + API_KEY=auth_keys.API_KEY, + SECRET_KEY=auth_keys.SECRET_KEY, + USER_KEY=auth_keys.USER_KEY, + API_DOMAIN=auth_keys.API_DOMAIN, + ), + customer_code=sap_siem_request.customer_code, + integration_name=sap_siem_request.integration_name, + threshold=sap_siem_request.threshold, + time_range=sap_siem_request.time_range, + customer_details=CustomerDetails( + customer_code=sap_siem_request.customer_code, + iris_customer_id=(await get_customer_meta_attribute(sap_siem_request.customer_code, "customer_meta_iris_customer_id")), + ), + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/successful_user_login_with_different_ip", + response_model=InvokeSAPSiemResponse, + description="Rule: Successful user login after using different IP addresses\n\n" + "Period: within 15 minutes\n\n" + "Prerequisite: \n\n" + "- Login attempts from different IP addresses, regardless of login status (at least 2 failed IP addresses)\n\n" + "- Successful login afterwards (from the third successful IP address)\n\n" + "Result: User compressed, IP addresses belong to an attack network", +) +async def invoke_sap_siem_successful_user_login_with_different_ip_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for successful user login with different IP.") + await post_to_copilot_sap_module_sap_siem_successful_user_login_with_different_ip( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/same_user_failed_login_from_different_ip", + response_model=InvokeSAPSiemResponse, + description="Rule: Same user from different IP addresses\n\n" + "Period: within 10 minutes\n\n" + "Prerequisite: \n\n" + "- At least 3 failed login attempts with the same user name from 3 different IP addresses\n\n" + "Result: User compressed, IP addresses belong to an attack network", +) +async def invoke_sap_siem_same_user_failed_login_from_different_ip_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for same user failed login from different IP.") + await post_to_copilot_sap_module_same_user_failed_login_from_different_ip( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/same_user_failed_login_from_different_geo_location", + response_model=InvokeSAPSiemResponse, + description="Rule: Same user from different geo locations\n\n" + "Period: within 20 minutes\n\n" + "Prerequisite: \n\n" + "- At least 3 failed login attempts with the same user name from at least two different GEO IP country locations\n\n" + "Result: User compressed, IP addresses belong to an attack network", +) +async def invoke_sap_siem_same_user_failed_login_from_different_geo_location_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for same user failed login from different geo location.") + await post_to_copilot_sap_module_same_user_failed_login_from_different_geo_location( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/same_user_successful_login_from_different_geo_location", + response_model=InvokeSAPSiemResponse, + description="Rule: Same user from different geo locations\n\n" + "Period: within 20 minutes\n\n" + "Prerequisite: \n\n" + "- At least 1 failed login attempt with the same username from two different GEO IP country locations\n\n" + "- from the 2nd successful login thereafter in another GEO IP country location\n\n" + "Result: User compressed, IP addresses belong to an attack network\n\n" + "This function would trigger a suspicious login when the following conditions are met:\n\n" + "1. There is at least one failed login attempt from the same user (identified by `login_id`) from two different GEO IP country locations within the last 20 minutes.\n" + "2. There is at least one successful login attempt from the same user from a different GEO IP country location within the last 20 minutes.\n\n" + "Here are some examples:\n\n" + "Example 1:\n" + "- At 12:00, a failed login attempt is made by user `user1` from IP `1.1.1.1` located in the US.\n" + "- At 12:10, another failed login attempt is made by `user1` from IP `2.2.2.2` located in Canada.\n" + "- At 12:15, a successful login attempt is made by `user1` from IP `3.3.3.3` located in the UK.\n" + "- In this case, the function would trigger a suspicious login for `user1` because there are failed login attempts from two different countries (US and Canada) " + "and a successful login from a different country (UK) within 20 minutes.\n\n" + "Example 2:\n" + "- At 12:00, a failed login attempt is made by user `user2` from IP `4.4.4.4` located in the US.\n" + "- At 12:10, another failed login attempt is made by `user2` from IP `5.5.5.5` also located in the US.\n" + "- At 12:15, a successful login attempt is made by `user2` from IP `6.6.6.6` located in the US.\n" + "- In this case, the function would not trigger a suspicious login for `user2` because all the login attempts are from the same country (US).", +) +async def invoke_sap_siem_same_user_successful_login_from_different_geo_location_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for same user successful login from different geo location.") + await post_to_copilot_sap_module_same_user_successful_login_from_different_geo_location( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/brute_force_failed_logins_multiple_ips", + response_model=InvokeSAPSiemResponse, + description="Rule: Logins from different IP addresses\n\n" + "Period: within 3 minutes\n\n" + "Prerequisite: \n\n" + "- At least 25 failed login attempts from different IP addresses\n\n" + "Result: IP addresses belong to an attack network", +) +async def invoke_sap_siem_brute_force_failed_logins_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for brute force failed logins.") + await post_to_copilot_sap_module_brute_force_failed_logins_multiple_ips( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/brute_force_failed_logins_same_ip", + response_model=InvokeSAPSiemResponse, + description="Rule: Logins from the same IP address\n\n" + "Period: within 5 minutes\n\n" + "Prerequisite: \n\n" + "- At least 10 different user name failed login attempts from the same IP address\n\n" + "Result: IP addresses belong to an attack network", +) +async def invoke_sap_siem_brute_force_failed_logins_same_ip_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for brute force failed logins from the same IP.") + await post_to_copilot_sap_module_brute_force_failed_logins_same_ip( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") + + +@module_sap_siem_router.post( + "/successful_login_after_multiple_failed_logins", + response_model=InvokeSAPSiemResponse, + description="Rule: Successful login after multiple failed logins\n\n" + "Period: within 2 minutes\n\n" + "Prerequisite: \n\n" + "- At least 3 different user names that have failed from the same IP addressn\n" + "- At least one successful login from the same IP address after 3 different user names. \n\n" + "Result: User compromised, IP address belongs to an attack network", +) +async def invoke_sap_siem_successful_login_after_multiple_failed_logins_route( + invoke_siem_analysis: InvokeSapSiemAnalysis, +): + logger.info("Invoking SAP SIEM integration for successful login after multiple failed logins.") + await post_to_copilot_sap_module_successful_login_after_multiple_failed_logins( + data=InvokeSapSiemAnalysis( + threshold=invoke_siem_analysis.threshold, + time_range=invoke_siem_analysis.time_range, + iris_customer_id=invoke_siem_analysis.iris_customer_id, + ), + ) + + return InvokeSAPSiemResponse(success=True, message="SAP SIEM Events collected successfully.") diff --git a/backend/app/integrations/modules/schema/sap_siem.py b/backend/app/integrations/modules/schema/sap_siem.py new file mode 100644 index 000000000..a76b2f337 --- /dev/null +++ b/backend/app/integrations/modules/schema/sap_siem.py @@ -0,0 +1,169 @@ +from datetime import datetime +from datetime import timedelta +from typing import Optional + +from pydantic import BaseModel +from pydantic import Field +from pydantic import root_validator + + +class InvokeSapSiemRequest(BaseModel): + customer_code: str = Field( + ..., + description="The customer code.", + examples=["00002"], + ) + integration_name: str = Field( + "SAP SIEM", + description="The integration name.", + examples=["SAP SIEM"], + ) + threshold: Optional[int] = Field( + 3, + description="Number of 'Invalid LoginID' before the first 'OK'", + ) + time_range: Optional[str] = Field( + "15m", + pattern="^[1-9][0-9]*[mhdw]$", + description="Time range for the query (1m, 1h, 1d, 1w)", + ) + + lower_bound: str = None + upper_bound: str = None + + @root_validator(pre=True) + def set_time_bounds(cls, values): + time_range = values.get("time_range") + if time_range: + unit = time_range[-1] + amount = int(time_range[:-1]) + + now = datetime.utcnow() + + if unit == "m": + lower_bound = now - timedelta(minutes=amount) + elif unit == "h": + lower_bound = now - timedelta(hours=amount) + elif unit == "d": + lower_bound = now - timedelta(days=amount) + elif unit == "w": + lower_bound = now - timedelta(weeks=amount) + + values["lower_bound"] = lower_bound.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z" + values["upper_bound"] = now.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z" + return values + + +class CustomerDetails(BaseModel): + customer_code: str = Field( + ..., + description="The customer code.", + examples=["00002"], + ) + iris_customer_id: int = Field( + ..., + description="The customer ID in IRIS.", + examples=[1], + ) + + +class InvokeSAPSiemResponse(BaseModel): + success: bool + message: str + + +class SapSiemAuthKeys(BaseModel): + API_KEY: str = Field( + ..., + description="YOUR API KEY", + examples=["3_yUWT3uDMs9E1N87r4Ey"], + ) + SECRET_KEY: str = Field( + ..., + description="YOUR SECRET KEY", + examples=["4ijD6uMCca"], + ) + USER_KEY: Optional[str] = Field( + None, + description="YOUR USER KEY", + examples=["AK9zAL"], + ) + API_DOMAIN: str = Field( + ..., + description="YOUR API DOMAIN", + examples=["audit.eu1.gigya.com"], + ) + + +class CollectSapSiemRequest(BaseModel): + customer_code: str = Field( + ..., + description="The customer code.", + examples=["00002"], + ) + integration_name: str = Field( + "SAP SIEM", + description="The integration name.", + examples=["SAP SIEM"], + ) + threshold: Optional[int] = Field( + 3, + description="Number of 'Invalid LoginID' before the first 'OK'", + ) + time_range: Optional[str] = Field( + "15m", + pattern="^[1-9][0-9]*[mhdw]$", + description="Time range for the query (1m, 1h, 1d, 1w)", + ) + + lower_bound: str = None + upper_bound: str = None + auth_keys: SapSiemAuthKeys = Field( + ..., + description="The authentication keys for the SAP SIEM integration.", + ) + customer_details: CustomerDetails = Field( + ..., + description="The customer details.", + ) + + @root_validator(pre=True) + def set_time_bounds(cls, values): + time_range = values.get("time_range") + if time_range: + unit = time_range[-1] + amount = int(time_range[:-1]) + + now = datetime.utcnow() + + if unit == "m": + lower_bound = now - timedelta(minutes=amount) + elif unit == "h": + lower_bound = now - timedelta(hours=amount) + elif unit == "d": + lower_bound = now - timedelta(days=amount) + elif unit == "w": + lower_bound = now - timedelta(weeks=amount) + + values["lower_bound"] = lower_bound.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z" + values["upper_bound"] = now.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z" + return values + + def to_dict(self): + return self.dict() + + +class InvokeSapSiemAnalysis(BaseModel): + threshold: int = Field( + 0, + description="Number of 'Invalid LoginID' before the first 'OK'", + ) + time_range: int = Field( + "15", + description="Time range for the query (1m, 1h, 1d, 1w)", + ) + iris_customer_id: int = Field( + ..., + description="The customer ID in IRIS.", + examples=[1], + ) diff --git a/backend/app/integrations/modules/services/sap_siem/collect.py b/backend/app/integrations/modules/services/sap_siem/collect.py new file mode 100644 index 000000000..e12479e32 --- /dev/null +++ b/backend/app/integrations/modules/services/sap_siem/collect.py @@ -0,0 +1,185 @@ +import httpx +from loguru import logger + +from app.integrations.modules.schema.sap_siem import CollectSapSiemRequest +from app.integrations.modules.schema.sap_siem import InvokeSapSiemAnalysis + + +async def post_to_copilot_sap_module_collect(data: CollectSapSiemRequest): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (CollectHuntress): The data to send to the copilot-sap-module Docker container. + """ + logger.info(f"Sending POST request to http://copilot-sap-module/collect with data: {data.dict()}") + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/collect", + json=data.to_dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_sap_siem_successful_user_login_with_different_ip(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info( + f"Sending POST request to http://copilot-sap-module/sap-siem/same_user_failed_login_from_different_ip with data: {data.dict()}", + ) + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/successful_user_login_with_different_ip", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_same_user_failed_login_from_different_ip(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info( + f"Sending POST request to http://copilot-sap-module/sap-siem/same_user_failed_login_from_different_ip with data: {data.dict()}", + ) + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/same_user_failed_login_from_different_ip", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_same_user_failed_login_from_different_geo_location(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info( + f"Sending POST request to http://copilot-sap-module/sap-siem/same_user_failed_login_from_different_geo_location with data: {data.dict()}", + ) + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/same_user_failed_login_from_different_geo_location", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_same_user_successful_login_from_different_geo_location(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info( + f"Sending POST request to http://copilot-sap-module/sap-siem/same_user_successful_login_from_different_geo_location with data: {data.dict()}", + ) + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/same_user_successful_login_from_different_geo_location", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_brute_force_failed_logins_multiple_ips(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info( + f"Sending POST request to http://copilot-sap-module/sap-siem/brute_force_failed_logins_multiple_ips with data: {data.dict()}", + ) + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/brute_force_failed_logins_multiple_ips", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_brute_force_failed_logins_same_ip(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info(f"Sending POST request to http://copilot-sap-module/sap-siem/brute_force_failed_logins_same_ip with data: {data.dict()}") + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/brute_force_failed_logins_same_ip", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None + + +async def post_to_copilot_sap_module_successful_login_after_multiple_failed_logins(data: InvokeSapSiemAnalysis): + """ + Send a POST request to the copilot-sap-module Docker container. + + Args: + data (InvokeSapSiemAnalysis): The data to send to the copilot-sap-module Docker container. + """ + logger.info( + f"Sending POST request to http://copilot-sap-module/sap-siem/successful_login_after_multiple_failed_logins with data: {data.dict()}", + ) + async with httpx.AsyncClient() as client: + try: + response = await client.post( + "http://copilot-sap-module/sap-siem/successful_login_after_multiple_failed_logins", + json=data.dict(), + timeout=120, + ) + logger.info(f"Response from copilot-sap-module: {response.json()}") + except httpx.RequestError as e: + logger.error(f"An error occurred while sending the POST request to copilot-sap-module: {e}") + return None diff --git a/backend/app/integrations/office365/services/provision.py b/backend/app/integrations/office365/services/provision.py index 0330780e5..ac4e7545f 100644 --- a/backend/app/integrations/office365/services/provision.py +++ b/backend/app/integrations/office365/services/provision.py @@ -33,6 +33,9 @@ from app.connectors.graylog.services.pipelines import get_pipeline_rules from app.connectors.graylog.services.pipelines import get_pipelines from app.connectors.graylog.utils.universal import send_post_request +from app.connectors.wazuh_indexer.services.monitoring import ( + output_shard_number_to_be_set_based_on_nodes, +) from app.connectors.wazuh_manager.utils.universal import send_get_request from app.connectors.wazuh_manager.utils.universal import send_put_request from app.customer_provisioning.schema.grafana import GrafanaDatasource @@ -53,6 +56,7 @@ from app.integrations.office365.schema.provision import ProvisionOffice365AuthKeys from app.integrations.office365.schema.provision import ProvisionOffice365Response from app.utils import get_connector_attribute +from app.utils import get_customer_default_settings_attribute load_dotenv() @@ -368,10 +372,12 @@ async def build_index_set_config( Returns: TimeBasedIndexSet: The configured time-based index set. """ + # Lowercase the customer code since Graylog index sets must be lowercase + customer_code = customer_code.lower() return TimeBasedIndexSet( title=f"{(await get_customer(customer_code, session)).customer.customer_name} - Office365", description=f"{customer_code} - Office365", - index_prefix=f"office365_{customer_code}", + index_prefix=f"office365-{customer_code}", rotation_strategy_class="org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy", rotation_strategy={ "type": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig", @@ -386,7 +392,7 @@ async def build_index_set_config( }, creation_date=datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%fZ"), index_analyzer="standard", - shards=1, + shards=await output_shard_number_to_be_set_based_on_nodes(), replicas=0, index_optimization_max_num_segments=1, index_optimization_disabled=False, @@ -588,9 +594,9 @@ async def create_office365_utc_rule(rule_title: str) -> None: rule_source = ( f'rule "{rule_title}"\n' "when\n" - ' has_field("data_office_365_CreationTime")\n' + ' has_field("data_office365_CreationTime")\n' "then\n" - " let creation_time = $message.data_office_365_CreationTime;\n" + " let creation_time = $message.data_office365_CreationTime;\n" ' set_field("timestamp_utc", creation_time);\n' "end" ) @@ -759,6 +765,8 @@ async def create_grafana_datasource( GrafanaDataSourceCreationResponse: The response object containing the result of the datasource creation. """ logger.info("Creating Grafana datasource") + # Lowercase the customer code since Graylog index sets must be lowercase + customer_code = customer_code.lower() grafana_client = await create_grafana_client("Grafana") grafana_url = await get_connector_attribute( connector_id=12, @@ -779,7 +787,7 @@ async def create_grafana_datasource( column_name="connector_url", session=session, ), - database=f"office365_{customer_code}*", + database=f"office365-{customer_code}*", basicAuth=True, basicAuthUser=await get_connector_attribute( connector_id=1, @@ -807,7 +815,7 @@ async def create_grafana_datasource( ).format(grafana_url), }, ], - "database": f"office365_{customer_code}*", + "database": f"office365-{customer_code}*", "flavor": "opensearch", "includeFrozen": False, "logLevelField": "syslog_level", @@ -915,6 +923,8 @@ async def provision_office365( organizationId=(await get_customer_meta(customer_code, session)).customer_meta.customer_meta_grafana_org_id, folderId=grafana_o365_folder_id, datasourceUid=office365_datasource_uid, + grafana_url=(await get_customer_default_settings_attribute(column_name="grafana_url", session=session)) + or "grafana.company.local", ), ) diff --git a/backend/app/network_connectors/models/network_connectors.py b/backend/app/network_connectors/models/network_connectors.py index 6337f2ddc..127057452 100644 --- a/backend/app/network_connectors/models/network_connectors.py +++ b/backend/app/network_connectors/models/network_connectors.py @@ -113,5 +113,9 @@ class CustomerNetworkConnectorsMeta(SQLModel, table=True): graylog_input_id: Optional[str] = Field(max_length=1024) graylog_index_id: str = Field(max_length=1024, nullable=False) graylog_stream_id: str = Field(max_length=1024, nullable=False) + graylog_pipeline_id: str = Field(max_length=1024, nullable=False) + graylog_content_pack_input_id: str = Field(max_length=1024, nullable=False) + graylog_content_pack_stream_id: str = Field(max_length=1024, nullable=False) grafana_org_id: str = Field(max_length=1024, nullable=False) grafana_dashboard_folder_id: str = Field(max_length=1024, nullable=False) + grafana_datasource_uid: str = Field(max_length=1024, nullable=False) diff --git a/backend/app/network_connectors/routes.py b/backend/app/network_connectors/routes.py index 212a44370..4114749bd 100644 --- a/backend/app/network_connectors/routes.py +++ b/backend/app/network_connectors/routes.py @@ -608,7 +608,7 @@ async def get_customer_network_connectors_by_customer_code( ), joinedload(CustomerNetworkConnectors.network_connectors_subscriptions).subqueryload( NetworkConnectorsSubscription.network_connectors_keys, - ), # Load NetworkConnectorsAuthKeys + ), ) .where(CustomerNetworkConnectors.customer_code == customer_code) ) diff --git a/backend/app/routers/crowdstrike.py b/backend/app/routers/crowdstrike.py new file mode 100644 index 000000000..7b2df1ace --- /dev/null +++ b/backend/app/routers/crowdstrike.py @@ -0,0 +1,13 @@ +from fastapi import APIRouter + +from app.integrations.crowdstrike.routes.provision import integration_crowdstrike_router + +# Instantiate the APIRouter +router = APIRouter() + +# Include the Crowdstrike related routes +router.include_router( + integration_crowdstrike_router, + prefix="/crowdstrike", + tags=["Crowdstrike"], +) diff --git a/backend/app/routers/modules.py b/backend/app/routers/modules.py index d6800e939..77bc87ae2 100644 --- a/backend/app/routers/modules.py +++ b/backend/app/routers/modules.py @@ -2,6 +2,7 @@ from app.integrations.modules.routes.huntress import module_huntress_router from app.integrations.modules.routes.mimecast import module_mimecast_router +from app.integrations.modules.routes.sap_siem import module_sap_siem_router router = APIRouter() @@ -16,3 +17,9 @@ prefix="/integrations/modules/mimecast", tags=["Mimecast"], ) + +router.include_router( + module_sap_siem_router, + prefix="/integrations/modules/sap_siem", + tags=["SAP SIEM"], +) diff --git a/backend/app/routers/stack_provisioning.py b/backend/app/routers/stack_provisioning.py index 9098cd36b..ce18dc4ee 100644 --- a/backend/app/routers/stack_provisioning.py +++ b/backend/app/routers/stack_provisioning.py @@ -1,5 +1,8 @@ from fastapi import APIRouter +from app.stack_provisioning.graylog.routes.decommission import ( + stack_decommissioning_graylog_router, +) from app.stack_provisioning.graylog.routes.fortinet import ( stack_provisioning_graylog_fortinet_router, ) @@ -23,3 +26,10 @@ prefix="/stack_provisioning", tags=["Stack Provisioning"], ) + +# Include the Stack Decommissioning related routes +router.include_router( + stack_decommissioning_graylog_router, + prefix="/stack_decommissioning", + tags=["Stack Decommissioning"], +) diff --git a/backend/app/schedulers/routes/scheduler.py b/backend/app/schedulers/routes/scheduler.py index c9993dde8..3f28ecbec 100644 --- a/backend/app/schedulers/routes/scheduler.py +++ b/backend/app/schedulers/routes/scheduler.py @@ -207,9 +207,12 @@ async def run_job_manually(job_id: str, session: AsyncSession = Depends(get_db)) try: # Retrieve the function associated with the job and run it job_function = get_function_by_name(job.name) # Ensure this function maps job names to function objects + logger.info(f"Running job {job_id} manually") if asyncio.iscoroutinefunction(job_function): + logger.info(f"Running async job {job_id}") result = await job_function() # Execute the function if it's async else: + logger.info(f"Running sync job {job_id}") result = job_function() # Execute synchronously if not an async function return {"success": True, "message": "Job executed successfully", "result": result} diff --git a/backend/app/schedulers/scheduler.py b/backend/app/schedulers/scheduler.py index 30b436d1b..e13c8dab6 100644 --- a/backend/app/schedulers/scheduler.py +++ b/backend/app/schedulers/scheduler.py @@ -26,7 +26,9 @@ from app.schedulers.services.invoke_sap_siem import ( invoke_sap_siem_integration_brute_force_failed_logins_same_ip, ) -from app.schedulers.services.invoke_sap_siem import invoke_sap_siem_integration_collect +from app.schedulers.services.invoke_sap_siem import ( + invoke_sap_siem_integration_collection, +) from app.schedulers.services.invoke_sap_siem import ( invoke_sap_siem_integration_multiple_logins_same_ip_analysis, ) @@ -196,7 +198,7 @@ def get_function_by_name(function_name: str): "invoke_office365_exchange_online_alert": invoke_office365_exchange_online_alert, "invoke_office365_threat_intel_alert": invoke_office365_threat_intel_alert, "invoke_suricata_monitoring_alert": invoke_suricata_monitoring_alert, - "invoke_sap_siem_integration_collection": invoke_sap_siem_integration_collect, + "invoke_sap_siem_integration_collection": invoke_sap_siem_integration_collection, "invoke_sap_siem_integration_suspicious_logins_analysis": invoke_sap_siem_integration_suspicious_logins_analysis, "invoke_sap_siem_integration_multiple_logins_same_ip_analysis": invoke_sap_siem_integration_multiple_logins_same_ip_analysis, "invoke_sap_siem_integration_successful_user_login_with_different_ip": invoke_sap_siem_integration_successful_user_login_with_different_ip, diff --git a/backend/app/schedulers/services/invoke_sap_siem.py b/backend/app/schedulers/services/invoke_sap_siem.py index c33e69876..5b5b6e258 100644 --- a/backend/app/schedulers/services/invoke_sap_siem.py +++ b/backend/app/schedulers/services/invoke_sap_siem.py @@ -7,43 +7,45 @@ from app.db.db_session import get_db_session from app.db.db_session import get_sync_db_session from app.integrations.models.customer_integration_settings import CustomerIntegrations -from app.integrations.monitoring_alert.routes.monitoring_alert import ( - run_sap_siem_multiple_logins_same_ip_analysis, -) -from app.integrations.monitoring_alert.routes.monitoring_alert import ( - run_sap_siem_suspicious_logins_analysis, -) -from app.integrations.sap_siem.routes.sap_siem import collect_sap_siem_route -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import collect_sap_siem_route +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_brute_force_failed_logins_route, ) -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_brute_force_failed_logins_same_ip_route, ) -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_same_user_failed_login_from_different_geo_location_route, ) -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_same_user_failed_login_from_different_ip_route, ) -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_same_user_successful_login_from_different_geo_location_route, ) -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_successful_login_after_multiple_failed_logins_route, ) -from app.integrations.sap_siem.routes.sap_siem import ( +from app.integrations.modules.routes.sap_siem import ( invoke_sap_siem_successful_user_login_with_different_ip_route, ) +from app.integrations.modules.schema.sap_siem import InvokeSapSiemAnalysis +from app.integrations.monitoring_alert.routes.monitoring_alert import ( + run_sap_siem_multiple_logins_same_ip_analysis, +) +from app.integrations.monitoring_alert.routes.monitoring_alert import ( + run_sap_siem_suspicious_logins_analysis, +) from app.integrations.sap_siem.schema.sap_siem import InvokeSapSiemRequest from app.integrations.sap_siem.schema.sap_siem import InvokeSAPSiemResponse from app.schedulers.models.scheduler import JobMetadata from app.schedulers.utils.universal import get_scheduled_job_metadata +from app.utils import get_customer_meta_attribute load_dotenv() -async def invoke_sap_siem_integration_collect() -> InvokeSAPSiemResponse: +async def invoke_sap_siem_integration_collection() -> InvokeSAPSiemResponse: """ Invokes the SAP SIEM integration for collection. """ @@ -177,7 +179,9 @@ async def invoke_sap_siem_integration_successful_user_login_with_different_ip() customer_codes = [row.customer_code for row in result.scalars()] logger.info(f"customer_codes: {customer_codes}") for customer_code in customer_codes: - extra_data = (await get_scheduled_job_metadata("invoke_sap_siem_integration_multiple_logins_same_ip_analysis")).extra_data + extra_data = ( + await get_scheduled_job_metadata("invoke_sap_siem_integration_successful_user_login_with_different_ip") + ).extra_data if extra_data is not None: data_parts = extra_data.split(",") for part in data_parts: @@ -186,10 +190,15 @@ async def invoke_sap_siem_integration_successful_user_login_with_different_ip() threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 15 await invoke_sap_siem_successful_user_login_with_different_ip_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() @@ -234,10 +243,15 @@ async def invoke_sap_siem_integration_same_user_failed_login_from_different_ip() threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 15 await invoke_sap_siem_same_user_failed_login_from_different_ip_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() @@ -284,10 +298,15 @@ async def invoke_sap_siem_integration_same_user_failed_login_from_different_geo_ threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 15 await invoke_sap_siem_same_user_failed_login_from_different_geo_location_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() @@ -337,10 +356,15 @@ async def invoke_sap_siem_integration_same_user_successful_login_from_different_ threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 15 await invoke_sap_siem_same_user_successful_login_from_different_geo_location_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() @@ -388,10 +412,15 @@ async def invoke_sap_siem_integration_brute_force_failed_logins() -> InvokeSAPSi threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 3 await invoke_sap_siem_brute_force_failed_logins_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() @@ -432,10 +461,15 @@ async def invoke_sap_siem_integration_brute_force_failed_logins_same_ip() -> Inv threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 3 await invoke_sap_siem_brute_force_failed_logins_same_ip_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() @@ -480,10 +514,15 @@ async def invoke_sap_siem_integration_successful_login_after_multiple_failed_log threshold = int(value) elif key == "time_range": time_range = int(value) + else: + threshold = 0 + time_range = 3 await invoke_sap_siem_successful_login_after_multiple_failed_logins_route( - threshold=threshold, - time_range=time_range, - session=session, + invoke_siem_analysis=InvokeSapSiemAnalysis( + threshold=threshold, + time_range=time_range, + iris_customer_id=(await get_customer_meta_attribute(customer_code, "customer_meta_iris_customer_id", session)), + ), ) # Close the session await session.close() diff --git a/backend/app/stack_provisioning/graylog/routes/decommission.py b/backend/app/stack_provisioning/graylog/routes/decommission.py new file mode 100644 index 000000000..e27f0848b --- /dev/null +++ b/backend/app/stack_provisioning/graylog/routes/decommission.py @@ -0,0 +1,75 @@ +from fastapi import APIRouter +from fastapi import Depends +from fastapi import HTTPException +from fastapi import Security +from loguru import logger +from sqlalchemy import select +from sqlalchemy.ext.asyncio import AsyncSession + +from app.auth.utils import AuthHandler +from app.db.db_session import get_db +from app.network_connectors.models.network_connectors import ( + CustomerNetworkConnectorsMeta, +) +from app.stack_provisioning.graylog.schema.decommission import ( + DecommissionNetworkContentPackRequest, +) +from app.stack_provisioning.graylog.schema.decommission import ( + DecommissionNetworkContentPackResponse, +) +from app.stack_provisioning.graylog.services.decommission import ( + decommission_network_connector, +) + +stack_decommissioning_graylog_router = APIRouter() + + +async def get_network_connectors_meta_by_customer_code_and_connector_name( + customer_code: str, + network_connector_name: str, + session: AsyncSession, +) -> CustomerNetworkConnectorsMeta: + """ + Retrieves the network connector meta by customer code and connector name. + + Args: + customer_code (str): The code of the customer. + network_connector_name (str): The name of the network connector. + session (AsyncSession): The async session object for database operations. + + Returns: + CustomerNetworkConnectorsMeta: The network connector meta for the customer. + """ + stmt = select(CustomerNetworkConnectorsMeta).filter( + CustomerNetworkConnectorsMeta.customer_code == customer_code, + CustomerNetworkConnectorsMeta.network_connector_name == network_connector_name, + ) + result = await session.execute(stmt) + return result.scalars().first() + + +@stack_decommissioning_graylog_router.post( + "/graylog/decommission/network_connector", + response_model=DecommissionNetworkContentPackResponse, + description="Decommission the Network Connector for the customer", + dependencies=[Security(AuthHandler().require_any_scope("admin", "analyst"))], +) +async def decommission_network_connector_route( + decommission_request: DecommissionNetworkContentPackRequest, + session: AsyncSession = Depends(get_db), +) -> DecommissionNetworkContentPackResponse: + """ + Decommission the Network Connector for the customer + """ + logger.info(f"Decommissioning the Network Connector for {decommission_request.network_connector.name}...") + network_connector_details = await get_network_connectors_meta_by_customer_code_and_connector_name( + decommission_request.customer_code, + decommission_request.network_connector.name, + session, + ) + if network_connector_details is None: + raise HTTPException( + status_code=404, + detail=f"Network Connector {decommission_request.network_connector.name} not found for customer {decommission_request.customer_code}", + ) + return await decommission_network_connector(network_connector_details, session) diff --git a/backend/app/stack_provisioning/graylog/routes/fortinet.py b/backend/app/stack_provisioning/graylog/routes/fortinet.py index 4947f0732..eb9dd72a2 100644 --- a/backend/app/stack_provisioning/graylog/routes/fortinet.py +++ b/backend/app/stack_provisioning/graylog/routes/fortinet.py @@ -127,6 +127,8 @@ async def provision_fortinet_route( customer_name=customer_integration.customer_name, protocal_type=protocol_type, syslog_port=int(fortinet_keys["SYSLOG_PORT"]), + hot_data_retention=provision_fortinet_request.hot_data_retention, + index_replicas=provision_fortinet_request.index_replicas, ), keys=ProvisionFortinetKeys(**fortinet_keys), session=session, diff --git a/backend/app/stack_provisioning/graylog/routes/provision.py b/backend/app/stack_provisioning/graylog/routes/provision.py index 090b94588..61a823fdc 100644 --- a/backend/app/stack_provisioning/graylog/routes/provision.py +++ b/backend/app/stack_provisioning/graylog/routes/provision.py @@ -3,10 +3,10 @@ from loguru import logger from app.auth.utils import AuthHandler -from app.stack_provisioning.graylog.schema.provision import AvailableContentPacks from app.stack_provisioning.graylog.schema.provision import ( AvailableContentPacksResponse, ) +from app.stack_provisioning.graylog.schema.provision import AvailbleContentPacksOverview from app.stack_provisioning.graylog.schema.provision import ProvisionContentPackRequest from app.stack_provisioning.graylog.schema.provision import ProvisionGraylogResponse from app.stack_provisioning.graylog.services.provision import provision_content_pack @@ -28,7 +28,7 @@ async def get_available_content_packs_route() -> AvailableContentPacksResponse: """ logger.info("Getting available content packs...") return AvailableContentPacksResponse( - available_content_packs=[{"name": pack.name, "description": pack.value} for pack in AvailableContentPacks], + available_content_packs=[{"name": pack.name, "description": pack.value} for pack in AvailbleContentPacksOverview], success=True, message="Available content packs retrieved successfully", ) diff --git a/backend/app/stack_provisioning/graylog/schema/decommission.py b/backend/app/stack_provisioning/graylog/schema/decommission.py new file mode 100644 index 000000000..7e01fdec2 --- /dev/null +++ b/backend/app/stack_provisioning/graylog/schema/decommission.py @@ -0,0 +1,58 @@ +from enum import Enum +from typing import Any + +from fastapi import HTTPException +from loguru import logger +from pydantic import BaseModel +from pydantic import Field + + +class AvailableNetworkConnectors(str, Enum): + FORTINET = ( + "The Fortinet Network Connector which includes Input, Stream, Pipeline Rules," + " Pipelines, and Lookup Tables for Fortinet logs and the SOCFortress SIEM stack." + ) + CROWDSTRIKE = ( + "The Crowdstrike Network Connector which includes Input, Stream, Pipeline Rules," + " Pipelines, and Lookup Tables for Crowdstrike logs and the SOCFortress SIEM stack." + ) + + +class DecommissionNetworkContentPackRequest(BaseModel): + network_connector: AvailableNetworkConnectors = Field( + ..., + example=AvailableNetworkConnectors.FORTINET.name, + description="The name of the content pack to provision in Graylog", + ) + customer_code: str = Field( + ..., + description="The customer code for the content pack to provision in Graylog", + example="00001", + ) + + def __init__(self, **data: Any): + network_connector = data.get("network_connector") + if network_connector: + network_connector = network_connector.upper() + logger.info(f"Network Connector: {network_connector}") + try: + data["network_connector"] = AvailableNetworkConnectors[network_connector] + except KeyError: + raise HTTPException( + status_code=400, + detail=f"{network_connector} is not available. Please choose from the available network connectors.", + ) + super().__init__(**data) + + +class DecommissionNetworkContentPackResponse(BaseModel): + message: str = Field( + ..., + example="FORTINET Content Pack decommissioned successfully", + description="Message from the request to decommission a content pack", + ) + success: bool = Field( + ..., + example=True, + description="Success of the request to decommission a content pack", + ) diff --git a/backend/app/stack_provisioning/graylog/schema/fortinet.py b/backend/app/stack_provisioning/graylog/schema/fortinet.py index 96e83a98a..7c9aedb2b 100644 --- a/backend/app/stack_provisioning/graylog/schema/fortinet.py +++ b/backend/app/stack_provisioning/graylog/schema/fortinet.py @@ -28,6 +28,16 @@ class ProvisionFortinetRequest(BaseModel): description="The udp enabled.", examples=[True], ) + hot_data_retention: int = Field( + ..., + example=30, + description="Number of days to retain hot data", + ) + index_replicas: int = Field( + ..., + example=1, + description="Number of replicas for the customer's Graylog instance", + ) # ensure the `integration_name` is always set to "Fortinet" @root_validator(pre=True) @@ -70,3 +80,13 @@ class FortinetCustomerDetails(BaseModel): description="The syslog port.", examples=[514], ) + hot_data_retention: int = Field( + ..., + example=30, + description="Number of days to retain hot data", + ) + index_replicas: int = Field( + ..., + example=1, + description="Number of replicas for the customer's Graylog instance", + ) diff --git a/backend/app/stack_provisioning/graylog/schema/provision.py b/backend/app/stack_provisioning/graylog/schema/provision.py index 7ff2ff00c..e619d8b07 100644 --- a/backend/app/stack_provisioning/graylog/schema/provision.py +++ b/backend/app/stack_provisioning/graylog/schema/provision.py @@ -8,16 +8,25 @@ from pydantic import Field +class AvailbleContentPacksOverview(str, Enum): + SOCFORTRESS_WAZUH_CONTENT_PACK = ( + "The Wazuh Content Pack which includes Input, Stream, Pipeline Rules," + " Pipelines, and Lookup Tables for Wazuh logs and the SOCFortress SIEM stack." + ) + + class AvailableContentPacks(str, Enum): SOCFORTRESS_WAZUH_CONTENT_PACK = ( "The Wazuh Content Pack which includes Input, Stream, Pipeline Rules," " Pipelines, and Lookup Tables for Wazuh logs and the SOCFortress SIEM stack." ) - # ! COMMENTING OUT UNTIL READY ! # SOCFORTRESS_FORTINET_INPUT_SYSLOG_TCP = "The Fortinet Input Syslog TCP content pack" SOCFORTRESS_FORTINET_INPUT_SYSLOG_UDP = "The Fortinet Input Syslog UDP content pack" SOCFORTRESS_FORTINET_PROCESSING_PIPELINE = "The Fortinet Processing Pipeline content pack" SOCFORTRESS_FORTINET_STREAM = "The Fortinet Stream content pack" + SOCFORTRESS_CROWDSTRIKE_INPUT_TCP = "The Crowdstrike Input TCP content pack" + SOCFORTRESS_CROWDSTRIKE_STREAM = "The Crowdstrike Stream content pack" + SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE = "The Crowdstrike Processing Pipeline content pack" class ContentPackKeywords(BaseModel): diff --git a/backend/app/stack_provisioning/graylog/services/decommission.py b/backend/app/stack_provisioning/graylog/services/decommission.py new file mode 100644 index 000000000..64083d355 --- /dev/null +++ b/backend/app/stack_provisioning/graylog/services/decommission.py @@ -0,0 +1,89 @@ +from loguru import logger +from sqlalchemy.ext.asyncio import AsyncSession + +from app.customer_provisioning.services.grafana import delete_grafana_dashboard_folder +from app.customer_provisioning.services.grafana import delete_grafana_datasource +from app.customer_provisioning.services.graylog import delete_content_pack +from app.customer_provisioning.services.graylog import uninstall_content_pack +from app.network_connectors.models.network_connectors import ( + CustomerNetworkConnectorsMeta, +) +from app.stack_provisioning.graylog.schema.decommission import ( + DecommissionNetworkContentPackResponse, +) +from app.stack_provisioning.graylog.services.utils import set_deployed_flag + + +async def uninstall_and_delete_content_pack(content_pack_id: str): + """ + Uninstalls and deletes a content pack. + + Args: + content_pack_id (str): The ID of the content pack to be uninstalled and deleted. + """ + await uninstall_content_pack(content_pack_id) + await delete_content_pack(content_pack_id) + + +async def delete_grafana_resources(organization_id: str, folder_uid: str, datasource_uid: str): + """ + Deletes Grafana resources. + + Args: + organization_id (str): The ID of the Grafana organization. + folder_uid (str): The UID of the Grafana Dashboard Folder. + datasource_uid (str): The UID of the Grafana Datasource. + """ + await delete_grafana_dashboard_folder(organization_id=organization_id, folder_uid=folder_uid) + await delete_grafana_datasource(organization_id=organization_id, datasource_uid=datasource_uid) + + +async def decommission_network_connector( + network_connector_meta: CustomerNetworkConnectorsMeta, + session: AsyncSession, +) -> DecommissionNetworkContentPackResponse: + """ + Decommissions the network connector by performing the following steps: + 1. Uninstalls and deletes the content pack associated with the network connector. + 2. Deletes the Grafana resources associated with the network connector. + 3. Deletes the network connector meta from the session. + + Args: + network_connector_meta (CustomerNetworkConnectorsMeta): The metadata of the network connector to be decommissioned. + session (AsyncSession): The database session. + + Returns: + DecommissionNetworkContentPackResponse: The response of the decommission operation. + """ + logger.info(f"Decommissioning network connector {network_connector_meta.network_connector_name}") + + # Uninstall and delete the content pack Input ID and Stream ID + await uninstall_and_delete_content_pack(network_connector_meta.graylog_content_pack_input_id) + await uninstall_and_delete_content_pack(network_connector_meta.graylog_content_pack_stream_id) + + # Delete the Grafana resources + await delete_grafana_resources( + organization_id=network_connector_meta.grafana_org_id, + folder_uid=network_connector_meta.grafana_dashboard_folder_id, + datasource_uid=network_connector_meta.grafana_datasource_uid, + ) + + # Delete the network connector meta from the session + await session.delete(network_connector_meta) + await session.commit() + + await set_deployed_flag( + customer_code=network_connector_meta.customer_code, + network_connector_service_name=network_connector_meta.network_connector_name, + flag=False, + session=session, + ) + + return DecommissionNetworkContentPackResponse( + message=( + f"Network connector {network_connector_meta.network_connector_name} has been " + f"decommissioned. However, the indices still remain. If you want to remove the " + f"index set, do so within Graylog." + ), + success=True, + ) diff --git a/backend/app/stack_provisioning/graylog/services/fortinet.py b/backend/app/stack_provisioning/graylog/services/fortinet.py index 2de4d27e7..dba39fed3 100644 --- a/backend/app/stack_provisioning/graylog/services/fortinet.py +++ b/backend/app/stack_provisioning/graylog/services/fortinet.py @@ -1,7 +1,41 @@ +import json +from datetime import datetime + +from fastapi import HTTPException +from loguru import logger from sqlalchemy.ext.asyncio import AsyncSession +from app.connectors.grafana.schema.dashboards import DashboardProvisionRequest +from app.connectors.grafana.schema.dashboards import FortinetDashboard +from app.connectors.grafana.services.dashboards import provision_dashboards +from app.connectors.grafana.utils.universal import create_grafana_client +from app.connectors.graylog.services.collector import ( + get_content_pack_id_by_content_pack_name, +) +from app.connectors.graylog.services.collector import get_input_id_by_input_name +from app.connectors.graylog.services.collector import get_stream_id_by_stream_name +from app.connectors.graylog.services.streams import assign_stream_to_index +from app.connectors.graylog.utils.universal import send_post_request +from app.connectors.wazuh_indexer.services.monitoring import ( + output_shard_number_to_be_set_based_on_nodes, +) +from app.customer_provisioning.schema.grafana import GrafanaDatasource +from app.customer_provisioning.schema.grafana import GrafanaDataSourceCreationResponse +from app.customer_provisioning.schema.graylog import GraylogIndexSetCreationResponse +from app.customer_provisioning.schema.graylog import StreamConnectionToPipelineRequest +from app.customer_provisioning.schema.graylog import TimeBasedIndexSet +from app.customer_provisioning.schema.provision import ProvisionNewCustomer +from app.customer_provisioning.services.grafana import create_grafana_folder +from app.customer_provisioning.services.grafana import get_opensearch_version +from app.customer_provisioning.services.graylog import connect_stream_to_pipeline +from app.customer_provisioning.services.graylog import get_pipeline_id +from app.customers.routes.customers import get_customer_meta +from app.network_connectors.models.network_connectors import ( + CustomerNetworkConnectorsMeta, +) from app.stack_provisioning.graylog.schema.fortinet import FortinetCustomerDetails from app.stack_provisioning.graylog.schema.fortinet import ProvisionFortinetKeys +from app.stack_provisioning.graylog.schema.fortinet import ProvisionFortinetResponse from app.stack_provisioning.graylog.schema.provision import ContentPackKeywords from app.stack_provisioning.graylog.schema.provision import ( ProvisionNetworkContentPackRequest, @@ -9,10 +43,100 @@ from app.stack_provisioning.graylog.services.provision import ( provision_content_pack_network_connector, ) +from app.stack_provisioning.graylog.services.utils import set_deployed_flag +from app.utils import get_connector_attribute +from app.utils import get_customer_meta_attribute + + +#### ! GRAYLOG ! #### +async def build_index_set_config(request: FortinetCustomerDetails) -> TimeBasedIndexSet: + """ + Build the configuration for a time-based index set. + + Args: + request (FortinetCustomerDetails): The request object containing customer information. + + Returns: + TimeBasedIndexSet: The configured time-based index set. + """ + return TimeBasedIndexSet( + title=f"{request.customer_name} - FORTINET EVENTS", + description=f"{request.customer_name} - FORTINET EVENTS", + index_prefix=f"fortinet-{request.customer_code}", + rotation_strategy_class="org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategy", + rotation_strategy={ + "type": "org.graylog2.indexer.rotation.strategies.TimeBasedRotationStrategyConfig", + "rotation_period": "P1D", + "rotate_empty_index_set": False, + "max_rotation_period": None, + }, + retention_strategy_class="org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy", + retention_strategy={ + "type": "org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig", + "max_number_of_indices": request.hot_data_retention, + }, + creation_date=datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%fZ"), + index_analyzer="standard", + shards=await output_shard_number_to_be_set_based_on_nodes(), + replicas=request.index_replicas, + index_optimization_max_num_segments=1, + index_optimization_disabled=False, + writable=True, + field_type_refresh_interval=5000, + ) + + +# Function to send the POST request and handle the response +async def send_index_set_creation_request( + index_set: TimeBasedIndexSet, +) -> GraylogIndexSetCreationResponse: + """ + Sends a request to create an index set in Graylog. + + Args: + index_set (TimeBasedIndexSet): The index set to be created. + + Returns: + GraylogIndexSetCreationResponse: The response from Graylog after creating the index set. + """ + json_index_set = json.dumps(index_set.dict()) + logger.info(f"json_index_set set: {json_index_set}") + response_json = await send_post_request( + endpoint="/api/system/indices/index_sets", + data=index_set.dict(), + ) + return GraylogIndexSetCreationResponse(**response_json) + + +# Refactored create_index_set function +async def create_index_set( + request: ProvisionNewCustomer, +) -> GraylogIndexSetCreationResponse: + """ + Creates an index set for a new customer. + Args: + request (ProvisionNewCustomer): The request object containing the customer information. -async def provision_fortinet(customer_details: FortinetCustomerDetails, keys: ProvisionFortinetKeys, session: AsyncSession): - await provision_content_pack_network_connector( + Returns: + GraylogIndexSetCreationResponse: The response object containing the result of the index set creation. + """ + logger.info(f"Creating index set for customer {request.customer_name}") + index_set_config = await build_index_set_config(request) + return await send_index_set_creation_request(index_set_config) + + +async def provision_content_pack(customer_details): + """ + Provisions a content pack for a customer. + + Args: + customer_details (CustomerDetails): The details of the customer. + + Returns: + ContentPack: The provisioned content pack. + """ + return await provision_content_pack_network_connector( content_pack_request=ProvisionNetworkContentPackRequest( content_pack_name="FORTINET", keywords=ContentPackKeywords( @@ -23,3 +147,257 @@ async def provision_fortinet(customer_details: FortinetCustomerDetails, keys: Pr ), ), ) + + +async def get_stream_and_index_ids(customer_details): + """ + Retrieves the stream ID and index ID for a given customer. + + Args: + customer_details (CustomerDetails): The details of the customer. + + Returns: + tuple: A tuple containing the stream ID and index ID. + """ + stream_id = await get_stream_id_by_stream_name(stream_name=f"{customer_details.customer_name} - FORTINET LOGS AND EVENTS") + index_id = (await create_index_set(request=customer_details)).data.id + content_pack_stream_id = await get_content_pack_id_by_content_pack_name( + content_pack_name=f"{customer_details.customer_name}_FORTINET_STREAM", + ) + if customer_details.protocal_type == "TCP": + content_pack_input_id = await get_content_pack_id_by_content_pack_name( + content_pack_name=f"{customer_details.customer_name}_FORTINET_INPUT_SYSLOG_TCP", + ) + elif customer_details.protocal_type == "UDP": + content_pack_input_id = await get_content_pack_id_by_content_pack_name( + content_pack_name=f"{customer_details.customer_name}_FORTINET_INPUT_SYSLOG_UDP", + ) + return stream_id, index_id, content_pack_stream_id, content_pack_input_id + + +#### ! GRAFANA ! #### +async def create_grafana_datasource( + customer_code: str, + session: AsyncSession, +) -> GrafanaDataSourceCreationResponse: + """ + Creates a Grafana datasource for the specified customer. + + Args: + customer_code (str): The customer code. + session (AsyncSession): The async session. + + Returns: + GrafanaDataSourceCreationResponse: The response containing the created datasource details. + """ + logger.info("Creating Grafana datasource") + grafana_client = await create_grafana_client("Grafana") + # Switch to the newly created organization + grafana_client.user.switch_actual_user_organisation( + (await get_customer_meta(customer_code, session)).customer_meta.customer_meta_grafana_org_id, + ) + datasource_payload = GrafanaDatasource( + name="FORTINET", + type="grafana-opensearch-datasource", + typeName="OpenSearch", + access="proxy", + url=await get_connector_attribute( + connector_id=1, + column_name="connector_url", + session=session, + ), + database=f"fortinet-{customer_code}*", + basicAuth=True, + basicAuthUser=await get_connector_attribute( + connector_id=1, + column_name="connector_username", + session=session, + ), + secureJsonData={ + "basicAuthPassword": await get_connector_attribute( + connector_id=1, + column_name="connector_password", + session=session, + ), + }, + isDefault=False, + jsonData={ + "database": f"fortinet-{customer_code}*", + "flavor": "opensearch", + "includeFrozen": False, + "logLevelField": "severity", + "logMessageField": "summary", + "maxConcurrentShardRequests": 5, + "pplEnabled": True, + "timeField": "timestamp", + "tlsSkipVerify": True, + "version": await get_opensearch_version(), + }, + readOnly=True, + ) + results = grafana_client.datasource.create_datasource( + datasource=datasource_payload.dict(), + ) + return GrafanaDataSourceCreationResponse(**results) + + +async def create_customer_network_connector_meta( + customer_details, + stream_id, + index_id, + content_pack_stream_id, + content_pack_input_id, + session, +): + """ + Create a CustomerNetworkConnectorsMeta object with the provided details. + + Args: + customer_details (CustomerDetails): Details of the customer. + stream_id (int): ID of the Graylog stream. + index_id (int): ID of the Graylog index. + session (Session): Database session. + + Returns: + CustomerNetworkConnectorsMeta: The created CustomerNetworkConnectorsMeta object. + """ + return CustomerNetworkConnectorsMeta( + customer_code=customer_details.customer_code, + network_connector_name="FORTINET", + graylog_stream_id=stream_id, + graylog_input_id=(await get_input_id_by_input_name(input_name=f"{customer_details.customer_name} - FORTINET LOGS AND EVENTS")), + graylog_pipeline_id=((await get_pipeline_id(subscription="FORTINET"))[0]), + graylog_content_pack_input_id=content_pack_input_id, + graylog_content_pack_stream_id=content_pack_stream_id, + grafana_org_id=( + await get_customer_meta_attribute( + session=session, + customer_code=customer_details.customer_code, + column_name="customer_meta_grafana_org_id", + ) + ), + graylog_index_id=index_id, + grafana_dashboard_folder_id=None, + grafana_datasource_uid=None, + ) + + +async def validate_grafana_organization_id(customer_code, session): + """ + Validate the Grafana organization ID for the customer. + + Args: + customer_code (str): The customer code. + session (Session): Database session. + + Returns: + int: The Grafana organization ID. + """ + return await get_customer_meta_attribute(session=session, customer_code=customer_code, column_name="customer_meta_grafana_org_id") + + +async def provision_fortinet( + customer_details: FortinetCustomerDetails, + keys: ProvisionFortinetKeys, + session: AsyncSession, +) -> ProvisionFortinetResponse: + """ + Provisions a Fortinet customer by performing the following steps: + 1. Provisions the content pack for the customer. + 2. Retrieves the stream and index IDs for the customer. + 3. Creates customer network connector metadata. + 4. Assigns the stream to the index. + 5. Retrieves the pipeline ID for the "FORTINET" subscription. + 6. Connects the stream to the pipeline. + 7. Inserts the customer network connector metadata into the database. + + Args: + customer_details (FortinetCustomerDetails): The details of the Fortinet customer. + keys (ProvisionFortinetKeys): The keys required for provisioning. + session (AsyncSession): The database session. + + Returns: + None + """ + if await validate_grafana_organization_id(customer_details.customer_code, session) is None: + raise HTTPException(status_code=404, detail="Grafana organization ID not found. Please provision Grafana for the customer first.") + await provision_content_pack(customer_details) + stream_id, index_id, content_pack_stream_id, content_pack_input_id = await get_stream_and_index_ids(customer_details) + customer_network_connector_meta = await create_customer_network_connector_meta( + customer_details, + stream_id, + index_id, + content_pack_stream_id, + content_pack_input_id, + session, + ) + await assign_stream_to_index(stream_id=stream_id, index_id=index_id) + pipeline_id = await get_pipeline_id(subscription="FORTINET") + await connect_stream_to_pipeline(stream_and_pipeline=StreamConnectionToPipelineRequest(stream_id=stream_id, pipeline_ids=pipeline_id)) + # Grafana Deployment + customer_network_connector_meta.grafana_datasource_uid = ( + await create_grafana_datasource( + customer_code=customer_details.customer_code, + session=session, + ) + ).datasource.uid + grafana_folder = await create_grafana_folder( + organization_id=( + await get_customer_meta( + customer_details.customer_code, + session, + ) + ).customer_meta.customer_meta_grafana_org_id, + folder_title="FORTINET", + ) + await provision_dashboards( + DashboardProvisionRequest( + dashboards=[dashboard.name for dashboard in FortinetDashboard], + organizationId=( + await get_customer_meta( + customer_details.customer_code, + session, + ) + ).customer_meta.customer_meta_grafana_org_id, + folderId=grafana_folder.id, + datasourceUid=customer_network_connector_meta.grafana_datasource_uid, + ), + ) + customer_network_connector_meta.grafana_dashboard_folder_id = grafana_folder.uid + await insert_into_customer_network_connectors_meta_table( + customer_network_connectors_meta=customer_network_connector_meta, + session=session, + ) + + await set_deployed_flag( + customer_code=customer_details.customer_code, + network_connector_service_name="Fortinet", + flag=True, + session=session, + ) + + return ProvisionFortinetResponse( + message="Fortinet customer provisioned successfully", + success=True, + ) + + +async def insert_into_customer_network_connectors_meta_table( + customer_network_connectors_meta: CustomerNetworkConnectorsMeta, + session: AsyncSession, +) -> None: + """ + Insert the customer network connectors meta into the database. + + Args: + customer_network_connectors_meta (CustomerNetworkConnectorsMeta): The customer network connectors meta to insert. + session (AsyncSession): The async session object for database operations. + + Returns: + None + """ + logger.info("Inserting customer network connectors meta into the database") + session.add(customer_network_connectors_meta) + await session.commit() + logger.info("Customer network connectors meta inserted successfully") + return None diff --git a/backend/app/stack_provisioning/graylog/services/provision.py b/backend/app/stack_provisioning/graylog/services/provision.py index 8cba17b95..1b0a59eeb 100644 --- a/backend/app/stack_provisioning/graylog/services/provision.py +++ b/backend/app/stack_provisioning/graylog/services/provision.py @@ -173,6 +173,7 @@ async def provision_content_pack(content_pack_request: ProvisionContentPackReque ) +# ! NETWORK CONNECTOR CONTENT PACKS PROVISIONING ! # async def filter_content_packs(content_packs, protocol_type): if protocol_type == "TCP": return [pack for pack in content_packs if "UDP" not in pack] @@ -182,8 +183,8 @@ async def filter_content_packs(content_packs, protocol_type): async def process_content_pack(content_pack, content_pack_request): - if await does_content_pack_exist(content_pack): - logger.info(f"Content pack {content_pack} already exists") + content_pack_exists = await does_content_pack_exist(content_pack) + if content_pack_exists is True: return content_pack = load_content_pack_json(f"{content_pack}.json") replace_content_pack_keywords = ReplaceContentPackKeywords( diff --git a/backend/app/stack_provisioning/graylog/services/utils.py b/backend/app/stack_provisioning/graylog/services/utils.py index 34148755a..bfaa5e72e 100644 --- a/backend/app/stack_provisioning/graylog/services/utils.py +++ b/backend/app/stack_provisioning/graylog/services/utils.py @@ -1,8 +1,14 @@ from fastapi import HTTPException from loguru import logger +from sqlalchemy.ext.asyncio import AsyncSession +from sqlalchemy.future import select from app.connectors.graylog.services.content_packs import get_content_packs from app.connectors.graylog.services.management import get_system_info +from app.network_connectors.models.network_connectors import CustomerNetworkConnectors +from app.network_connectors.models.network_connectors import ( + CustomerNetworkConnectorsMeta, +) from app.stack_provisioning.graylog.schema.provision import AvailableContentPacks @@ -84,9 +90,56 @@ async def does_content_pack_exist(content_pack_name: str) -> bool: logger.info(f"Checking content pack {content_pack.name}") if content_pack.name == content_pack_name: logger.info(f"Content pack {content_pack_name} exists") - raise HTTPException( - status_code=400, - detail=f"Content pack {content_pack_name} already exists", - ) + if "PROCESSING_PIPELINE" in content_pack.name: + return True + else: + raise HTTPException( + status_code=400, + detail=f"Content pack {content_pack_name} already exists", + ) logger.info(f"Content pack {content_pack_name} does not exist") return False + + +async def insert_into_customer_network_connectors_meta_table( + customer_network_connectors_meta: CustomerNetworkConnectorsMeta, + session: AsyncSession, +) -> None: + """ + Insert the customer network connectors meta into the database. + + Args: + customer_network_connectors_meta (CustomerNetworkConnectorsMeta): The customer network connectors meta to insert. + session (AsyncSession): The async session object for database operations. + + Returns: + None + """ + await session.add(customer_network_connectors_meta) + await session.commit() + + +async def set_deployed_flag(customer_code: str, network_connector_service_name: str, flag: bool, session: AsyncSession) -> None: + """ + Set the deployed flag to True for the specified customer code and for Fortinet. + + Args: + customer_code (str): The customer code. + network_connector_service_name (str): The network connector service name. + session (AsyncSession): The async session object for database operations. + + Returns: + None + """ + # Retrieve the customer network connectors object for the customer code and network connector service name + customer_network_connectors = await session.execute( + select(CustomerNetworkConnectors).filter_by( + customer_code=customer_code, + network_connector_service_name=network_connector_service_name, + ), + ) + customer_network_connectors = customer_network_connectors.scalars().first() + # Update the deployed flag to True + customer_network_connectors.deployed = flag + await session.commit() + return None diff --git a/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_INPUT_TCP.json b/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_INPUT_TCP.json new file mode 100644 index 000000000..330294ee1 --- /dev/null +++ b/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_INPUT_TCP.json @@ -0,0 +1,118 @@ +{ + "v": 1, + "id": "REPLACE_UUID_GLOBAL", + "rev": 1, + "name": "customer_name_CROWDSTRIKE_INPUT_TCP", + "summary": "customer_name_CROWDSTRIKE_INPUT_TCP", + "description": "", + "vendor": "SOCFortress", + "url": "", + "parameters": [], + "entities": [ + { + "v": "1", + "type": { + "name": "input", + "version": "1" + }, + "id": "REPLACE_UUID_SPECIFIC", + "data": { + "title": { + "@type": "string", + "@value": "customer_name - CROWDSTRIKE LOGS AND EVENTS" + }, + "configuration": { + "tls_key_file": { + "@type": "string", + "@value": "" + }, + "port": { + "@type": "integer", + "@value": "SYSLOG_PORT" + }, + "tls_enable": { + "@type": "boolean", + "@value": false + }, + "use_null_delimiter": { + "@type": "boolean", + "@value": false + }, + "recv_buffer_size": { + "@type": "integer", + "@value": 1048576 + }, + "tcp_keepalive": { + "@type": "boolean", + "@value": false + }, + "use_full_names": { + "@type": "boolean", + "@value": false + }, + "tls_client_auth_cert_file": { + "@type": "string", + "@value": "" + }, + "bind_address": { + "@type": "string", + "@value": "0.0.0.0" + }, + "tls_cert_file": { + "@type": "string", + "@value": "" + }, + "max_message_size": { + "@type": "integer", + "@value": 2097152 + }, + "tls_client_auth": { + "@type": "string", + "@value": "disabled" + }, + "timezone": { + "@type": "string", + "@value": "Etc/UTC" + }, + "locale": { + "@type": "string", + "@value": "" + }, + "number_worker_threads": { + "@type": "integer", + "@value": 8 + }, + "tls_key_password": { + "@type": "string", + "@value": "" + } + }, + "static_fields": { + "syslog_type": { + "@type": "string", + "@value": "crowdstrike" + }, + "syslog_customer": { + "@type": "string", + "@value": "customer_code" + } + }, + "type": { + "@type": "string", + "@value": "org.graylog.plugins.cef.input.CEFTCPInput" + }, + "global": { + "@type": "boolean", + "@value": false + }, + "extractors": [] + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + } + ] +} diff --git a/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE.json b/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE.json new file mode 100644 index 000000000..9ed8471a3 --- /dev/null +++ b/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE.json @@ -0,0 +1,182 @@ +{ + "v": 1, + "id": "e8336a90-fc5d-40b5-9988-6f2d31997964", + "rev": 1, + "name": "SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE", + "summary": "SOCFORTRESS_CROWDSTRIKE_PROCESSING_PIPELINE", + "description": "", + "vendor": "SOCFortress", + "url": "", + "parameters": [], + "entities": [ + { + "v": "1", + "type": { + "name": "pipeline_rule", + "version": "1" + }, + "id": "96fd8f92-220f-4b1b-b919-0a3673dda620", + "data": { + "title": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Info" + }, + "description": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Info" + }, + "source": { + "@type": "string", + "@value": "rule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Info\"\nwhen has_field(\"severity\") AND to_long($message.severity) == 1\nthen\nset_field(\"syslog_level\", \"Info\");\nend" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + }, + { + "v": "1", + "type": { + "name": "pipeline_rule", + "version": "1" + }, + "id": "c90a44d2-c749-440b-936d-6f647f4ecb12", + "data": { + "title": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Warning" + }, + "description": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Warning" + }, + "source": { + "@type": "string", + "@value": "rule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Warning\"\nwhen has_field(\"severity\") AND to_long($message.severity) == 3\nthen\nset_field(\"syslog_level\", \"Warning\");\nend" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + }, + { + "v": "1", + "type": { + "name": "pipeline_rule", + "version": "1" + }, + "id": "88be1e03-b6d4-4ab7-8d3e-4107ab05e702", + "data": { + "title": { + "@type": "string", + "@value": "Crowdstrike Timestamp Failsafe - UTC" + }, + "description": { + "@type": "string", + "@value": "Set Timestamp based upon `rt` field which is the time Crowdstrike ingested the message. This is a failsafe to catch if no other field names have been detected in the log that provide the timestamp value that the host assigned with the raw alert." + }, + "source": { + "@type": "string", + "@value": "rule \"Crowdstrike Timestamp Failsafe - UTC\"\nwhen\n ! has_field(\"timestamp_utc\")\nthen\n let msg_timestamp = $message.rt;\n set_field(\"timestamp_utc\", msg_timestamp);\nend" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + }, + { + "v": "1", + "type": { + "name": "pipeline_rule", + "version": "1" + }, + "id": "b540613b-ba8a-4a7a-ad4f-70385df0880d", + "data": { + "title": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Notice" + }, + "description": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Notice" + }, + "source": { + "@type": "string", + "@value": "rule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Notice\"\nwhen has_field(\"severity\") AND to_long($message.severity) == 2\nthen\nset_field(\"syslog_level\", \"Notice\");\nend" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + }, + { + "v": "1", + "type": { + "name": "pipeline", + "version": "1" + }, + "id": "aea01b0b-c5ab-4429-9104-2f735c68bf2a", + "data": { + "title": { + "@type": "string", + "@value": "CROWDSTRIKE PROCESSING PIPELINE" + }, + "description": { + "@type": "string", + "@value": "CROWDSTRIKE PROCESSING PIPELINE" + }, + "source": { + "@type": "string", + "@value": "pipeline \"CROWDSTRIKE PROCESSING PIPELINE\"\nstage 0 match either\nrule \"Crowdstrike Timestamp Failsafe - UTC\"\nrule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Alert\"\nrule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Info\"\nrule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Notice\"\nrule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Warning\"\nend" + }, + "connected_streams": [] + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + }, + { + "v": "1", + "type": { + "name": "pipeline_rule", + "version": "1" + }, + "id": "f0ebe352-2211-453f-959b-6267016b147e", + "data": { + "title": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Alert" + }, + "description": { + "@type": "string", + "@value": "CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Alert" + }, + "source": { + "@type": "string", + "@value": "rule \"CROWDSTRIKE CREATE FIELD SYSLOG LEVEL - Alert\"\nwhen has_field(\"severity\") AND to_long($message.severity) == 4\nthen\nset_field(\"syslog_level\", \"Alert\");\nend" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + } + ] +} diff --git a/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_STREAM.json b/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_STREAM.json new file mode 100644 index 000000000..51b4e3640 --- /dev/null +++ b/backend/app/stack_provisioning/graylog/templates/SOCFORTRESS_CROWDSTRIKE_STREAM.json @@ -0,0 +1,102 @@ +{ + "v": 1, + "id": "REPLACE_UUID_GLOBAL", + "rev": 1, + "name": "customer_name_CROWDSTRIKE_STREAM", + "summary": "customer_name_CROWDSTRIKE_STREAM", + "description": "", + "vendor": "SOCFortress", + "url": "", + "parameters": [], + "entities": [ + { + "v": "1", + "type": { + "name": "stream", + "version": "1" + }, + "id": "REPLACE_UUID_SPECIFIC", + "data": { + "alarm_callbacks": [], + "outputs": [], + "remove_matches": { + "@type": "boolean", + "@value": true + }, + "title": { + "@type": "string", + "@value": "customer_name - CROWDSTRIKE LOGS AND EVENTS" + }, + "stream_rules": [ + { + "type": { + "@type": "string", + "@value": "EXACT" + }, + "field": { + "@type": "string", + "@value": "syslog_type" + }, + "value": { + "@type": "string", + "@value": "crowdstrike" + }, + "inverted": { + "@type": "boolean", + "@value": false + }, + "description": { + "@type": "string", + "@value": "" + } + }, + { + "type": { + "@type": "string", + "@value": "EXACT" + }, + "field": { + "@type": "string", + "@value": "syslog_customer" + }, + "value": { + "@type": "string", + "@value": "customer_code" + }, + "inverted": { + "@type": "boolean", + "@value": false + }, + "description": { + "@type": "string", + "@value": "" + } + } + ], + "alert_conditions": [], + "matching_type": { + "@type": "string", + "@value": "AND" + }, + "disabled": { + "@type": "boolean", + "@value": false + }, + "description": { + "@type": "string", + "@value": "customer_name - CROWDSTRIKE LOGS AND EVENTS" + }, + "default_stream": { + "@type": "boolean", + "@value": false + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=5.0.13+083613e" + } + ] + } + ] +} diff --git a/backend/app/utils.py b/backend/app/utils.py index d3c3af45e..5a0f93a92 100644 --- a/backend/app/utils.py +++ b/backend/app/utils.py @@ -25,10 +25,14 @@ from app.auth.services.universal import find_user from app.auth.utils import AuthHandler from app.connectors.utils import get_connector_info_from_db +from app.customer_provisioning.models.default_settings import ( + CustomerProvisioningDefaultSettings, +) from app.db.all_models import Connectors from app.db.db_session import get_db from app.db.db_session import get_db_session from app.db.db_session import get_session +from app.db.universal_models import CustomersMeta from app.db.universal_models import LogEntry from app.integrations.alert_creation_settings.models.alert_creation_settings import ( AlertCreationEventConfig, @@ -636,6 +640,55 @@ async def get_connector_attribute( return None +async def get_customer_meta_attribute( + customer_code: str, + column_name: str, + session: AsyncSession = Depends(get_session), +) -> Optional[Any]: + """ + Retrieve the value of a specific column from a customer. + + Args: + customer_code (str): The code of the customer. + column_name (str): The name of the column to retrieve. + session (AsyncSession, optional): The database session. Defaults to Depends(get_session). + + Returns: + Optional[Any]: The value of the column, or None if the customer or column does not exist. + """ + result = await session.execute( + select(CustomersMeta).filter(CustomersMeta.customer_code == customer_code), + ) + customer = result.scalars().first() + + if customer: + return getattr(customer, column_name, None) + return None + + +async def get_customer_default_settings_attribute( + column_name: str, + session: AsyncSession = Depends(get_session), +) -> Optional[Any]: + """ + Retrieve the value of a specific column from a customer's default settings. + + Args: + customer_code (str): The code of the customer. + column_name (str): The name of the column to retrieve. + session (AsyncSession, optional): The database session. Defaults to Depends(get_session). + + Returns: + Optional[Any]: The value of the column, or None if the customer or column does not exist. + """ + result = await session.execute(select(CustomerProvisioningDefaultSettings)) + settings = result.scalars().first() + + if settings: + return getattr(settings, column_name, None) + return None + + async def get_customer_alert_settings( customer_code: str, session: AsyncSession, diff --git a/backend/copilot.py b/backend/copilot.py index 67a20ed2b..f15cd0109 100644 --- a/backend/copilot.py +++ b/backend/copilot.py @@ -35,6 +35,7 @@ from app.routers import carbonblack from app.routers import connectors from app.routers import cortex +from app.routers import crowdstrike from app.routers import customer_provisioning from app.routers import customers from app.routers import dfir_iris @@ -139,6 +140,7 @@ api_router.include_router(modules.router) api_router.include_router(carbonblack.router) api_router.include_router(network_connectors.router) +api_router.include_router(crowdstrike.router) # Include the APIRouter in the FastAPI app app.include_router(api_router) diff --git a/frontend/package-lock.json b/frontend/package-lock.json index f62c5e42a..e078a46a0 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -20,7 +20,7 @@ "bytes": "^3.1.2", "colord": "^2.9.3", "crypto-js": "^4.2.0", - "dayjs": "^1.11.10", + "dayjs": "^1.11.11", "detect-touch-device": "^1.1.6", "echarts": "^5.5.0", "file-saver": "^2.0.5", @@ -29,13 +29,13 @@ "lodash": "^4.17.21", "markdown-it-highlightjs": "^4.0.1", "mitt": "^3.0.1", - "naive-ui": "^2.38.1", + "naive-ui": "^2.38.2", "password-validator": "^5.3.0", "pinia": "^2.1.7", "pinia-plugin-persistedstate": "^3.2.1", "secure-ls": "^1.2.6", "validator": "^13.11.0", - "vue": "^3.4.25", + "vue": "^3.4.27", "vue-advanced-cropper": "^2.8.8", "vue-highlight-words": "^3.0.1", "vue-i18n": "^9.13.1", @@ -57,21 +57,21 @@ "@types/html2canvas": "^1.0.0", "@types/inquirer": "^9.0.7", "@types/jsdom": "^21.1.6", - "@types/lodash": "^4.17.0", - "@types/markdown-it": "^14.0.1", + "@types/lodash": "^4.17.1", + "@types/markdown-it": "^14.1.1", "@types/markdown-it-highlightjs": "^3.3.4", - "@types/node": "^20.12.7", + "@types/node": "^20.12.10", "@types/validator": "^13.11.9", "@vitejs/plugin-vue": "^5.0.4", "@vitejs/plugin-vue-jsx": "^3.1.0", "@vue/eslint-config-prettier": "^9.0.0", "@vue/eslint-config-typescript": "^13.0.0", - "@vue/test-utils": "^2.4.5", + "@vue/test-utils": "^2.4.6", "@vue/tsconfig": "^0.5.1", "autoprefixer": "^10.4.19", "cypress": "^13.8.1", "eslint": "^8.57.0", - "eslint-plugin-cypress": "^3.0.2", + "eslint-plugin-cypress": "^3.2.0", "eslint-plugin-vue": "^9.25.0", "flourite": "^1.2.4", "fs-extra": "^11.2.0", @@ -82,32 +82,24 @@ "picocolors": "^1.0.0", "postcss": "^8.4.38", "prettier": "^3.2.5", - "sass": "^1.75.0", - "shiki": "^1.3.0", + "sass": "^1.77.0", + "shiki": "^1.4.0", "start-server-and-test": "^2.0.3", - "tailwind-config-viewer": "^2.0.1", + "tailwind-config-viewer": "^2.0.2", "tailwindcss": "^3.4.3", - "taze": "^0.13.7", - "unplugin-vue-components": "^0.26.0", - "vite": "^5.2.10", + "taze": "^0.13.8", + "unplugin-vue-components": "^0.27.0", + "vite": "^5.2.11", "vite-bundle-analyzer": "^0.9.4", "vite-bundle-visualizer": "^1.1.0", "vite-svg-loader": "^5.1.0", - "vitest": "^1.5.2", - "vue-tsc": "^2.0.14" + "vitest": "^1.6.0", + "vue-tsc": "^2.0.16" }, "engines": { "node": ">=18.0.0" } }, - "node_modules/@aashutoshrathi/word-wrap": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz", - "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==", - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/@ajoelp/json-to-formdata": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/@ajoelp/json-to-formdata/-/json-to-formdata-1.5.0.tgz", @@ -187,21 +179,21 @@ } }, "node_modules/@babel/core": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.24.4.tgz", - "integrity": "sha512-MBVlMXP+kkl5394RBLSxxk/iLTeVGuXTV3cIDXavPpMMqnSnt6apKgan/U8O3USWZCWZT/TbgfEpKa4uMgN4Dg==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.24.5.tgz", + "integrity": "sha512-tVQRucExLQ02Boi4vdPp49svNGcfL2GhdTCT9aldhXgCJVAI21EtRfBettiuLUwce/7r6bFdgs6JFkcdTiFttA==", "dev": true, "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.24.2", - "@babel/generator": "^7.24.4", + "@babel/generator": "^7.24.5", "@babel/helper-compilation-targets": "^7.23.6", - "@babel/helper-module-transforms": "^7.23.3", - "@babel/helpers": "^7.24.4", - "@babel/parser": "^7.24.4", + "@babel/helper-module-transforms": "^7.24.5", + "@babel/helpers": "^7.24.5", + "@babel/parser": "^7.24.5", "@babel/template": "^7.24.0", - "@babel/traverse": "^7.24.1", - "@babel/types": "^7.24.0", + "@babel/traverse": "^7.24.5", + "@babel/types": "^7.24.5", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", @@ -226,12 +218,12 @@ } }, "node_modules/@babel/generator": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.4.tgz", - "integrity": "sha512-Xd6+v6SnjWVx/nus+y0l1sxMOTOMBkyL4+BIdbALyatQnAe/SRVjANeDPSCYaX+i1iJmuGSKf3Z+E+V/va1Hvw==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.5.tgz", + "integrity": "sha512-x32i4hEXvr+iI0NEoEfDKzlemF8AmtOP8CcrRaEcpzysWuoEb1KknpcvMsHKPONoKZiDuItklgWhB18xEhr9PA==", "dev": true, "dependencies": { - "@babel/types": "^7.24.0", + "@babel/types": "^7.24.5", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^2.5.1" @@ -278,19 +270,19 @@ } }, "node_modules/@babel/helper-create-class-features-plugin": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.4.tgz", - "integrity": "sha512-lG75yeuUSVu0pIcbhiYMXBXANHrpUPaOfu7ryAzskCgKUHuAxRQI5ssrtmF0X9UXldPlvT0XM/A4F44OXRt6iQ==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.5.tgz", + "integrity": "sha512-uRc4Cv8UQWnE4NXlYTIIdM7wfFkOqlFztcC/gVXDKohKoVB3OyonfelUBaJzSwpBntZ2KYGF/9S7asCHsXwW6g==", "dev": true, "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-function-name": "^7.23.0", - "@babel/helper-member-expression-to-functions": "^7.23.0", + "@babel/helper-member-expression-to-functions": "^7.24.5", "@babel/helper-optimise-call-expression": "^7.22.5", "@babel/helper-replace-supers": "^7.24.1", "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5", - "@babel/helper-split-export-declaration": "^7.22.6", + "@babel/helper-split-export-declaration": "^7.24.5", "semver": "^6.3.1" }, "engines": { @@ -344,12 +336,12 @@ } }, "node_modules/@babel/helper-member-expression-to-functions": { - "version": "7.23.0", - "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.23.0.tgz", - "integrity": "sha512-6gfrPwh7OuT6gZyJZvd6WbTfrqAo7vm4xCzAXOusKqq/vWdKXphTpj5klHKNmRUU6/QRGlBsyU9mAIPaWHlqJA==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.24.5.tgz", + "integrity": "sha512-4owRteeihKWKamtqg4JmWSsEZU445xpFRXPEwp44HbgbxdWlUV1b4Agg4lkA806Lil5XM/e+FJyS0vj5T6vmcA==", "dev": true, "dependencies": { - "@babel/types": "^7.23.0" + "@babel/types": "^7.24.5" }, "engines": { "node": ">=6.9.0" @@ -368,16 +360,16 @@ } }, "node_modules/@babel/helper-module-transforms": { - "version": "7.23.3", - "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.23.3.tgz", - "integrity": "sha512-7bBs4ED9OmswdfDzpz4MpWgSrV7FXlc3zIagvLFjS5H+Mk7Snr21vQ6QwrsoCGMfNC4e4LQPdoULEt4ykz0SRQ==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.24.5.tgz", + "integrity": "sha512-9GxeY8c2d2mdQUP1Dye0ks3VDyIMS98kt/llQ2nUId8IsWqTF0l1LkSX0/uP7l7MCDrzXS009Hyhe2gzTiGW8A==", "dev": true, "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", - "@babel/helper-module-imports": "^7.22.15", - "@babel/helper-simple-access": "^7.22.5", - "@babel/helper-split-export-declaration": "^7.22.6", - "@babel/helper-validator-identifier": "^7.22.20" + "@babel/helper-module-imports": "^7.24.3", + "@babel/helper-simple-access": "^7.24.5", + "@babel/helper-split-export-declaration": "^7.24.5", + "@babel/helper-validator-identifier": "^7.24.5" }, "engines": { "node": ">=6.9.0" @@ -399,9 +391,9 @@ } }, "node_modules/@babel/helper-plugin-utils": { - "version": "7.24.0", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.0.tgz", - "integrity": "sha512-9cUznXMG0+FxRuJfvL82QlTqIzhVW9sL0KjMPHhAOOvpQGL8QtdxnBKILjBqxlHyliz0yCa1G903ZXI/FuHy2w==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.5.tgz", + "integrity": "sha512-xjNLDopRzW2o6ba0gKbkZq5YWEBaK3PCyTOY1K2P/O07LGMhMqlMXPxwN4S5/RhWuCobT8z0jrlKGlYmeR1OhQ==", "dev": true, "engines": { "node": ">=6.9.0" @@ -425,12 +417,12 @@ } }, "node_modules/@babel/helper-simple-access": { - "version": "7.22.5", - "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.22.5.tgz", - "integrity": "sha512-n0H99E/K+Bika3++WNL17POvo4rKWZ7lZEp1Q+fStVbUi8nxPQEBOlTmCOxW/0JsS56SKKQ+ojAe2pHKJHN35w==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.24.5.tgz", + "integrity": "sha512-uH3Hmf5q5n7n8mz7arjUlDOCbttY/DW4DYhE6FUsjKJ/oYC1kQQUvwEQWxRwUpX9qQKRXeqLwWxrqilMrf32sQ==", "dev": true, "dependencies": { - "@babel/types": "^7.22.5" + "@babel/types": "^7.24.5" }, "engines": { "node": ">=6.9.0" @@ -449,12 +441,12 @@ } }, "node_modules/@babel/helper-split-export-declaration": { - "version": "7.22.6", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.22.6.tgz", - "integrity": "sha512-AsUnxuLhRYsisFiaJwvp1QF+I3KjD5FOxut14q/GzovUe6orHLesW2C7d754kRm53h5gqrz6sFl6sxc4BVtE/g==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.24.5.tgz", + "integrity": "sha512-5CHncttXohrHk8GWOFCcCl4oRD9fKosWlIRgWm4ql9VYioKm52Mk2xsmoohvm7f3JoiLSM5ZgJuRaf5QZZYd3Q==", "dev": true, "dependencies": { - "@babel/types": "^7.22.5" + "@babel/types": "^7.24.5" }, "engines": { "node": ">=6.9.0" @@ -470,9 +462,9 @@ } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.22.20", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", - "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.5.tgz", + "integrity": "sha512-3q93SSKX2TWCG30M2G2kwaKeTYgEUp5Snjuj8qm729SObL6nbtUldAi37qbxkD5gg3xnBio+f9nqpSepGZMvxA==", "dev": true, "engines": { "node": ">=6.9.0" @@ -488,26 +480,26 @@ } }, "node_modules/@babel/helpers": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.4.tgz", - "integrity": "sha512-FewdlZbSiwaVGlgT1DPANDuCHaDMiOo+D/IDYRFYjHOuv66xMSJ7fQwwODwRNAPkADIO/z1EoF/l2BCWlWABDw==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.5.tgz", + "integrity": "sha512-CiQmBMMpMQHwM5m01YnrM6imUG1ebgYJ+fAIW4FZe6m4qHTPaRHti+R8cggAwkdz4oXhtO4/K9JWlh+8hIfR2Q==", "dev": true, "dependencies": { "@babel/template": "^7.24.0", - "@babel/traverse": "^7.24.1", - "@babel/types": "^7.24.0" + "@babel/traverse": "^7.24.5", + "@babel/types": "^7.24.5" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/highlight": { - "version": "7.24.2", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.2.tgz", - "integrity": "sha512-Yac1ao4flkTxTteCDZLEvdxg2fZfz1v8M4QpaGypq/WPDqg3ijHYbDfs+LG5hvzSoqaSZ9/Z9lKSP3CjZjv+pA==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.5.tgz", + "integrity": "sha512-8lLmua6AVh/8SLJRRVD6V8p73Hir9w5mJrhE+IPpILG31KKlI9iz5zmBYKcWPS59qSfgP9RaSBQSHHE81WKuEw==", "dev": true, "dependencies": { - "@babel/helper-validator-identifier": "^7.22.20", + "@babel/helper-validator-identifier": "^7.24.5", "chalk": "^2.4.2", "js-tokens": "^4.0.0", "picocolors": "^1.0.0" @@ -517,9 +509,9 @@ } }, "node_modules/@babel/parser": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.4.tgz", - "integrity": "sha512-zTvEBcghmeBma9QIGunWevvBAp4/Qu9Bdq+2k0Ot4fVMD6v3dsC9WOcRSKk7tRRyBM/53yKMJko9xOatGQAwSg==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.5.tgz", + "integrity": "sha512-EOv5IK8arwh3LI47dz1b0tKUb/1uhHAnHJOrjgtQMIpu1uXd9mlFrJg9IUgGUgZ41Ch0K8REPTYpO7B76b4vJg==", "bin": { "parser": "bin/babel-parser.js" }, @@ -558,14 +550,14 @@ } }, "node_modules/@babel/plugin-transform-typescript": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.24.4.tgz", - "integrity": "sha512-79t3CQ8+oBGk/80SQ8MN3Bs3obf83zJ0YZjDmDaEZN8MqhMI760apl5z6a20kFeMXBwJX99VpKT8CKxEBp5H1g==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.24.5.tgz", + "integrity": "sha512-E0VWu/hk83BIFUWnsKZ4D81KXjN5L3MobvevOHErASk9IPwKHOkTgvqzvNo1yP/ePJWqqK2SpUR5z+KQbl6NVw==", "dev": true, "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", - "@babel/helper-create-class-features-plugin": "^7.24.4", - "@babel/helper-plugin-utils": "^7.24.0", + "@babel/helper-create-class-features-plugin": "^7.24.5", + "@babel/helper-plugin-utils": "^7.24.5", "@babel/plugin-syntax-typescript": "^7.24.1" }, "engines": { @@ -576,9 +568,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.24.4", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.24.4.tgz", - "integrity": "sha512-dkxf7+hn8mFBwKjs9bvBlArzLVxVbS8usaPUDd5p2a9JCL9tB8OaOVN1isD4+Xyk4ns89/xeOmbQvgdK7IIVdA==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.24.5.tgz", + "integrity": "sha512-Nms86NXrsaeU9vbBJKni6gXiEXZ4CVpYVzEjDH9Sb8vmZ3UljyA1GSOJl/6LGPO8EHLuSF9H+IxNXHPX8QHJ4g==", "dependencies": { "regenerator-runtime": "^0.14.0" }, @@ -601,19 +593,19 @@ } }, "node_modules/@babel/traverse": { - "version": "7.24.1", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.1.tgz", - "integrity": "sha512-xuU6o9m68KeqZbQuDt2TcKSxUw/mrsvavlEqQ1leZ/B+C9tk6E4sRWy97WaXgvq5E+nU3cXMxv3WKOCanVMCmQ==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.5.tgz", + "integrity": "sha512-7aaBLeDQ4zYcUFDUD41lJc1fG8+5IU9DaNSJAgal866FGvmD5EbWQgnEC6kO1gGLsX0esNkfnJSndbTXA3r7UA==", "dev": true, "dependencies": { - "@babel/code-frame": "^7.24.1", - "@babel/generator": "^7.24.1", + "@babel/code-frame": "^7.24.2", + "@babel/generator": "^7.24.5", "@babel/helper-environment-visitor": "^7.22.20", "@babel/helper-function-name": "^7.23.0", "@babel/helper-hoist-variables": "^7.22.5", - "@babel/helper-split-export-declaration": "^7.22.6", - "@babel/parser": "^7.24.1", - "@babel/types": "^7.24.0", + "@babel/helper-split-export-declaration": "^7.24.5", + "@babel/parser": "^7.24.5", + "@babel/types": "^7.24.5", "debug": "^4.3.1", "globals": "^11.1.0" }, @@ -631,13 +623,13 @@ } }, "node_modules/@babel/types": { - "version": "7.24.0", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.24.0.tgz", - "integrity": "sha512-+j7a5c253RfKh8iABBhywc8NSfP5LURe7Uh4qpsh6jc+aLJguvmIUBdjSdEMQv2bENrCR5MfRdjGo7vzS/ob7w==", + "version": "7.24.5", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.24.5.tgz", + "integrity": "sha512-6mQNsaLeXTw0nxYUYu+NSa4Hx4BlF1x1x8/PMFbiR+GBSr+2DkECc69b8hgy2frEodNcvPffeH8YfWd3LI6jhQ==", "dev": true, "dependencies": { - "@babel/helper-string-parser": "^7.23.4", - "@babel/helper-validator-identifier": "^7.22.20", + "@babel/helper-string-parser": "^7.24.1", + "@babel/helper-validator-identifier": "^7.24.5", "to-fast-properties": "^2.0.0" }, "engines": { @@ -671,6 +663,7 @@ }, "node_modules/@clack/prompts/node_modules/is-unicode-supported": { "version": "1.3.0", + "extraneous": true, "inBundle": true, "license": "MIT", "engines": { @@ -691,17 +684,17 @@ } }, "node_modules/@css-render/plugin-bem": { - "version": "0.15.12", - "resolved": "https://registry.npmjs.org/@css-render/plugin-bem/-/plugin-bem-0.15.12.tgz", - "integrity": "sha512-Lq2jSOZn+wYQtsyaFj6QRz2EzAnd3iW5fZeHO1WSXQdVYwvwGX0ZiH3X2JQgtgYLT1yeGtrwrqJdNdMEUD2xTw==", + "version": "0.15.14", + "resolved": "https://registry.npmjs.org/@css-render/plugin-bem/-/plugin-bem-0.15.14.tgz", + "integrity": "sha512-QK513CJ7yEQxm/P3EwsI+d+ha8kSOcjGvD6SevM41neEMxdULE+18iuQK6tEChAWMOQNQPLG/Rw3Khb69r5neg==", "peerDependencies": { - "css-render": "~0.15.12" + "css-render": "~0.15.14" } }, "node_modules/@css-render/vue3-ssr": { - "version": "0.15.12", - "resolved": "https://registry.npmjs.org/@css-render/vue3-ssr/-/vue3-ssr-0.15.12.tgz", - "integrity": "sha512-AQLGhhaE0F+rwybRCkKUdzBdTEM/5PZBYy+fSYe1T9z9+yxMuV/k7ZRqa4M69X+EI1W8pa4kc9Iq2VjQkZx4rg==", + "version": "0.15.14", + "resolved": "https://registry.npmjs.org/@css-render/vue3-ssr/-/vue3-ssr-0.15.14.tgz", + "integrity": "sha512-//8027GSbxE9n3QlD73xFY6z4ZbHbvrOVB7AO6hsmrEzGbg+h2A09HboUyDgu+xsmj7JnvJD39Irt+2D0+iV8g==", "peerDependencies": { "vue": "^3.0.11" } @@ -1636,9 +1629,9 @@ } }, "node_modules/@rollup/rollup-android-arm-eabi": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.14.3.tgz", - "integrity": "sha512-X9alQ3XM6I9IlSlmC8ddAvMSyG1WuHk5oUnXGw+yUBs3BFoTizmG1La/Gr8fVJvDWAq+zlYTZ9DBgrlKRVY06g==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.17.2.tgz", + "integrity": "sha512-NM0jFxY8bB8QLkoKxIQeObCaDlJKewVlIEkuyYKm5An1tdVZ966w2+MPQ2l8LBZLjR+SgyV+nRkTIunzOYBMLQ==", "cpu": [ "arm" ], @@ -1649,9 +1642,9 @@ ] }, "node_modules/@rollup/rollup-android-arm64": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.14.3.tgz", - "integrity": "sha512-eQK5JIi+POhFpzk+LnjKIy4Ks+pwJ+NXmPxOCSvOKSNRPONzKuUvWE+P9JxGZVxrtzm6BAYMaL50FFuPe0oWMQ==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.17.2.tgz", + "integrity": "sha512-yeX/Usk7daNIVwkq2uGoq2BYJKZY1JfyLTaHO/jaiSwi/lsf8fTFoQW/n6IdAsx5tx+iotu2zCJwz8MxI6D/Bw==", "cpu": [ "arm64" ], @@ -1662,9 +1655,9 @@ ] }, "node_modules/@rollup/rollup-darwin-arm64": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.14.3.tgz", - "integrity": "sha512-Od4vE6f6CTT53yM1jgcLqNfItTsLt5zE46fdPaEmeFHvPs5SjZYlLpHrSiHEKR1+HdRfxuzXHjDOIxQyC3ptBA==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.17.2.tgz", + "integrity": "sha512-kcMLpE6uCwls023+kknm71ug7MZOrtXo+y5p/tsg6jltpDtgQY1Eq5sGfHcQfb+lfuKwhBmEURDga9N0ol4YPw==", "cpu": [ "arm64" ], @@ -1675,9 +1668,9 @@ ] }, "node_modules/@rollup/rollup-darwin-x64": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.14.3.tgz", - "integrity": "sha512-0IMAO21axJeNIrvS9lSe/PGthc8ZUS+zC53O0VhF5gMxfmcKAP4ESkKOCwEi6u2asUrt4mQv2rjY8QseIEb1aw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.17.2.tgz", + "integrity": "sha512-AtKwD0VEx0zWkL0ZjixEkp5tbNLzX+FCqGG1SvOu993HnSz4qDI6S4kGzubrEJAljpVkhRSlg5bzpV//E6ysTQ==", "cpu": [ "x64" ], @@ -1688,9 +1681,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-gnueabihf": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.14.3.tgz", - "integrity": "sha512-ge2DC7tHRHa3caVEoSbPRJpq7azhG+xYsd6u2MEnJ6XzPSzQsTKyXvh6iWjXRf7Rt9ykIUWHtl0Uz3T6yXPpKw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.17.2.tgz", + "integrity": "sha512-3reX2fUHqN7sffBNqmEyMQVj/CKhIHZd4y631duy0hZqI8Qoqf6lTtmAKvJFYa6bhU95B1D0WgzHkmTg33In0A==", "cpu": [ "arm" ], @@ -1701,9 +1694,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-musleabihf": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.14.3.tgz", - "integrity": "sha512-ljcuiDI4V3ySuc7eSk4lQ9wU8J8r8KrOUvB2U+TtK0TiW6OFDmJ+DdIjjwZHIw9CNxzbmXY39wwpzYuFDwNXuw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.17.2.tgz", + "integrity": "sha512-uSqpsp91mheRgw96xtyAGP9FW5ChctTFEoXP0r5FAzj/3ZRv3Uxjtc7taRQSaQM/q85KEKjKsZuiZM3GyUivRg==", "cpu": [ "arm" ], @@ -1714,9 +1707,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-gnu": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.14.3.tgz", - "integrity": "sha512-Eci2us9VTHm1eSyn5/eEpaC7eP/mp5n46gTRB3Aar3BgSvDQGJZuicyq6TsH4HngNBgVqC5sDYxOzTExSU+NjA==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.17.2.tgz", + "integrity": "sha512-EMMPHkiCRtE8Wdk3Qhtciq6BndLtstqZIroHiiGzB3C5LDJmIZcSzVtLRbwuXuUft1Cnv+9fxuDtDxz3k3EW2A==", "cpu": [ "arm64" ], @@ -1727,9 +1720,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-musl": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.14.3.tgz", - "integrity": "sha512-UrBoMLCq4E92/LCqlh+blpqMz5h1tJttPIniwUgOFJyjWI1qrtrDhhpHPuFxULlUmjFHfloWdixtDhSxJt5iKw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.17.2.tgz", + "integrity": "sha512-NMPylUUZ1i0z/xJUIx6VUhISZDRT+uTWpBcjdv0/zkp7b/bQDF+NfnfdzuTiB1G6HTodgoFa93hp0O1xl+/UbA==", "cpu": [ "arm64" ], @@ -1740,9 +1733,9 @@ ] }, "node_modules/@rollup/rollup-linux-powerpc64le-gnu": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.14.3.tgz", - "integrity": "sha512-5aRjvsS8q1nWN8AoRfrq5+9IflC3P1leMoy4r2WjXyFqf3qcqsxRCfxtZIV58tCxd+Yv7WELPcO9mY9aeQyAmw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.17.2.tgz", + "integrity": "sha512-T19My13y8uYXPw/L/k0JYaX1fJKFT/PWdXiHr8mTbXWxjVF1t+8Xl31DgBBvEKclw+1b00Chg0hxE2O7bTG7GQ==", "cpu": [ "ppc64" ], @@ -1753,9 +1746,9 @@ ] }, "node_modules/@rollup/rollup-linux-riscv64-gnu": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.14.3.tgz", - "integrity": "sha512-sk/Qh1j2/RJSX7FhEpJn8n0ndxy/uf0kI/9Zc4b1ELhqULVdTfN6HL31CDaTChiBAOgLcsJ1sgVZjWv8XNEsAQ==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.17.2.tgz", + "integrity": "sha512-BOaNfthf3X3fOWAB+IJ9kxTgPmMqPPH5f5k2DcCsRrBIbWnaJCgX2ll77dV1TdSy9SaXTR5iDXRL8n7AnoP5cg==", "cpu": [ "riscv64" ], @@ -1766,9 +1759,9 @@ ] }, "node_modules/@rollup/rollup-linux-s390x-gnu": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.14.3.tgz", - "integrity": "sha512-jOO/PEaDitOmY9TgkxF/TQIjXySQe5KVYB57H/8LRP/ux0ZoO8cSHCX17asMSv3ruwslXW/TLBcxyaUzGRHcqg==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.17.2.tgz", + "integrity": "sha512-W0UP/x7bnn3xN2eYMql2T/+wpASLE5SjObXILTMPUBDB/Fg/FxC+gX4nvCfPBCbNhz51C+HcqQp2qQ4u25ok6g==", "cpu": [ "s390x" ], @@ -1779,9 +1772,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-gnu": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.14.3.tgz", - "integrity": "sha512-8ybV4Xjy59xLMyWo3GCfEGqtKV5M5gCSrZlxkPGvEPCGDLNla7v48S662HSGwRd6/2cSneMQWiv+QzcttLrrOA==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.17.2.tgz", + "integrity": "sha512-Hy7pLwByUOuyaFC6mAr7m+oMC+V7qyifzs/nW2OJfC8H4hbCzOX07Ov0VFk/zP3kBsELWNFi7rJtgbKYsav9QQ==", "cpu": [ "x64" ], @@ -1792,9 +1785,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-musl": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.14.3.tgz", - "integrity": "sha512-s+xf1I46trOY10OqAtZ5Rm6lzHre/UiLA1J2uOhCFXWkbZrJRkYBPO6FhvGfHmdtQ3Bx793MNa7LvoWFAm93bg==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.17.2.tgz", + "integrity": "sha512-h1+yTWeYbRdAyJ/jMiVw0l6fOOm/0D1vNLui9iPuqgRGnXA0u21gAqOyB5iHjlM9MMfNOm9RHCQ7zLIzT0x11Q==", "cpu": [ "x64" ], @@ -1805,9 +1798,9 @@ ] }, "node_modules/@rollup/rollup-win32-arm64-msvc": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.14.3.tgz", - "integrity": "sha512-+4h2WrGOYsOumDQ5S2sYNyhVfrue+9tc9XcLWLh+Kw3UOxAvrfOrSMFon60KspcDdytkNDh7K2Vs6eMaYImAZg==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.17.2.tgz", + "integrity": "sha512-tmdtXMfKAjy5+IQsVtDiCfqbynAQE/TQRpWdVataHmhMb9DCoJxp9vLcCBjEQWMiUYxO1QprH/HbY9ragCEFLA==", "cpu": [ "arm64" ], @@ -1818,9 +1811,9 @@ ] }, "node_modules/@rollup/rollup-win32-ia32-msvc": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.14.3.tgz", - "integrity": "sha512-T1l7y/bCeL/kUwh9OD4PQT4aM7Bq43vX05htPJJ46RTI4r5KNt6qJRzAfNfM+OYMNEVBWQzR2Gyk+FXLZfogGw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.17.2.tgz", + "integrity": "sha512-7II/QCSTAHuE5vdZaQEwJq2ZACkBpQDOmQsE6D6XUbnBHW8IAhm4eTufL6msLJorzrHDFv3CF8oCA/hSIRuZeQ==", "cpu": [ "ia32" ], @@ -1831,9 +1824,9 @@ ] }, "node_modules/@rollup/rollup-win32-x64-msvc": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.14.3.tgz", - "integrity": "sha512-/BypzV0H1y1HzgYpxqRaXGBRqfodgoBBCcsrujT6QRcakDQdfU+Lq9PENPh5jB4I44YWq+0C2eHsHya+nZY1sA==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.17.2.tgz", + "integrity": "sha512-TGGO7v7qOq4CYmSBVEYpI1Y5xDuCEnbVC5Vth8mOsW0gDSzxNrVERPc790IGHsrT2dQSimgMr9Ub3Y1Jci5/8w==", "cpu": [ "x64" ], @@ -1850,9 +1843,9 @@ "dev": true }, "node_modules/@shikijs/core": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@shikijs/core/-/core-1.3.0.tgz", - "integrity": "sha512-7fedsBfuILDTBmrYZNFI8B6ATTxhQAasUHllHmjvSZPnoq4bULWoTpHwmuQvZ8Aq03/tAa2IGo6RXqWtHdWaCA==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/@shikijs/core/-/core-1.4.0.tgz", + "integrity": "sha512-CxpKLntAi64h3j+TwWqVIQObPTED0FyXLHTTh3MKXtqiQNn2JGcMQQ362LftDbc9kYbDtrksNMNoVmVXzKFYUQ==", "dev": true }, "node_modules/@sideway/address": { @@ -1986,15 +1979,15 @@ "integrity": "sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==" }, "node_modules/@types/linkify-it": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@types/linkify-it/-/linkify-it-3.0.5.tgz", - "integrity": "sha512-yg6E+u0/+Zjva+buc3EIb+29XEg4wltq7cSmd4Uc2EE/1nUVmxyzpX6gUXD0V8jIrG0r7YeOGVIbYRkxeooCtw==", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@types/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-sVDA58zAw4eWAffKOaQH5/5j3XeayukzDk+ewSsnv3p4yJEZHCCzMDiZM8e0OUrRvmpGZ85jf4yDHkHsgBNr9Q==", "dev": true }, "node_modules/@types/lodash": { - "version": "4.17.0", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.0.tgz", - "integrity": "sha512-t7dhREVv6dbNj0q17X12j7yDG4bD/DHYX7o5/DbDxobP0HnGPgpRz2Ej77aL7TZT3DSw13fqUTj8J4mMnqa7WA==" + "version": "4.17.1", + "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.1.tgz", + "integrity": "sha512-X+2qazGS3jxLAIz5JDXDzglAF3KpijdhFxlf/V1+hEsOUc+HnWi81L/uv/EvGuV90WY+7mPGFCUDGfQC3Gj95Q==" }, "node_modules/@types/lodash-es": { "version": "4.17.12", @@ -2005,13 +1998,13 @@ } }, "node_modules/@types/markdown-it": { - "version": "14.0.1", - "resolved": "https://registry.npmjs.org/@types/markdown-it/-/markdown-it-14.0.1.tgz", - "integrity": "sha512-6WfOG3jXR78DW8L5cTYCVVGAsIFZskRHCDo5tbqa+qtKVt4oDRVH7hyIWu1SpDQJlmIoEivNQZ5h+AGAOrgOtQ==", + "version": "14.1.1", + "resolved": "https://registry.npmjs.org/@types/markdown-it/-/markdown-it-14.1.1.tgz", + "integrity": "sha512-4NpsnpYl2Gt1ljyBGrKMxFYAYvpqbnnkgP/i/g+NLpjEUa3obn1XJCur9YbEXKDAkaXqsR1LbDnGEJ0MmKFxfg==", "dev": true, "dependencies": { - "@types/linkify-it": "*", - "@types/mdurl": "*" + "@types/linkify-it": "^5", + "@types/mdurl": "^2" } }, "node_modules/@types/markdown-it-highlightjs": { @@ -2034,15 +2027,15 @@ } }, "node_modules/@types/mdurl": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/@types/mdurl/-/mdurl-1.0.5.tgz", - "integrity": "sha512-6L6VymKTzYSrEf4Nev4Xa1LCHKrlTlYCBMTlQKFuddo1CvQcE52I0mwfOJayueUC7MJuXOeHTcIU683lzd0cUA==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@types/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-RGdgjQUZba5p6QEFAVx2OGb8rQDL/cPRG7GiedRzMcJ1tYnUANBncjbSB1NRGwbvjcPeikRABz2nshyPk1bhWg==", "dev": true }, "node_modules/@types/node": { - "version": "20.12.7", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.7.tgz", - "integrity": "sha512-wq0cICSkRLVaf3UGLMGItu/PtdY7oaXaI/RVU+xliKVOtRna3PRY57ZDfztpDL0n11vfymMUnXv8QwYCO7L1wg==", + "version": "20.12.10", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.10.tgz", + "integrity": "sha512-Eem5pH9pmWBHoGAT8Dr5fdc5rYA+4NAovdM4EktRPVAAiJhmWWfQrA0cFhAbOsQdSfIHjAud6YdkbL69+zSKjw==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -2375,13 +2368,13 @@ } }, "node_modules/@vitest/expect": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.5.2.tgz", - "integrity": "sha512-rf7MTD1WCoDlN3FfYJ9Llfp0PbdtOMZ3FIF0AVkDnKbp3oiMW1c8AmvRZBcqbAhDUAvF52e9zx4WQM1r3oraVA==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.6.0.tgz", + "integrity": "sha512-ixEvFVQjycy/oNgHjqsL6AZCDduC+tflRluaHIzKIsdbzkLn2U/iBnVeJwB6HsIjQBdfMR8Z0tRxKUsvFJEeWQ==", "dev": true, "dependencies": { - "@vitest/spy": "1.5.2", - "@vitest/utils": "1.5.2", + "@vitest/spy": "1.6.0", + "@vitest/utils": "1.6.0", "chai": "^4.3.10" }, "funding": { @@ -2389,12 +2382,12 @@ } }, "node_modules/@vitest/runner": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.5.2.tgz", - "integrity": "sha512-7IJ7sJhMZrqx7HIEpv3WrMYcq8ZNz9L6alo81Y6f8hV5mIE6yVZsFoivLZmr0D777klm1ReqonE9LyChdcmw6g==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.6.0.tgz", + "integrity": "sha512-P4xgwPjwesuBiHisAVz/LSSZtDjOTPYZVmNAnpHHSR6ONrf8eCJOFRvUwdHn30F5M1fxhqtl7QZQUk2dprIXAg==", "dev": true, "dependencies": { - "@vitest/utils": "1.5.2", + "@vitest/utils": "1.6.0", "p-limit": "^5.0.0", "pathe": "^1.1.1" }, @@ -2430,9 +2423,9 @@ } }, "node_modules/@vitest/snapshot": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.5.2.tgz", - "integrity": "sha512-CTEp/lTYos8fuCc9+Z55Ga5NVPKUgExritjF5VY7heRFUfheoAqBneUlvXSUJHUZPjnPmyZA96yLRJDP1QATFQ==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.6.0.tgz", + "integrity": "sha512-+Hx43f8Chus+DCmygqqfetcAZrDJwvTj0ymqjQq4CvmpKFSTVteEOBzCusu1x2tt4OJcvBflyHUE0DZSLgEMtQ==", "dev": true, "dependencies": { "magic-string": "^0.30.5", @@ -2444,9 +2437,9 @@ } }, "node_modules/@vitest/spy": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.5.2.tgz", - "integrity": "sha512-xCcPvI8JpCtgikT9nLpHPL1/81AYqZy1GCy4+MCHBE7xi8jgsYkULpW5hrx5PGLgOQjUpb6fd15lqcriJ40tfQ==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.6.0.tgz", + "integrity": "sha512-leUTap6B/cqi/bQkXUu6bQV5TZPx7pmMBKBQiI0rJA8c3pB56ZsaTbREnF7CJfmvAS4V2cXIBAh/3rVwrrCYgw==", "dev": true, "dependencies": { "tinyspy": "^2.2.0" @@ -2456,9 +2449,9 @@ } }, "node_modules/@vitest/utils": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.5.2.tgz", - "integrity": "sha512-sWOmyofuXLJ85VvXNsroZur7mOJGiQeM0JN3/0D1uU8U9bGFM69X1iqHaRXl6R8BwaLY6yPCogP257zxTzkUdA==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.6.0.tgz", + "integrity": "sha512-21cPiuGMoMZwiOHa2i4LXkMkMkCGzA+MVFV70jRwHo95dL4x/ts5GZhML1QWuy7yfp3WzK3lRvZi3JnXTYqrBw==", "dev": true, "dependencies": { "diff-sequences": "^29.6.3", @@ -2480,30 +2473,30 @@ } }, "node_modules/@volar/language-core": { - "version": "2.2.0-alpha.10", - "resolved": "https://registry.npmjs.org/@volar/language-core/-/language-core-2.2.0-alpha.10.tgz", - "integrity": "sha512-njVJLtpu0zMvDaEk7K5q4BRpOgbyEUljU++un9TfJoJNhxG0z/hWwpwgTRImO42EKvwIxF3XUzeMk+qatAFy7Q==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@volar/language-core/-/language-core-2.2.1.tgz", + "integrity": "sha512-iHJAZKcYldZgyS8gx6DfIZApViVBeqbf6iPhqoZpG5A6F4zsZiFldKfwaKaBA3/wnOTWE2i8VUbXywI1WywCPg==", "dev": true, "dependencies": { - "@volar/source-map": "2.2.0-alpha.10" + "@volar/source-map": "2.2.1" } }, "node_modules/@volar/source-map": { - "version": "2.2.0-alpha.10", - "resolved": "https://registry.npmjs.org/@volar/source-map/-/source-map-2.2.0-alpha.10.tgz", - "integrity": "sha512-nrdWApVkP5cksAnDEyy1JD9rKdwOJsEq1B+seWO4vNXmZNcxQQCx4DULLBvKt7AzRUAQiAuw5aQkb9RBaSqdVA==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@volar/source-map/-/source-map-2.2.1.tgz", + "integrity": "sha512-w1Bgpguhbp7YTr7VUFu6gb4iAZjeEPsOX4zpgiuvlldbzvIWDWy4t0jVifsIsxZ99HAu+c3swiME7wt+GeNqhA==", "dev": true, "dependencies": { "muggle-string": "^0.4.0" } }, "node_modules/@volar/typescript": { - "version": "2.2.0-alpha.10", - "resolved": "https://registry.npmjs.org/@volar/typescript/-/typescript-2.2.0-alpha.10.tgz", - "integrity": "sha512-GCa0vTVVdA9ULUsu2Rx7jwsIuyZQPvPVT9o3NrANTbYv+523Ao1gv3glC5vzNSDPM6bUl37r94HbCj7KINQr+g==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/@volar/typescript/-/typescript-2.2.1.tgz", + "integrity": "sha512-Z/tqluR7Hz5/5dCqQp7wo9C/6tSv/IYl+tTzgzUt2NjTq95bKSsuO4E+V06D0c+3aP9x5S9jggLqw451hpnc6Q==", "dev": true, "dependencies": { - "@volar/language-core": "2.2.0-alpha.10", + "@volar/language-core": "2.2.1", "path-browserify": "^1.0.1" } }, @@ -2581,36 +2574,36 @@ } }, "node_modules/@vue/compiler-core": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.25.tgz", - "integrity": "sha512-Y2pLLopaElgWnMNolgG8w3C5nNUVev80L7hdQ5iIKPtMJvhVpG0zhnBG/g3UajJmZdvW0fktyZTotEHD1Srhbg==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.27.tgz", + "integrity": "sha512-E+RyqY24KnyDXsCuQrI+mlcdW3ALND6U7Gqa/+bVwbcpcR3BRRIckFoz7Qyd4TTlnugtwuI7YgjbvsLmxb+yvg==", "dependencies": { "@babel/parser": "^7.24.4", - "@vue/shared": "3.4.25", + "@vue/shared": "3.4.27", "entities": "^4.5.0", "estree-walker": "^2.0.2", "source-map-js": "^1.2.0" } }, "node_modules/@vue/compiler-dom": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.25.tgz", - "integrity": "sha512-Ugz5DusW57+HjllAugLci19NsDK+VyjGvmbB2TXaTcSlQxwL++2PETHx/+Qv6qFwNLzSt7HKepPe4DcTE3pBWg==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.27.tgz", + "integrity": "sha512-kUTvochG/oVgE1w5ViSr3KUBh9X7CWirebA3bezTbB5ZKBQZwR2Mwj9uoSKRMFcz4gSMzzLXBPD6KpCLb9nvWw==", "dependencies": { - "@vue/compiler-core": "3.4.25", - "@vue/shared": "3.4.25" + "@vue/compiler-core": "3.4.27", + "@vue/shared": "3.4.27" } }, "node_modules/@vue/compiler-sfc": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.25.tgz", - "integrity": "sha512-m7rryuqzIoQpOBZ18wKyq05IwL6qEpZxFZfRxlNYuIPDqywrXQxgUwLXIvoU72gs6cRdY6wHD0WVZIFE4OEaAQ==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.27.tgz", + "integrity": "sha512-nDwntUEADssW8e0rrmE0+OrONwmRlegDA1pD6QhVeXxjIytV03yDqTey9SBDiALsvAd5U4ZrEKbMyVXhX6mCGA==", "dependencies": { "@babel/parser": "^7.24.4", - "@vue/compiler-core": "3.4.25", - "@vue/compiler-dom": "3.4.25", - "@vue/compiler-ssr": "3.4.25", - "@vue/shared": "3.4.25", + "@vue/compiler-core": "3.4.27", + "@vue/compiler-dom": "3.4.27", + "@vue/compiler-ssr": "3.4.27", + "@vue/shared": "3.4.27", "estree-walker": "^2.0.2", "magic-string": "^0.30.10", "postcss": "^8.4.38", @@ -2618,12 +2611,12 @@ } }, "node_modules/@vue/compiler-ssr": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.25.tgz", - "integrity": "sha512-H2ohvM/Pf6LelGxDBnfbbXFPyM4NE3hrw0e/EpwuSiYu8c819wx+SVGdJ65p/sFrYDd6OnSDxN1MB2mN07hRSQ==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.27.tgz", + "integrity": "sha512-CVRzSJIltzMG5FcidsW0jKNQnNRYC8bT21VegyMMtHmhW3UOI7knmUehzswXLrExDLE6lQCZdrhD4ogI7c+vuw==", "dependencies": { - "@vue/compiler-dom": "3.4.25", - "@vue/shared": "3.4.25" + "@vue/compiler-dom": "3.4.27", + "@vue/shared": "3.4.27" } }, "node_modules/@vue/devtools-api": { @@ -2670,16 +2663,16 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/eslint-plugin": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.7.0.tgz", - "integrity": "sha512-GJWR0YnfrKnsRoluVO3PRb9r5aMZriiMMM/RHj5nnTrBy1/wIgk76XCtCKcnXGjpZQJQRFtGV9/0JJ6n30uwpQ==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.8.0.tgz", + "integrity": "sha512-gFTT+ezJmkwutUPmB0skOj3GZJtlEGnlssems4AjkVweUPGj7jRwwqg0Hhg7++kPGJqKtTYx+R05Ftww372aIg==", "dev": true, "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "7.7.0", - "@typescript-eslint/type-utils": "7.7.0", - "@typescript-eslint/utils": "7.7.0", - "@typescript-eslint/visitor-keys": "7.7.0", + "@typescript-eslint/scope-manager": "7.8.0", + "@typescript-eslint/type-utils": "7.8.0", + "@typescript-eslint/utils": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0", "debug": "^4.3.4", "graphemer": "^1.4.0", "ignore": "^5.3.1", @@ -2705,15 +2698,15 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/parser": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.7.0.tgz", - "integrity": "sha512-fNcDm3wSwVM8QYL4HKVBggdIPAy9Q41vcvC/GtDobw3c4ndVT3K6cqudUmjHPw8EAp4ufax0o58/xvWaP2FmTg==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.8.0.tgz", + "integrity": "sha512-KgKQly1pv0l4ltcftP59uQZCi4HUYswCLbTqVZEJu7uLX8CTLyswqMLqLN+2QFz4jCptqWVV4SB7vdxcH2+0kQ==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "7.7.0", - "@typescript-eslint/types": "7.7.0", - "@typescript-eslint/typescript-estree": "7.7.0", - "@typescript-eslint/visitor-keys": "7.7.0", + "@typescript-eslint/scope-manager": "7.8.0", + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/typescript-estree": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0", "debug": "^4.3.4" }, "engines": { @@ -2733,13 +2726,13 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/scope-manager": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.7.0.tgz", - "integrity": "sha512-/8INDn0YLInbe9Wt7dK4cXLDYp0fNHP5xKLHvZl3mOT5X17rK/YShXaiNmorl+/U4VKCVIjJnx4Ri5b0y+HClw==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.8.0.tgz", + "integrity": "sha512-viEmZ1LmwsGcnr85gIq+FCYI7nO90DVbE37/ll51hjv9aG+YZMb4WDE2fyWpUR4O/UrhGRpYXK/XajcGTk2B8g==", "dev": true, "dependencies": { - "@typescript-eslint/types": "7.7.0", - "@typescript-eslint/visitor-keys": "7.7.0" + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0" }, "engines": { "node": "^18.18.0 || >=20.0.0" @@ -2750,13 +2743,13 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/type-utils": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.7.0.tgz", - "integrity": "sha512-bOp3ejoRYrhAlnT/bozNQi3nio9tIgv3U5C0mVDdZC7cpcQEDZXvq8inrHYghLVwuNABRqrMW5tzAv88Vy77Sg==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.8.0.tgz", + "integrity": "sha512-H70R3AefQDQpz9mGv13Uhi121FNMh+WEaRqcXTX09YEDky21km4dV1ZXJIp8QjXc4ZaVkXVdohvWDzbnbHDS+A==", "dev": true, "dependencies": { - "@typescript-eslint/typescript-estree": "7.7.0", - "@typescript-eslint/utils": "7.7.0", + "@typescript-eslint/typescript-estree": "7.8.0", + "@typescript-eslint/utils": "7.8.0", "debug": "^4.3.4", "ts-api-utils": "^1.3.0" }, @@ -2777,9 +2770,9 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/types": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.7.0.tgz", - "integrity": "sha512-G01YPZ1Bd2hn+KPpIbrAhEWOn5lQBrjxkzHkWvP6NucMXFtfXoevK82hzQdpfuQYuhkvFDeQYbzXCjR1z9Z03w==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.8.0.tgz", + "integrity": "sha512-wf0peJ+ZGlcH+2ZS23aJbOv+ztjeeP8uQ9GgwMJGVLx/Nj9CJt17GWgWWoSmoRVKAX2X+7fzEnAjxdvK2gqCLw==", "dev": true, "engines": { "node": "^18.18.0 || >=20.0.0" @@ -2790,13 +2783,13 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/typescript-estree": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.7.0.tgz", - "integrity": "sha512-8p71HQPE6CbxIBy2kWHqM1KGrC07pk6RJn40n0DSc6bMOBBREZxSDJ+BmRzc8B5OdaMh1ty3mkuWRg4sCFiDQQ==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.8.0.tgz", + "integrity": "sha512-5pfUCOwK5yjPaJQNy44prjCwtr981dO8Qo9J9PwYXZ0MosgAbfEMB008dJ5sNo3+/BN6ytBPuSvXUg9SAqB0dg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "7.7.0", - "@typescript-eslint/visitor-keys": "7.7.0", + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/visitor-keys": "7.8.0", "debug": "^4.3.4", "globby": "^11.1.0", "is-glob": "^4.0.3", @@ -2818,17 +2811,17 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/utils": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.7.0.tgz", - "integrity": "sha512-LKGAXMPQs8U/zMRFXDZOzmMKgFv3COlxUQ+2NMPhbqgVm6R1w+nU1i4836Pmxu9jZAuIeyySNrN/6Rc657ggig==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.8.0.tgz", + "integrity": "sha512-L0yFqOCflVqXxiZyXrDr80lnahQfSOfc9ELAAZ75sqicqp2i36kEZZGuUymHNFoYOqxRT05up760b4iGsl02nQ==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", "@types/json-schema": "^7.0.15", "@types/semver": "^7.5.8", - "@typescript-eslint/scope-manager": "7.7.0", - "@typescript-eslint/types": "7.7.0", - "@typescript-eslint/typescript-estree": "7.7.0", + "@typescript-eslint/scope-manager": "7.8.0", + "@typescript-eslint/types": "7.8.0", + "@typescript-eslint/typescript-estree": "7.8.0", "semver": "^7.6.0" }, "engines": { @@ -2843,12 +2836,12 @@ } }, "node_modules/@vue/eslint-config-typescript/node_modules/@typescript-eslint/visitor-keys": { - "version": "7.7.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.7.0.tgz", - "integrity": "sha512-h0WHOj8MhdhY8YWkzIF30R379y0NqyOHExI9N9KCzvmu05EgG4FumeYa3ccfKUSphyWkWQE1ybVrgz/Pbam6YA==", + "version": "7.8.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.8.0.tgz", + "integrity": "sha512-q4/gibTNBQNA0lGyYQCmWRS5D15n8rXh4QjK3KV+MBPlTYHpfBUT3D3PaPR/HeNiI9W6R7FvlkcGhNyAoP+caA==", "dev": true, "dependencies": { - "@typescript-eslint/types": "7.7.0", + "@typescript-eslint/types": "7.8.0", "eslint-visitor-keys": "^3.4.3" }, "engines": { @@ -2875,12 +2868,12 @@ } }, "node_modules/@vue/language-core": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/@vue/language-core/-/language-core-2.0.14.tgz", - "integrity": "sha512-3q8mHSNcGTR7sfp2X6jZdcb4yt8AjBXAfKk0qkZIh7GAJxOnoZ10h5HToZglw4ToFvAnq+xu/Z2FFbglh9Icag==", + "version": "2.0.16", + "resolved": "https://registry.npmjs.org/@vue/language-core/-/language-core-2.0.16.tgz", + "integrity": "sha512-Bc2sexRH99pznOph8mLw2BlRZ9edm7tW51kcBXgx8adAoOcZUWJj3UNSsdQ6H9Y8meGz7BoazVrVo/jUukIsPw==", "dev": true, "dependencies": { - "@volar/language-core": "2.2.0-alpha.10", + "@volar/language-core": "~2.2.0", "@vue/compiler-dom": "^3.4.0", "@vue/shared": "^3.4.0", "computeds": "^0.0.1", @@ -2898,53 +2891,53 @@ } }, "node_modules/@vue/reactivity": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.25.tgz", - "integrity": "sha512-mKbEtKr1iTxZkAG3vm3BtKHAOhuI4zzsVcN0epDldU/THsrvfXRKzq+lZnjczZGnTdh3ojd86/WrP+u9M51pWQ==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.27.tgz", + "integrity": "sha512-kK0g4NknW6JX2yySLpsm2jlunZJl2/RJGZ0H9ddHdfBVHcNzxmQ0sS0b09ipmBoQpY8JM2KmUw+a6sO8Zo+zIA==", "dependencies": { - "@vue/shared": "3.4.25" + "@vue/shared": "3.4.27" } }, "node_modules/@vue/runtime-core": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.25.tgz", - "integrity": "sha512-3qhsTqbEh8BMH3pXf009epCI5E7bKu28fJLi9O6W+ZGt/6xgSfMuGPqa5HRbUxLoehTNp5uWvzCr60KuiRIL0Q==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.27.tgz", + "integrity": "sha512-7aYA9GEbOOdviqVvcuweTLe5Za4qBZkUY7SvET6vE8kyypxVgaT1ixHLg4urtOlrApdgcdgHoTZCUuTGap/5WA==", "dependencies": { - "@vue/reactivity": "3.4.25", - "@vue/shared": "3.4.25" + "@vue/reactivity": "3.4.27", + "@vue/shared": "3.4.27" } }, "node_modules/@vue/runtime-dom": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.25.tgz", - "integrity": "sha512-ode0sj77kuwXwSc+2Yhk8JMHZh1sZp9F/51wdBiz3KGaWltbKtdihlJFhQG4H6AY+A06zzeMLkq6qu8uDSsaoA==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.27.tgz", + "integrity": "sha512-ScOmP70/3NPM+TW9hvVAz6VWWtZJqkbdf7w6ySsws+EsqtHvkhxaWLecrTorFxsawelM5Ys9FnDEMt6BPBDS0Q==", "dependencies": { - "@vue/runtime-core": "3.4.25", - "@vue/shared": "3.4.25", + "@vue/runtime-core": "3.4.27", + "@vue/shared": "3.4.27", "csstype": "^3.1.3" } }, "node_modules/@vue/server-renderer": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.25.tgz", - "integrity": "sha512-8VTwq0Zcu3K4dWV0jOwIVINESE/gha3ifYCOKEhxOj6MEl5K5y8J8clQncTcDhKF+9U765nRw4UdUEXvrGhyVQ==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.27.tgz", + "integrity": "sha512-dlAMEuvmeA3rJsOMJ2J1kXU7o7pOxgsNHVr9K8hB3ImIkSuBrIdy0vF66h8gf8Tuinf1TK3mPAz2+2sqyf3KzA==", "dependencies": { - "@vue/compiler-ssr": "3.4.25", - "@vue/shared": "3.4.25" + "@vue/compiler-ssr": "3.4.27", + "@vue/shared": "3.4.27" }, "peerDependencies": { - "vue": "3.4.25" + "vue": "3.4.27" } }, "node_modules/@vue/shared": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.25.tgz", - "integrity": "sha512-k0yappJ77g2+KNrIaF0FFnzwLvUBLUYr8VOwz+/6vLsmItFp51AcxLL7Ey3iPd7BIRyWPOcqUjMnm7OkahXllA==" + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.27.tgz", + "integrity": "sha512-DL3NmY2OFlqmYYrzp39yi3LDkKxa5vZVwxWdQ3rG0ekuWscHraeIbnI8t+aZK7qhYqEqWKTUdijadunb9pnrgA==" }, "node_modules/@vue/test-utils": { - "version": "2.4.5", - "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.4.5.tgz", - "integrity": "sha512-oo2u7vktOyKUked36R93NB7mg2B+N7Plr8lxp2JBGwr18ch6EggFjixSCdIVVLkT6Qr0z359Xvnafc9dcKyDUg==", + "version": "2.4.6", + "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.4.6.tgz", + "integrity": "sha512-FMxEjOpYNYiFe0GkaHsnJPXFHxQ6m4t8vI/ElPGpMWxZKpmRvQ33OIrvRXemy6yha03RxhOlQuy+gZMC3CQSow==", "dev": true, "dependencies": { "js-beautify": "^1.14.9", @@ -3746,9 +3739,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001611", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001611.tgz", - "integrity": "sha512-19NuN1/3PjA3QI8Eki55N8my4LzfkMCRLgCVfrl/slbSAchQfV0+GwjPrK3rq37As4UCLlM/DHajbKkAqbv92Q==", + "version": "1.0.30001616", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001616.tgz", + "integrity": "sha512-RHVYKov7IcdNjVHJFNY/78RdG4oGVjbayxv8u5IO74Wv7Hlq4PnJE6mo/OjFijjVFNy5ijnCt6H3IIo4t+wfEw==", "dev": true, "funding": [ { @@ -4181,9 +4174,9 @@ } }, "node_modules/css-render": { - "version": "0.15.12", - "resolved": "https://registry.npmjs.org/css-render/-/css-render-0.15.12.tgz", - "integrity": "sha512-eWzS66patiGkTTik+ipO9qNGZ+uNuGyTmnz6/+EJIiFg8+3yZRpnMwgFo8YdXhQRsiePzehnusrxVvugNjXzbw==", + "version": "0.15.14", + "resolved": "https://registry.npmjs.org/css-render/-/css-render-0.15.14.tgz", + "integrity": "sha512-9nF4PdUle+5ta4W5SyZdLCCmFd37uVimSjg1evcTqKJCyvCEEj12WKzOSBNak6r4im4J4iYXKH1OWpUV5LBYFg==", "dependencies": { "@emotion/hash": "~0.8.0", "csstype": "~3.0.5" @@ -4553,9 +4546,9 @@ } }, "node_modules/dayjs": { - "version": "1.11.10", - "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.10.tgz", - "integrity": "sha512-vjAczensTgRcqDERK0SR2XMwsF/tSvnvlv6VcF2GIhg6Sx4yOIt/irsr1RDJsKiIyBzJDpCoXiWWq28MqH2cnQ==" + "version": "1.11.11", + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.11.tgz", + "integrity": "sha512-okzr3f11N6WuqYtZSvm+F776mB41wRZMhKP+hc34YdW+KmtYYK9iqvHSwo2k9FEH3fhGXvOPV6yz2IcSrfRUDg==" }, "node_modules/de-indent": { "version": "1.0.2", @@ -4901,9 +4894,9 @@ "dev": true }, "node_modules/electron-to-chromium": { - "version": "1.4.744", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.744.tgz", - "integrity": "sha512-nAGcF0yeKKfrP13LMFr5U1eghfFSvFLg302VUFzWlcjPOnUYd52yU5x6PBYrujhNbc4jYmZFrGZFK+xasaEzVA==", + "version": "1.4.756", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.756.tgz", + "integrity": "sha512-RJKZ9+vEBMeiPAvKNWyZjuYyUqMndcP1f335oHqn3BEQbs2NFtVrnK5+6Xg5wSM9TknNNpWghGDUCKGYF+xWXw==", "dev": true }, "node_modules/emoji-regex": { @@ -5235,15 +5228,15 @@ } }, "node_modules/eslint-plugin-cypress": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/eslint-plugin-cypress/-/eslint-plugin-cypress-3.0.2.tgz", - "integrity": "sha512-5hIWc3SqXSuR+Sd7gmNMzx8yJ3LWQQS0e+qLvEVF4C1JfFtu1s9imtEm1KxlCBCcKb7+6CyR9KQYs0GiI02AlA==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-cypress/-/eslint-plugin-cypress-3.2.0.tgz", + "integrity": "sha512-HaxMz6BoU4ay+K4WrG9ZJC1NdX06FqSlAwtRDStjM0ORFT7zCNPNuRJ+kUPc17Rt2AMUBSqeD9L0zTR3uZhPpw==", "dev": true, "dependencies": { "globals": "^13.20.0" }, "peerDependencies": { - "eslint": ">=7 <9" + "eslint": ">=7" } }, "node_modules/eslint-plugin-prettier": { @@ -6058,12 +6051,13 @@ } }, "node_modules/globalthis": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.3.tgz", - "integrity": "sha512-sFdI5LyBiNTHjRd7cGPWapiHWMOXKyuBNX/cWJ3NfzrZQVa8GI/8cofCl74AOVqq9W5kNmguTIzJ/1s2gyI9wA==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.4.tgz", + "integrity": "sha512-DpLKbNU4WylpxJykQujfCcwYWiV/Jhm50Goo0wrVILAv5jOr9d+H+UR3PhSCD2rCCEIg0uc+G+muBTwD54JhDQ==", "dev": true, "dependencies": { - "define-properties": "^1.1.3" + "define-properties": "^1.2.1", + "gopd": "^1.0.1" }, "engines": { "node": ">= 0.4" @@ -6447,9 +6441,9 @@ } }, "node_modules/import-meta-resolve": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.0.0.tgz", - "integrity": "sha512-okYUR7ZQPH+efeuMJGlq4f8ubUgO50kByRPyt/Cy1Io4PSRsPjxME+YlVaCOx+NIToW7hCsZNFJyTPFFKepRSA==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.1.0.tgz", + "integrity": "sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw==", "dev": true, "funding": { "type": "github", @@ -6941,9 +6935,9 @@ } }, "node_modules/joi": { - "version": "17.12.3", - "resolved": "https://registry.npmjs.org/joi/-/joi-17.12.3.tgz", - "integrity": "sha512-2RRziagf555owrm9IRVtdKynOBeITiDpuZqIpgwqXShPncPKNiRQoiGsl/T8SQdq+8ugRzH2LqY67irr2y/d+g==", + "version": "17.13.1", + "resolved": "https://registry.npmjs.org/joi/-/joi-17.13.1.tgz", + "integrity": "sha512-vaBlIKCyo4FCUtCm7Eu4QZd/q02bWcxfUO6YSXAZOWF6gzcLBeba8kwotUdYJjDLW8Cz8RywsSOqiNJZW0mNvg==", "dev": true, "dependencies": { "@hapi/hoek": "^9.3.0", @@ -7498,10 +7492,14 @@ } }, "node_modules/local-pkg": { - "version": "0.4.3", - "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.4.3.tgz", - "integrity": "sha512-SFppqq5p42fe2qcZQqqEOiVRXl+WCP1MdT6k7BDEW1j++sp5fIY+/fdRQitvKgB5BrBcmrs5m/L0v2FrU5MY1g==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.0.tgz", + "integrity": "sha512-ok6z3qlYyCDS4ZEU27HaU6x/xZa9Whf8jD4ptH5UZTQYZVYeb9bnZ3ojVhiJNLiXK1Hfc0GNbLXcmZ5plLDDBg==", "dev": true, + "dependencies": { + "mlly": "^1.4.2", + "pkg-types": "^1.0.3" + }, "engines": { "node": ">=14" }, @@ -7894,9 +7892,9 @@ } }, "node_modules/minipass": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.4.tgz", - "integrity": "sha512-jYofLM5Dam9279rdkWzqHozUo4ybjdZmCsDHePy5V/PbBcVMiSZR97gmAy45aqi8CK1lG2ECd356FU86avfwUQ==", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.0.tgz", + "integrity": "sha512-oGZRv2OT1lO2UF1zUcwdTb3wqUwI0kBGTgt/T7OdSj6M6N5m3o5uPf0AIW6lVxGGoiWUR7e2AwTE+xiwK8WQig==", "dev": true, "engines": { "node": ">=16 || 14 >=14.17" @@ -7920,15 +7918,15 @@ } }, "node_modules/mlly": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.6.1.tgz", - "integrity": "sha512-vLgaHvaeunuOXHSmEbZ9izxPx3USsk8KCQ8iC+aTlp5sKRSoZvwhHh5L9VbKSaVC6sJDqbyohIS76E2VmHIPAA==", + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.7.0.tgz", + "integrity": "sha512-U9SDaXGEREBYQgfejV97coK0UL1r+qnF2SyO9A3qcI8MzKnsIFKHNVEkrDyNncQTKQQumsasmeq84eNMdBfsNQ==", "dev": true, "dependencies": { "acorn": "^8.11.3", "pathe": "^1.1.2", - "pkg-types": "^1.0.3", - "ufo": "^1.3.2" + "pkg-types": "^1.1.0", + "ufo": "^1.5.3" } }, "node_modules/ms": { @@ -7954,9 +7952,9 @@ } }, "node_modules/naive-ui": { - "version": "2.38.1", - "resolved": "https://registry.npmjs.org/naive-ui/-/naive-ui-2.38.1.tgz", - "integrity": "sha512-AnU1FQ7K/CbhguAX++V4kCFjk7h7RvWt4nvZPRjORMpq+fUIlzD+EcQ5Cv1VqDloNF8+eMv4Akc2Ogacc9S+5A==", + "version": "2.38.2", + "resolved": "https://registry.npmjs.org/naive-ui/-/naive-ui-2.38.2.tgz", + "integrity": "sha512-WhZ+6DW61aYSmFyfH7evcSGFmd2xR68Yq1mNRrVdJwBhZsnNdAUsMN9IeNCVEPMCND/jzYZghkStoNoR5Xa09g==", "dependencies": { "@css-render/plugin-bem": "^0.15.12", "@css-render/vue3-ssr": "^0.15.12", @@ -8026,9 +8024,9 @@ "dev": true }, "node_modules/nopt": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/nopt/-/nopt-7.2.0.tgz", - "integrity": "sha512-CVDtwCdhYIvnAzFoJ6NJ6dX3oga9/HyciQDnG1vQDjSLMeKLJ4A93ZqYKDrgYSr1FBY5/hMYC+2VCi24pgpkGA==", + "version": "7.2.1", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz", + "integrity": "sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w==", "dev": true, "dependencies": { "abbrev": "^2.0.0" @@ -8217,9 +8215,9 @@ } }, "node_modules/nwsapi": { - "version": "2.2.7", - "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.7.tgz", - "integrity": "sha512-ub5E4+FBPKwAZx0UwIQOjYWGHTEq5sPqHQNRN8Z9e4A7u3Tj1weLJsL59yH9vmvqEtBHaOmT6cYQKIZOxp35FQ==", + "version": "2.2.9", + "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.9.tgz", + "integrity": "sha512-2f3F0SEEer8bBu0dsNCFF50N0cTThV1nWFYcEYFZttdW0lDAoybv9cQoK7X7/68Z89S7FoRrVjP1LPX4XRf9vg==", "dev": true }, "node_modules/object-assign": { @@ -8334,16 +8332,16 @@ } }, "node_modules/optionator": { - "version": "0.9.3", - "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", - "integrity": "sha512-JjCoypp+jKn1ttEFExxhetCKeJt9zhAgAve5FXHixTvFDW/5aEktX9bufBKLRRMdU7bNtpLfcGu94B3cdEJgjg==", + "version": "0.9.4", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", + "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==", "dependencies": { - "@aashutoshrathi/word-wrap": "^1.2.3", "deep-is": "^0.1.3", "fast-levenshtein": "^2.0.6", "levn": "^0.4.1", "prelude-ls": "^1.2.1", - "type-check": "^0.4.0" + "type-check": "^0.4.0", + "word-wrap": "^1.2.5" }, "engines": { "node": ">= 0.8.0" @@ -8504,9 +8502,9 @@ } }, "node_modules/path-scurry/node_modules/lru-cache": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.0.tgz", - "integrity": "sha512-2bIM8x+VAf6JT4bKAljS1qUWgMsqZRPGJS6FSahIMPVvctcNhyVp7AJu7quxOW9jwkryBReKZY5tY5JYv2n/7Q==", + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", + "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", "dev": true, "engines": { "node": "14 || >=16.14" @@ -9460,9 +9458,9 @@ } }, "node_modules/rollup": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.14.3.tgz", - "integrity": "sha512-ag5tTQKYsj1bhrFC9+OEWqb5O6VYgtQDO9hPDBMmIbePwhfSr+ExlcU741t8Dhw5DkPCQf6noz0jb36D6W9/hw==", + "version": "4.17.2", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.17.2.tgz", + "integrity": "sha512-/9ClTJPByC0U4zNLowV1tMBe8yMEAxewtR3cUNX5BoEpGH3dQEWpJLr6CLp0fPdYRF/fzVOgvDb1zXuakwF5kQ==", "dev": true, "dependencies": { "@types/estree": "1.0.5" @@ -9475,22 +9473,22 @@ "npm": ">=8.0.0" }, "optionalDependencies": { - "@rollup/rollup-android-arm-eabi": "4.14.3", - "@rollup/rollup-android-arm64": "4.14.3", - "@rollup/rollup-darwin-arm64": "4.14.3", - "@rollup/rollup-darwin-x64": "4.14.3", - "@rollup/rollup-linux-arm-gnueabihf": "4.14.3", - "@rollup/rollup-linux-arm-musleabihf": "4.14.3", - "@rollup/rollup-linux-arm64-gnu": "4.14.3", - "@rollup/rollup-linux-arm64-musl": "4.14.3", - "@rollup/rollup-linux-powerpc64le-gnu": "4.14.3", - "@rollup/rollup-linux-riscv64-gnu": "4.14.3", - "@rollup/rollup-linux-s390x-gnu": "4.14.3", - "@rollup/rollup-linux-x64-gnu": "4.14.3", - "@rollup/rollup-linux-x64-musl": "4.14.3", - "@rollup/rollup-win32-arm64-msvc": "4.14.3", - "@rollup/rollup-win32-ia32-msvc": "4.14.3", - "@rollup/rollup-win32-x64-msvc": "4.14.3", + "@rollup/rollup-android-arm-eabi": "4.17.2", + "@rollup/rollup-android-arm64": "4.17.2", + "@rollup/rollup-darwin-arm64": "4.17.2", + "@rollup/rollup-darwin-x64": "4.17.2", + "@rollup/rollup-linux-arm-gnueabihf": "4.17.2", + "@rollup/rollup-linux-arm-musleabihf": "4.17.2", + "@rollup/rollup-linux-arm64-gnu": "4.17.2", + "@rollup/rollup-linux-arm64-musl": "4.17.2", + "@rollup/rollup-linux-powerpc64le-gnu": "4.17.2", + "@rollup/rollup-linux-riscv64-gnu": "4.17.2", + "@rollup/rollup-linux-s390x-gnu": "4.17.2", + "@rollup/rollup-linux-x64-gnu": "4.17.2", + "@rollup/rollup-linux-x64-musl": "4.17.2", + "@rollup/rollup-win32-arm64-msvc": "4.17.2", + "@rollup/rollup-win32-ia32-msvc": "4.17.2", + "@rollup/rollup-win32-x64-msvc": "4.17.2", "fsevents": "~2.3.2" } }, @@ -9636,9 +9634,9 @@ "dev": true }, "node_modules/sass": { - "version": "1.75.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.75.0.tgz", - "integrity": "sha512-ShMYi3WkrDWxExyxSZPst4/okE9ts46xZmJDSawJQrnte7M1V9fScVB+uNXOVKRBt0PggHOwoZcn8mYX4trnBw==", + "version": "1.77.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.77.0.tgz", + "integrity": "sha512-eGj4HNfXqBWtSnvItNkn7B6icqH14i3CiCGbzMKs3BAPTq62pp9NBYsBgyN4cA+qssqo9r26lW4JSvlaUUWbgw==", "dev": true, "dependencies": { "chokidar": ">=3.0.0 <4.0.0", @@ -9775,12 +9773,12 @@ } }, "node_modules/shiki": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/shiki/-/shiki-1.3.0.tgz", - "integrity": "sha512-9aNdQy/etMXctnPzsje1h1XIGm9YfRcSksKOGqZWXA/qP9G18/8fpz5Bjpma8bOgz3tqIpjERAd6/lLjFyzoww==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/shiki/-/shiki-1.4.0.tgz", + "integrity": "sha512-5WIn0OL8PWm7JhnTwRWXniy6eEDY234mRrERVlFa646V2ErQqwIFd2UML7e0Pq9eqSKLoMa3Ke+xbsF+DAuy+Q==", "dev": true, "dependencies": { - "@shikijs/core": "1.3.0" + "@shikijs/core": "1.4.0" } }, "node_modules/side-channel": { @@ -10444,9 +10442,9 @@ "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" }, "node_modules/tailwind-config-viewer": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/tailwind-config-viewer/-/tailwind-config-viewer-2.0.1.tgz", - "integrity": "sha512-0mfPRjxzKvQNW5YNh1EXhURV54ZtBvK4489tD8iosAVO8MZagC5BSdcl1i2b0tG+TiYIyEzBwDGQpE9vV/5gaA==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/tailwind-config-viewer/-/tailwind-config-viewer-2.0.2.tgz", + "integrity": "sha512-YkMEbWgvTyEp7J5S7qY9KGLHml6SLO8kQg4Q5xNM4tWJ+cFtSO/Rv2UKfYHYnE7UsY4Lb1LkHmNs3YSbU2mT2Q==", "dev": true, "dependencies": { "@koa/router": "^12.0.1", @@ -10522,9 +10520,9 @@ } }, "node_modules/taze": { - "version": "0.13.7", - "resolved": "https://registry.npmjs.org/taze/-/taze-0.13.7.tgz", - "integrity": "sha512-7of7fg1+2O5fm4eykJdCOkr9D0TEjZeXDdgm8hST4C+iFxa24Vzjm3Dk5TQ7JjId2ut+yRE2KE++YaSY7Vh5ng==", + "version": "0.13.8", + "resolved": "https://registry.npmjs.org/taze/-/taze-0.13.8.tgz", + "integrity": "sha512-FaHz2S04VTaAuqfhkA9XXj+GQH4Qq7lhpie0xqE4q8tJTPwHkZki41eKKOpbe2dtHwoIlLLG3MDtoOQwhOnD9A==", "dev": true, "dependencies": { "@antfu/ni": "^0.21.12", @@ -10596,9 +10594,9 @@ "dev": true }, "node_modules/tinybench": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.7.0.tgz", - "integrity": "sha512-Qgayeb106x2o4hNzNjsZEfFziw8IbKqtbXBjVh7VIZfBxfD5M4gWtpyx5+YTae2gJ6Y6Dz/KLepiv16RFeQWNA==", + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.8.0.tgz", + "integrity": "sha512-1/eK7zUnIklz4JUUlL+658n58XO2hHLQfSk1Zf2LKieUjxidN16eKFEoDEfjHc3ohofSSqK3X5yO6VGb6iW8Lw==", "dev": true }, "node_modules/tinypool": { @@ -10658,9 +10656,9 @@ } }, "node_modules/tough-cookie": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", - "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.4.tgz", + "integrity": "sha512-Loo5UUvLD9ScZ6jh8beX1T6sO1w2/MpCRpEP7V280GKMVUQ0Jzar2U3UJPsrdbziLEMMhu3Ujnq//rhiFuIeag==", "dev": true, "dependencies": { "psl": "^1.1.33", @@ -10947,21 +10945,21 @@ } }, "node_modules/unplugin-vue-components": { - "version": "0.26.0", - "resolved": "https://registry.npmjs.org/unplugin-vue-components/-/unplugin-vue-components-0.26.0.tgz", - "integrity": "sha512-s7IdPDlnOvPamjunVxw8kNgKNK8A5KM1YpK5j/p97jEKTjlPNrA0nZBiSfAKKlK1gWZuyWXlKL5dk3EDw874LQ==", + "version": "0.27.0", + "resolved": "https://registry.npmjs.org/unplugin-vue-components/-/unplugin-vue-components-0.27.0.tgz", + "integrity": "sha512-77eTEy23sQ0UpzGWnZ9I2mY3cnmXwklz4ITcn3JfxjCoX643ghImkiZ4nFm58sxbdVcc4Fo/o4LIoFnlqEqsSg==", "dev": true, "dependencies": { - "@antfu/utils": "^0.7.6", - "@rollup/pluginutils": "^5.0.4", - "chokidar": "^3.5.3", + "@antfu/utils": "^0.7.7", + "@rollup/pluginutils": "^5.1.0", + "chokidar": "^3.6.0", "debug": "^4.3.4", - "fast-glob": "^3.3.1", - "local-pkg": "^0.4.3", - "magic-string": "^0.30.3", - "minimatch": "^9.0.3", - "resolve": "^1.22.4", - "unplugin": "^1.4.0" + "fast-glob": "^3.3.2", + "local-pkg": "^0.5.0", + "magic-string": "^0.30.10", + "minimatch": "^9.0.4", + "resolve": "^1.22.8", + "unplugin": "^1.10.1" }, "engines": { "node": ">=14" @@ -10983,6 +10981,21 @@ } } }, + "node_modules/unplugin-vue-components/node_modules/minimatch": { + "version": "9.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", + "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", + "dev": true, + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/untildify": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/untildify/-/untildify-4.0.0.tgz", @@ -10993,9 +11006,9 @@ } }, "node_modules/update-browserslist-db": { - "version": "1.0.13", - "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.13.tgz", - "integrity": "sha512-xebP81SNcPuNpPP3uzeW1NYXxI3rxyJzF3pD6sH4jE7o/IX+WtSpwnVU+qIsDPyk0d3hmFQ7mjqc6AtV604hbg==", + "version": "1.0.15", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.15.tgz", + "integrity": "sha512-K9HWH62x3/EalU1U6sjSZiylm9C8tgq2mSvshZpqc7QE69RaA2qjhkW2HlNA0tFpEbtyFz7HTqbSdN4MSwUodA==", "dev": true, "funding": [ { @@ -11012,7 +11025,7 @@ } ], "dependencies": { - "escalade": "^3.1.1", + "escalade": "^3.1.2", "picocolors": "^1.0.0" }, "bin": { @@ -11116,9 +11129,9 @@ } }, "node_modules/vite": { - "version": "5.2.10", - "resolved": "https://registry.npmjs.org/vite/-/vite-5.2.10.tgz", - "integrity": "sha512-PAzgUZbP7msvQvqdSD+ErD5qGnSFiGOoWmV5yAKUEI0kdhjbH6nMWVyZQC/hSc4aXwc0oJ9aEdIiF9Oje0JFCw==", + "version": "5.2.11", + "resolved": "https://registry.npmjs.org/vite/-/vite-5.2.11.tgz", + "integrity": "sha512-HndV31LWW05i1BLPMUCE1B9E9GFbOu1MbenhS58FuK6owSO5qHm7GiCotrNY1YE5rMeQSFBGmT5ZaLEjFizgiQ==", "dev": true, "dependencies": { "esbuild": "^0.20.1", @@ -11175,6 +11188,9 @@ "resolved": "https://registry.npmjs.org/vite-bundle-analyzer/-/vite-bundle-analyzer-0.9.4.tgz", "integrity": "sha512-a/w4ShKQEbTe7wllLXI+3D8ELgRv7iHDuWEPaXokA+FhWBXJCdtOZYIvLzvnn8vxHf+7pm1c23AeGyW/0Ge0Yw==", "dev": true, + "workspaces": [ + "examples/**/*" + ], "dependencies": { "picocolors": "^1.0.0", "source-map": "^0.7.4" @@ -11199,9 +11215,9 @@ } }, "node_modules/vite-node": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.5.2.tgz", - "integrity": "sha512-Y8p91kz9zU+bWtF7HGt6DVw2JbhyuB2RlZix3FPYAYmUyZ3n7iTp8eSyLyY6sxtPegvxQtmlTMhfPhUfCUF93A==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.6.0.tgz", + "integrity": "sha512-de6HJgzC+TFzOu0NTC4RAIsyf/DY/ibWDYQUcuEA84EMHhcefTUGkjFHKKEJhQN4A+6I0u++kr3l36ZF2d7XRw==", "dev": true, "dependencies": { "cac": "^6.7.14", @@ -11233,16 +11249,16 @@ } }, "node_modules/vitest": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.5.2.tgz", - "integrity": "sha512-l9gwIkq16ug3xY7BxHwcBQovLZG75zZL0PlsiYQbf76Rz6QGs54416UWMtC0jXeihvHvcHrf2ROEjkQRVpoZYw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.6.0.tgz", + "integrity": "sha512-H5r/dN06swuFnzNFhq/dnz37bPXnq8xB2xB5JOVk8K09rUtoeNN+LHWkoQ0A/i3hvbUKKcCei9KpbxqHMLhLLA==", "dev": true, "dependencies": { - "@vitest/expect": "1.5.2", - "@vitest/runner": "1.5.2", - "@vitest/snapshot": "1.5.2", - "@vitest/spy": "1.5.2", - "@vitest/utils": "1.5.2", + "@vitest/expect": "1.6.0", + "@vitest/runner": "1.6.0", + "@vitest/snapshot": "1.6.0", + "@vitest/spy": "1.6.0", + "@vitest/utils": "1.6.0", "acorn-walk": "^8.3.2", "chai": "^4.3.10", "debug": "^4.3.4", @@ -11256,7 +11272,7 @@ "tinybench": "^2.5.1", "tinypool": "^0.8.3", "vite": "^5.0.0", - "vite-node": "1.5.2", + "vite-node": "1.6.0", "why-is-node-running": "^2.2.2" }, "bin": { @@ -11271,8 +11287,8 @@ "peerDependencies": { "@edge-runtime/vm": "*", "@types/node": "^18.0.0 || >=20.0.0", - "@vitest/browser": "1.5.2", - "@vitest/ui": "1.5.2", + "@vitest/browser": "1.6.0", + "@vitest/ui": "1.6.0", "happy-dom": "*", "jsdom": "*" }, @@ -11353,22 +11369,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/vitest/node_modules/local-pkg": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.0.tgz", - "integrity": "sha512-ok6z3qlYyCDS4ZEU27HaU6x/xZa9Whf8jD4ptH5UZTQYZVYeb9bnZ3ojVhiJNLiXK1Hfc0GNbLXcmZ5plLDDBg==", - "dev": true, - "dependencies": { - "mlly": "^1.4.2", - "pkg-types": "^1.0.3" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/antfu" - } - }, "node_modules/vitest/node_modules/mimic-fn": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz", @@ -11459,15 +11459,15 @@ } }, "node_modules/vue": { - "version": "3.4.25", - "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.25.tgz", - "integrity": "sha512-HWyDqoBHMgav/OKiYA2ZQg+kjfMgLt/T0vg4cbIF7JbXAjDexRf5JRg+PWAfrAkSmTd2I8aPSXtooBFWHB98cg==", + "version": "3.4.27", + "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.27.tgz", + "integrity": "sha512-8s/56uK6r01r1icG/aEOHqyMVxd1bkYcSe9j8HcKtr/xTOFWvnzIVTehNW+5Yt89f+DLBe4A569pnZLS5HzAMA==", "dependencies": { - "@vue/compiler-dom": "3.4.25", - "@vue/compiler-sfc": "3.4.25", - "@vue/runtime-dom": "3.4.25", - "@vue/server-renderer": "3.4.25", - "@vue/shared": "3.4.25" + "@vue/compiler-dom": "3.4.27", + "@vue/compiler-sfc": "3.4.27", + "@vue/runtime-dom": "3.4.27", + "@vue/server-renderer": "3.4.27", + "@vue/shared": "3.4.27" }, "peerDependencies": { "typescript": "*" @@ -11496,9 +11496,9 @@ } }, "node_modules/vue-component-type-helpers": { - "version": "2.0.13", - "resolved": "https://registry.npmjs.org/vue-component-type-helpers/-/vue-component-type-helpers-2.0.13.tgz", - "integrity": "sha512-xNO5B7DstNWETnoYflLkVgh8dK8h2ZDgxY1M2O0zrqGeBNq5yAZ8a10yCS9+HnixouNGYNX+ggU9MQQq86HTpg==", + "version": "2.0.16", + "resolved": "https://registry.npmjs.org/vue-component-type-helpers/-/vue-component-type-helpers-2.0.16.tgz", + "integrity": "sha512-qisL/iAfdO++7w+SsfYQJVPj6QKvxp4i1MMxvsNO41z/8zu3KuAw9LkhKUfP/kcOWGDxESp+pQObWppXusejCA==", "dev": true }, "node_modules/vue-eslint-parser": { @@ -11587,13 +11587,13 @@ } }, "node_modules/vue-tsc": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/vue-tsc/-/vue-tsc-2.0.14.tgz", - "integrity": "sha512-DgAO3U1cnCHOUO7yB35LENbkapeRsBZ7Ugq5hGz/QOHny0+1VQN8eSwSBjYbjLVPfvfw6EY7sNPjbuHHUhckcg==", + "version": "2.0.16", + "resolved": "https://registry.npmjs.org/vue-tsc/-/vue-tsc-2.0.16.tgz", + "integrity": "sha512-/gHAWJa216PeEhfxtAToIbxdWgw01wuQzo48ZUqMYVEyNqDp+OYV9xMO5HaPS2P3Ls0+EsjguMZLY4cGobX4Ew==", "dev": true, "dependencies": { - "@volar/typescript": "2.2.0-alpha.10", - "@vue/language-core": "2.0.14", + "@volar/typescript": "~2.2.0", + "@vue/language-core": "2.0.16", "semver": "^7.5.4" }, "bin": { @@ -11814,6 +11814,14 @@ "node": ">=8" } }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/wrap-ansi": { "version": "8.1.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", @@ -11950,9 +11958,9 @@ "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" }, "node_modules/ws": { - "version": "8.16.0", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.16.0.tgz", - "integrity": "sha512-HS0c//TP7Ina87TfiPUz1rQzMhHrl/SG2guqRcTOIUYD2q8uhUdNHZYJUaQ8aTGPzCh+c6oawMKW35nFl1dxyQ==", + "version": "8.17.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.0.tgz", + "integrity": "sha512-uJq6108EgZMAl20KagGkzCKfMEjxmKvZHG7Tlq0Z6nOky7YF7aq4mOx6xK8TJ/i1LeK4Qus7INktacctDgY8Ow==", "dev": true, "engines": { "node": ">=10.0.0" @@ -12000,9 +12008,9 @@ "dev": true }, "node_modules/yaml": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.1.tgz", - "integrity": "sha512-pIXzoImaqmfOrL7teGUBt/T7ZDnyeGBWyXQBvOVhLkWLN37GXv8NMLK406UY6dS51JfcQHsmcW5cJ441bHg6Lg==", + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.2.tgz", + "integrity": "sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==", "dev": true, "bin": { "yaml": "bin.mjs" diff --git a/frontend/package.json b/frontend/package.json index 6949e9296..7521d1f6f 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -45,7 +45,7 @@ "bytes": "^3.1.2", "colord": "^2.9.3", "crypto-js": "^4.2.0", - "dayjs": "^1.11.10", + "dayjs": "^1.11.11", "detect-touch-device": "^1.1.6", "echarts": "^5.5.0", "file-saver": "^2.0.5", @@ -54,13 +54,13 @@ "lodash": "^4.17.21", "markdown-it-highlightjs": "^4.0.1", "mitt": "^3.0.1", - "naive-ui": "^2.38.1", + "naive-ui": "^2.38.2", "password-validator": "^5.3.0", "pinia": "^2.1.7", "pinia-plugin-persistedstate": "^3.2.1", "secure-ls": "^1.2.6", "validator": "^13.11.0", - "vue": "^3.4.25", + "vue": "^3.4.27", "vue-advanced-cropper": "^2.8.8", "vue-highlight-words": "^3.0.1", "vue-i18n": "^9.13.1", @@ -82,21 +82,21 @@ "@types/html2canvas": "^1.0.0", "@types/inquirer": "^9.0.7", "@types/jsdom": "^21.1.6", - "@types/lodash": "^4.17.0", - "@types/markdown-it": "^14.0.1", + "@types/lodash": "^4.17.1", + "@types/markdown-it": "^14.1.1", "@types/markdown-it-highlightjs": "^3.3.4", - "@types/node": "^20.12.7", + "@types/node": "^20.12.10", "@types/validator": "^13.11.9", "@vitejs/plugin-vue": "^5.0.4", "@vitejs/plugin-vue-jsx": "^3.1.0", "@vue/eslint-config-prettier": "^9.0.0", "@vue/eslint-config-typescript": "^13.0.0", - "@vue/test-utils": "^2.4.5", + "@vue/test-utils": "^2.4.6", "@vue/tsconfig": "^0.5.1", "autoprefixer": "^10.4.19", "cypress": "^13.8.1", "eslint": "^8.57.0", - "eslint-plugin-cypress": "^3.0.2", + "eslint-plugin-cypress": "^3.2.0", "eslint-plugin-vue": "^9.25.0", "flourite": "^1.2.4", "fs-extra": "^11.2.0", @@ -107,19 +107,19 @@ "picocolors": "^1.0.0", "postcss": "^8.4.38", "prettier": "^3.2.5", - "sass": "^1.75.0", - "shiki": "^1.3.0", + "sass": "^1.77.0", + "shiki": "^1.4.0", "start-server-and-test": "^2.0.3", - "tailwind-config-viewer": "^2.0.1", + "tailwind-config-viewer": "^2.0.2", "tailwindcss": "^3.4.3", - "taze": "^0.13.7", - "unplugin-vue-components": "^0.26.0", - "vite": "^5.2.10", + "taze": "^0.13.8", + "unplugin-vue-components": "^0.27.0", + "vite": "^5.2.11", "vite-bundle-analyzer": "^0.9.4", "vite-bundle-visualizer": "^1.1.0", "vite-svg-loader": "^5.1.0", - "vitest": "^1.5.2", - "vue-tsc": "^2.0.14" + "vitest": "^1.6.0", + "vue-tsc": "^2.0.16" }, "engines": { "node": ">=18.0.0" diff --git a/frontend/public/images/crowdstrike/crowdstrike_api_settings.png b/frontend/public/images/crowdstrike/crowdstrike_api_settings.png new file mode 100644 index 0000000000000000000000000000000000000000..4b237d2dc94540dbe979281ac1840c652bf8be16 GIT binary patch literal 24465 zcmeFZ2UJsC`!5(PDk@k&kt!AxrHO!arHWEix^xhblF$O71uTF_Rgof9dIymb2n1|^ zh!8>x5E2xG1VR#82oTCWf%pC1@BZ)HHFwsm|ID4aH%oKE*=Ild+0Smjr=6Gg^tF#1 zI&%mF0v*x0t?>W^+JguFM;_P@-06&c^92O5G1JkwW#m6Hix2WJ(&XF!D?~8%8Sr_c zcGD>Al9~7$&RFjg-`?N9swplkw%hyEr3-^Yy-A9Ko=a9fsRIPR6UgCww4g!KY`46R zU&KYYa|p49Jb8-yB+$aIVX|v7`z{dZ2{E?k2yjD94)}s{XY&G=FbMEPy1ISq0KgTf z$9(%1ClaXezIywX5Ofa+bkq45>()&Y!1R-DVb-lD+te~NS+_vj)D)usj~kduz@8Gj z{Nkv<4>!Yh@Vc$xG~r{dSo3q%(>E<1BBt;QOVfSci)~#I&lwdNjjruW3_79}MvCm& z7--&8d#llhsBc~eU5x>&;_IrF{O8`s#Kk#18yR0CCb(8qST-ok6Y8jxNdhX!(biUI z5zCD|2=p-`jHLA(Hn2R{W#NM3#*V$|K|$wvCzn4_Lcb18UUB>!%^ps@SZ;-?h&deJ z-}d{@d_rFxS-#h>O{@JP4-d~}XZ@_pR|uB($5ey8>6{?7*P5wzeNHXdWk#Y0#Cluag}KBDG$p*Bpw3eB$2S&x%@f*%-B7O>sYZDyGYOoXB zVrG_*^^jbpko9_{z@?&PBr{r>4t6?>DZYC904j(9QR$3>m8!u?^T(F5$d98NfB~Ai z>W_f`imNb5)O3Eqd~D#c+u=@^p|?0xt|(}6(0glhW8^3UU8s+38~?I8cD#W15I*s$ z-=FHI7JD2!#`9T|qQ`6I8BF#ZPQep#9x6B#D(Q%+eN{hGjyS<*=$iR7b$J?^ENq`p*EB<>T(yF5wqS{+_OP{s!pG{ zVZluCJ>0#V(FGru4yU@F&6`2ImIC`_mZ*4V2CjyH=br};Sw)4g{8SM+g}l19 zR!gQ&_8g4kNqL)Y;F=W_tF5KAu=;jJ-Gb^Oz{i(f0nW`18ks<6DQ4YNaK;Y71D@7JY_@F>xr#FeYIMjO}9AW!HoW=Ul^9?N~V zuwdREG`DQqR*mVwlTu`*4OjyFc`m4V)MBGME4HDo!kg-9Y!0RWs&p-sZTxaD-x#+h z`R;vc(5pp);uVu*H`7YJLwI9<^eTfgY-1fTJ@D|uEHhu?b9pf!!osZdiT;;{@+#O@ znW%Lj$2qCP+JbsVgPUA@xOGZ26SdS~xeg;g zl`c!Lfu016e=`tSPz<$BSaltC4R&t=KWA7*P(_RMEUW0gS5M z4ev1Spm&B=!{ihnytO+WL42ij_(beQq)aO3=@TcOUEz_7n)Q5n>mcNl{9dJ9x6Q_% z?Rmm4e(1gKhUd#ajkY+s(NGxuCj*Lb5TBs;8K@|>tfOFK zXo-E@q0R7@D;=gHD3Qq0^vi@&HZsd zs%DILIbbuA?HRG8!yBWUC2$G)CS?{ zEbq3t<@0XE@Ob9ERZYzhyZbF+r_X$$)AwmH>}k`0P$1IC#Z2008)`-SqRyN1E``s7 zjK2oG#AGm}oevL44?Bn)DBXqZAMQj5`b=PrpI6fy>Ar3A%jV?epA^HkAms#Q*)X!> znvd2JArsXUpeu0=x#-PQ(8tH2R$gqA^pp26arQLeBdlJULDh5IjiD+;!)SLqOV=#P zO?x+17QBLC{z+3g)|Bo(K-A>X2nKG=DM1Rm;~W2$%dE@!Y%Y zOgz1J0aN{zST6`)nIFZVU|D^5xGr%^+41LC!=gi+aTZ6*sjVJB^5?Dm{cZm6Ik-qb zwlK{~uK>xtIgbMK;J1JLbt%7+Yq9qsAL{U7-4NPQKuJo^sA!UHFM3XB#O7OwVfpY5SiFi+Ff&}~v$ zKlw+&4WrxlcP+BPVE(+@7{MX!GybT@_9Ig<)b@BmgYEX8Af|kfSt=V~pWyY?00woV z$psZiclDWQgQXGCSsrWY85v**er>bM>&Mp@EmLM03(CGf6A~&Hx74vRe(7(s&C`;Pa0$@@vN`W$s!HlhFA(5P5!u+(slscNr|aCF2CYD%e;2$9 zT$Y?hbjzFu&NWG-b~}{ubG$R2>UWy>@q!i%UubF4{&*|_-_U#pqugG~91MwPjj1h^ zh8^xq!{7x(oUf13NpZm9uW&dlSRE9=U&%j5ujgTnqZY#iSYA)%mjosovig*-BXjkG z>%NgHa03na2KPVJh<57=!e$Ga)%FU979&?X-j9G`p}nIi+cRf-?v+LV=ly1=5>}`7 zY|nbX*BHDUa%+Wbu>EIU2T7K-YqJ*A&Wc-0%Loc`9gmri+#LIH|JKo$lYjOdxUnzY z8yZ$D$A8yF{!)}fVdR10OKh)mB88r_9ldi|1S}CsZ|svxfZ}R>?VXYX#8uRtsspMU z&!0j!H@-ZbleWE-K%96D)+z%DJ&c6pu+|vpCiDbLf}kgl&mv#4Ff<5+(PM#P5GW^{ zbdd#>K_CseZOMQlx&I#~RDBYUQ}m#aJCn)#^~| z3;6`-wcil?Hwi4Q2^2~FppCGvt*QArXkEs9wu~cKE5ecAl1xpn@!(Ti2i@yv0jGXe znXRj8GL}Zm^bcQZ!oS?5y{qEHK}gKK;P=v##Nr?Yl{MZd3X5Y-Jq;Llj>TEN=ytF} zko03zj3&(Pw~l7B08`EUWRIicB)96KrmZB6pMNM>Pw#2CWJW z9mHgWlT7}I>WUnHS*C&5y_I&w^m)T0J_dgmHk;kP@z;d>b9epg?GFO$9=)ln2olz(T0B0Xwa)r-5RCDO}3|%f&vZM2`8I3 z8ohipn0XY;>FkwW)}$0d#v4PgK+{swxDwY&JDa&+Su#jLG4V@CuJvZYdxp1FQ!?&b zB1zpt?jGY`kw`wP~*W~z#$ zozb3Xz&7^8x1)#hGX+o{Gi2Y^r*XA|?5(E+SmTX>&*oU1gfXZF)862&Pl3`|T#3fA zD)QMx6*{)lDu$V3v8&YPt^w-$`mc@GwJ_*o-jjJe@esLa!pLA!i~+_$tW-W|kT6Tl zi^b!x$+B%4_751jWN&)SL^fq`xslGDoax``K|m%3W+9j5#XNm0o4yb-f_s>W$?fix z$v|)ZSf;UCsj;ys*>q~pGJY%289H0{#Y%cDbgboGFlKui;oB9E{HL;0vj;BxNZs(0 z&U=?WJ-9K!9)C)vw0xNI=t_iV6bKV2(Uh6r_xtlkv=H}#nJEW#f&#mVn<&sw%a;hAYHWmWj z$vctI0O&Sm$>{5;R0^mA`A%d_l21zS2f|dk^Npn>s=f^C@0+b0kQv zibrL4Kzjfa8o^j9qP#Jc*cyw6(kOU$v`wjY3I8+;_dJ5es~~X!-7uSg+6=Ukm?^DW z^UH$CT)sAA$EkP&~d)8c0*$(rPYbWZO>4Ur(K&J8wkGelCz=Fo>;dHfEJ$_>iL z;KkPxbGvwocu)2X&a%rIb7Q7c*R#)NG2zqb=}Z;u3&GI0 zwD}bk4*>z|WglehHqg{!7|R!KBhsZ=Cn)a@R?Wrj;K$fR40s2Z#z1!P>UER955{YM z5$HAJ`Acg5Iy)U4|6d|x%D=V{0MJp@>&kH~F2(%Rwwb7gk4^2a?rJ*_DMp=;VEOmOraMaXMf63 zHyQi7-KyanKI5}x^Pm>PY4I)-zXSSUJbjY~Jc#Mj*UZTBc;6eRuB7)VJ3tZVHXCE8 z>pluAu`Jo<1}(p)mSpx>#o5AiX{H1d0yG|KS}HJ|DNu!;Q&CoyVF^Em`i=-?w1Y*@ z)%pz3u60X4=_|<%+LXty5|^qPwv_@&WUgg-qpB;}VJ0Orl)kW_B(2R*FqNpxZA4Wl z5m-Z8Uy;ka4A+N6%!p_8S!u)g8?MAqd4Qi$=41NN=%TggE zdc|0~*#9p2UqBk1L9m!Ut&`z)(8^oF7p8^yFYD+id_4T|$j7}NpYx-I^q}YNN@M7? zuQLV4?+|Zifu!T~R-IFBz4`kn5BzUVXZnx-sP)eLHwSc?WJ#qQ+%a7sx7r?ReYz%7H=~t>`Jsvf>1BLWXk5d1QBuqkX z$4+o!KcX@DFDByu)uk9J>@O%1>%>~FH=X~16FvV1A(s9Pm7xAXA~z-e#~*i=kZ4Ix zOOxn?AnuOgXpBxg9y__Vwpi!i9ojxR7HW}Y)6}-S%E2*~{Pp(-_g3uu%6tlXya7a+lDZxG|9fc5hm+z+vb%ltz zcUy-e(GykB(U(=}`@NN%7tMk*LZ>=uxH({(8j?h+D_?bxY`+~FFBMXX$>_e_?$aw} z&S!dLZE?>HRe>xIHkeG&BFQ>*&>uf8Gq&E$!Ua#x7rU&qU^E0V? zL9$CuqEV@c?BKdOLV^}FN(L4*s&t0Fb7P&LhXAX%kV87RI&_8&Jid#F|I3<2eMBNbuULoga7pm91XQ4yps(sXdxgCtdUF ziW7UvfA4zoEXA-WaiqXR4H3ZxI%Kb(ZQ`2t@F4z-0O(SreE7p+ul~RC>7Z zDJ)s(>g#KvJCh|G(3z+z_u++lKgz@4@4vsks8*>CO;veTF?APkoxgvc-H5oB9upIz z%PyiOCzer0F|D+2ZHC*((WPaVEo%6c1Iq&7xVoqQ3x9N$V&dc5BaZO;Ofq~3)6Jg0 ziKhiNRj8v4CxoD|CDnZ(+iZ14s*KyjG6mPCMgyGCX+0>HzNyoKTjvT`91oAE1o@pO z7akl|MrWzUfByVA7_QZ2(-NW#YmhFJ%Z67R6;R59OdB zyRp{Krc2=n`6$<&F3$^a>B>+WbZj;~@zHSEz&fq6)|6V0z&8a*`%%_}v(kFXK7Yo0 z0giB6uj9yY2(S{^y_(jCtDRRr6r0mFRD5R&4@(-hw7_Vl(iNSFw=RZeF03^&e&fvYNN2w=IMd~{YI&u?@6@#095Sk|BCISU~cDd+?_jNkfqY~KI2M@$L^Jx0k`qNa*JvL z8h;eua4u6sF3>50${{F$?nwwe_TGxzuwbNZoyGB}Q^mpS*iMfZ+40g}{R9AaO~;4j zZoAF(@m8Ch3+i1lL5~){yGNvq4wISDC`Gea;plP6&3b8$Uyrz)f8V%KD)7QHRO(_kt@s}R;mta|7id0>RYm!GJK3k_jTK^opOrfC3U{K$$uW( zZP?dt3{w)*K(KVcShMkoNmEl(t~Ra?Ut?y)*Dk8JM(0ZCGW=0fb7)xf^ZpMj0_$sQ zNR>n>O-e^chkw}6`n}pfhayOLkx+#sA@y^WtiWmf1QRwLFlKNXBL+^f zq=J-O0sfRN&C_QoOWs#+;FvVB09#2{v0+#HEGl&Ccb&g2 z6nlBo!LOYhWFR3C9~W0(5cJFCEK(CV10R2TgR!!-wjLaqiVBMgR|M4V%9cPnni7c0 z6b=k|HR4M5P>%Ljh?$w4oppQCv>}^Ejt9s%6{mpngpp$YK;X#%=E*$!y4O*px?il3`Cqpp72oo9K5^Su%oIhooWiGdMV!}J zxWDR~wQwoqXs>&MY95Ije_rQf!k4h(RB(YPFs?dp-18*uN}SS)qaYZ)H|KdT>!y?p zJCy*FGvR!P)}a#xu66H9cB;MppQc(smZZF@s?CV@e4}mBKfDKwNt$!osa5Ok^hKKM zqV9mZv@tNH07LS*@PmdjI9+3CG~~_s;oEj!jJjkEx$rq@=XGQsq(~Z9cNu9SNI=9v z?8$#sTa7Mn^_mMuRl{FSM15IlNh)x0ztcZ-`wYeP+>n{hIjM)d(K5B)Y*WvK_Z#hf zX?*3O@MEsKQSPT4-CPefSEZI*j=J=*d7L*yak9bFu6Nk6&9SSS09RS}%*e=S@S!^X zl4FcYb8&&Plrb084xA-~+pFn@JEWx?%E#^Lg$D;;eR}g|RFq1B50Q{i?L3yazHX3L zS!uJ(U?@x7JFa7ZmU#2--DMviAFp`)+}wwB`NcRW6nYPN@NC%meJ4-Yi}K;V8C}93 zOrmCF@E4b(BvfoN0Z`ES`*-&7j%0}~6I@A2bDK)xNJMV#xpyfkpq1H|Pp7qzzOw+> zIq>{eyFUJ^$LNaX%axfK*Zv8$AEhNFZ=t8SLqvajru6C^IQwn!o^E8Zr~3)RY^caR zn??y5bxxw&@=Ha1m-L*mD#{`?vLz282@?A+8_2q4bPh<}Mw@o6s}hr7bV z^X{6WVvzlr8OhG{!z;Es4U zQ8Z!hoCpMi<$d_T=~j^V-Ne+ilZ@TcaQMum`T6;e*?O_B7h=IPjZdHM z;#1r|?H7{~cW@Bqa1nR0@Ad`lI}O~FLIYgS#qUkz=9^{5O0%=aUX{Pck(#s8^LeEP zH`wNexnWC_)y}BLs%r)e4twg$w8Lk^IHL}p<-?s%1SG7FJZt^X(?AnxYGU$@xY&`a zedHqoA@VS@uTNUYrNa4P6)l`y@Ow|stK&_0yj8&Z3R_3FNin`|;^um$((3&TA23)C zf)`D^oBT1azTS+Ro7+ec*%;)hTV@r13yE*lN3gj};c&P?+N(Q9U$$PYml@zAD%{`t zy-Q8AHMw3Nr3~qfWfLY{$-|sW0>KY9gwSUM$uX!ASs9spd)}iS-|>xOzp{6?eH4LQ z593t3bTQ1+J;5lv7yJQAHg{i-l|h+D2U*|@JbvEs0E2aObYAxN2VY@hV;h_pih6V8 z=utKOv-N{dUrg9X$T#;=_#86o;>|tXv6{nko}gdVxXtH9>O=FPO8FKDws69|xh`4t zvHt$BOQ~th9s0AnICj=uBoT5z(J4uU@upo~dU9vOP9JIwOF7go zE5&sO_QqI3H5-bHdf^L&s{Qor&dZ#Rs|sw;#|;V#P*Pu+&|bcSSUy)*bk`gxC@h@M z^oH|i)?)y+vQs#}ROvlnkw6vlw$@Nbi#2>*%kt}ViW0uLel9I8e)_)EM-R51ueeE@ z)|#o;{Fd9?$Xoqe>MnvA;%(iB@9B9Azwv~QHzQJ(0;Rw4VP8hg|3})p^DR1!!4&xX z>Vi-hr`>@IC4mmSy&@jnoPeTI%_rNQs;^zgrBVLMJcG3sl_$vczPn`P$T){r z5XQzIK7>#OZz2H`dZ!+kr{!MloBki3G=KG-Q1Tag<~vqqt$*NbgqqaZ0-*o8;k_BQ z(}UMeAJ{AO(k!0+vZ4JD7R!N&N>LjfUX>oa?qIWi)ZRJ4j1T7ReVo=2x0DIN-Tb8Z z-b*P@#$gIS8H79`gqLd7M~_&r7isRE#~61wykT*1b?r767Fe)6xH9Iiv$x&cu8j2o z+u>!k82jS}z@&FbT352;2E2Sf;$_KHow3Z0-S6c!T_YJp zdC87F@6KDhoRS8xao4ut@IlVu6UJTOQr8`W;Bm*4B3FoovGlfw@a?6q8pb}jlGJVE zT%HEc#gbH<$-s`K@WKzt`~Pz`sjLlS=59M{Jb-{FHvoJ?Uo%dYc;k#5p+UcPJ<(_? zyqAb85Y5Hy;Q*Z3l{MzU3;2VCj?pd~P1Y6vAT58|1A6IikS&VPGuA?|34m^Y z3p!-n04}+PRGtIf6ebuJ{Qw&#Vkl49K*#4Z)r=u&B{2{VCD5zL|J0@e(im?O6BF-p zjLJftZO#C$13~{3OX0735l8rO$$;tciQR5U+O{0Dh6_}SIfIyZ;#qKr6u(Ps*!t}prO>glz1bm%|_*4KlV=x_mG zOW+#59xBHnuzngw3poXx1-n2I2kXHqDq1i$Ee451a+~mXb{5H0W}^7h`uh4Pm4JJ2 za?EQZ(B`VRxE2THbm;m@ay>jq(i*iU0_aa^wBcYqrW=RgX8&fUcwjOH?(aVovN1Sl z(j?*R>|9k-)8D@ige$&Jkno5&$WzZ6KSf!jL>#T7LpAjl{%E`0@YtA#YD35piD;c= zf*5lS4pssp5=CWYWyf29^FOyGROq6JNNy^yqjzpp(>Ig%>rv3V-beo%K?S75QDhLK zIdnn1w--JV=&Y^bql>k*wf?5;?Cg{+`K)*ER+CYS@YwOl ziMh~1xZSPj)*NoP&&?mWqia2CTwSZq+}6P~_l&2V{A}N9Z*%E#GbekLz^*;T4RWrL zXEaWn47>DHk|HfBDbO(LxcIzlbn(**8Q3&+mS8z7B0XmA`n{MP9WEPJXVb7C@&-+- znk23SUYVGfu-n?K9A@ilpLo39)8nz)Fx4J|8(drBSM*!3F1xSl`75m+y%+nI@o{eC zS?yf<9&9A~8T$O^w_Z-i^JFts;1`<$=_R$`fL;}aL-OGKt{UaqQ1{s}e~5g|JGktb z*d(&AN>dO+JTme&Ej#6Q@em^4=q)w%E=+N{$@90`#UilXn9g2PT_gg`3>%pninFwj z=O^cCrEi(HG6ap3uo9bBg@sY!_QLu0V@VJ0Bi+RDI(+7i zN*-g&6h$Dmd@`^$Kj?GuOr&IQ4CmAbPQGW~ufuLa-ie3)`Hr!)o(M=+4yt<&g$3#3 z?=reGvOap^)eNZ?h4gAcjr5U~AH5mfTm8kGEA0_`x29@QK`k+T>x(}4n(41S?y_Tz zCVTem(M;MK85wCWjEaU^+|it_Xn+!Xhmn#afBrmrQkw*+6O-(M-#Yl{p`syzHrkL7 zE!js<)Xnz@)h$T!82TW^r@EZ& z8*69;vbSp7X>AtE&w*kskf~#3TUxRhBjJmW@!F2lQ~qU0 z0+yjn@6v54AiPtUPJ9E=YIz-~MUz*dPoz(H=QZ}N5^0z5!ooQzx6yVxvb&0BFSCxj zDeM$|;iX;cKxb(@R8VOJoRX1oB>Gdod%-_1@(afgMt&m^}3FENd{V|WXSSfg=@dJ=)5TiuA65=Dy=c8#N;ru9bpoa$~$it&k zn%q9UY=H<_C(KMrOH12fE6`tl{StcC^5-@6ghXMwwX3IlYxeR~dE zF3oXPduWB+^_1_-nIBnwUFar4s}B-=E;}QS_pt;80)!axeM{F)pAUL*ls`v|Kc6>K zIjHTe?-ahDJ6TBg>keK9Lnr0fJkLVQ>7A`$|@d{6?#w<=)X7O&m1#-MMU)4X% z^sU*kW5?!IGy~bU*`k~Z(aW}er-?IbiY*>rCCT^_!a}2g3Cg(KYq7nqAuV%m-E=b6 zL2q$xZmi#@FxA~U+ILD=Sa=*BwIr|%zRZ=6lUPqx$6sTQxG$o|54BDJninP%-uBp8 zWE)=qg5MRsFi&3Q`m0fE4GoRKW56Rjdk4@4P~&6VoQmf5obB!F)dSC~y-Q8CcZ-o~ zJ8jtLpJjh17LI$H8U+u6-+{TVudgfperOpuJ z@^P8AntNd_o5)x2I`uA+vBXD!S?mN5tj`aq#b1_|p#G~1j{fuGnm>nzPFpwt{H2Vv zGEW-1&f*ICp~DET2csvoTaCR;M!8-%&fVyM!SmC!F8(f%O6S~1Nk~Yrv$q%Cr2od` zYD>Xr1jql_!3#^^(YMp2dePl+jpH9;0w-$diPY;qGQyavi^TgM)4H5k%m3WDbJ>{3 zVL=RPE4w#kM5YetNsLr&G~;qX{}4j2c)Gx2A}4lhs4)mDS_z7q*h=-Sdf)o_nbmAg zMs3>rjM}05&W$&Q9(i)^KKk-B?Sd6lYH#e(v#%cM><)N({$%D9Oh>4|GBw%FyW2ZKLjcXo0*{>ueh7U+x%_@ap6hvzb>_{QgcOQi07P5~-c zMh{X$#jW=OE=T(dP1W>Z2ZwWth`zc>O~%vm$<+v<&L#8T;`SiGQ}{l<#!Wyz>3z2= zY#4*8txeoBE&nxRa!q(YC*UYu(`oGP>XIofEtMC~s1uV$!q7fMi>G`V=!M|rj#E-k zfM-zDuU)%liOJyD0Gv_;!YW|&U!rm|ruzz={QS5tpRAP=0N}nW1eb1i zDfAcGoF)u`>k?&zK%L(UkKF-*(o0)gTmOEX5Og7>uW*!L3hMEAD!Jzv2E$}x8VdD#h~eq`HWAS#S>xq{KNcnJYK zzD63*K9iiZy5lUcL|HW)!47Cg*czD)bL^U`>aVvrdHEjKdoj(}-)_vP!fUkK}wM7hB zZ2vFf*CI(OOM z6D9Pd6wfAlVZpm^8hR~aPbdw*22QRsG^K*PNc164{_%@7i4EK14Sxh2yIljNra%tT z)|sUs=fl^yc@l(Gu7KX&N$D|}l4T7&;8c1Nb>PIvk5OPUz%F1io;LeY+NXe%VXGl? ze*WcDZ$2#u+q@wW1nWDFw!o zNv-F)%(LcQjVTo|9Jiq$eap9d{Vte;{Cf~n7@8~QiiWt zTvt(zd-?KUi-+KXFLQu4LSY%0uVy^9H0zHt}sOA3q*%9RrxmG(6RJsE3UM zX<55gDNxD~3Y;ApN(n*3^DHJX^?`wbV<^U!Ci9_%g^!#^9n&+x z_V_BGtlqyzo1Oi}k`l1nD*xS};;VD`@%Wr&I(_C&oR6X-CMCP>>@io9w{*V z;%l_Fl+!rBLofvd5R_yQq*UsOpFC7yB)aMrGl7*SFHQL$aD|LikP&D_LpdlXTZR!u>zhxFg@AT-Ecu=1@y%8*u@V~wMR-Lsh@IiY?FysvhuB8(|G+E}KHhExtdN7Kx!NZa*#z;1Fp@!lW1lDNK_&OA%Y$$nV9zqB9tBYu&D0I@u+(=0V?{z>K#Cx>d0h3RsmJ717Pz zfvPCThS!im?@kb`9bK5Mb(l247xz-F4;xnn{?f6tliB(q&-b#1xa zcukINr1wUkeygR*79+nHyaoL}~uRMpvWZRejo zdBXXZ?6wot_J;j`u}Rn+D7k9Dbzs0%27y2j0k0T<@<5>Px>ll5PW0*dd9VKT#5=8t zos-dA_*6jIuZH1n!5hT}nZYV^zinegS{7FtZ;YiAm7M(s zKMt2&L0XDi)IJ$Z_V z4GqtnhS>s^vsC+v7HvRVY4U=>V5p)!uL)Z2O$e^^M5#oXM0qS03wClUs8wSC$p*3U z@wmakq=KZzRYrrQ{nt(Pfku21FS$MBmrK)xc}SE!pf@F zNHkx58Huo%@c?){=J6n--TywDFe-M)-{Z>7D-NP=qCPW&Qy2_p@DLubBMf4(g;xj= z&=iqK4*?j|kl^Fzr{^5i2;{ArCk&pk|B;gVpyH?ewQKep8yn?ZNETJ#qnd3O1}Wz( zB)*@%xZK*RDY2g=6W~*o`J)0kuu3A`W)Hpsy)v=Ji=n+jJvA&QO5alpS4k7HqEZ|-I zuO5+p7qh$8$%7mM*-}H?vjZl}o%{#aTSudJv3df0%5p!J4qogNc16CLg^}V+Bu&o_ zyAN_@=@;TB*Af%C@b9U*=Z^=PAnI655jp}6MTnwev)80hzI8J7g!Ps zU7T#WZc5seSh@qUI14?&ispR( zQYhtSQ4fw&Gz`LeEe7cNvArh_a0T+Jh4<*O0(zcYd}g~lTg^kgh!c5`6(ZlG!Ko`` zL;@e+Qezy6paL6gW9XI}FCSk`Ak^1)I6-90LM4ku3H0n>*df%BY&FtFsQRzBcP?0% znR#+d0xzzZdhu^0Id9a$fp)q$KJQfvCq&$1F?QCI6;^3?OY-TxY{Xfk19-jDNcQk& zfKzS=-)J*ZZjm+ooNdg^!=utzl&f@dX{n#kvSrZ{Pbkcyud%5**xP>r(t}K78b*X? z1_lO~Gh$<7hbP*>kS%oP#^a7hz1QBwpn``XFlw+Jg9>+~5jGqFJGCDVim|$wHM>kf zoc;lEX3B#D^=lZ zU&E^cHr5cG6Jpn86cq|ci}Vq;tt^kRO&1{ipk!dUuWzEjAAoApK1RuktO$X|p8#GW zRIV8(^Wp%U%uY}4baeCBY8{YNRI~^>ymmO&m$IeP()ivQh+LWq|CiL#u0pT8MfuNH z18MxFT+y1R+5kH_1(Vyp^#LZQ>Sb)l*S^)5+W%~yo1UI)x$iC4a-DLW{J{qw3T%(4 zmD_a`lojcepBIY0W5vlG^Wn)^&M%$M!VpK;x%Ybiq@6eLCMw81mrnRO`hq5MHtBaa zJk6(Tqsyne;rHsI%~xQX|6sd3XJ=X;NO#ykpA$#a*B9A3btby2-`m_$D^7#g!_hDWw0rZ zU10X~_Lj7`HLL(ObxwwhuPCe@Rbo*t%_&1uuDDvb}FTzM&j;t&%&sT?aC^!ZNKEy@gu8(XD4l>58(t!QklQJS==jkb# z0(f}L@&(VFiLx8Gl&9)HXEiJ#zl7X`7`-;-!VkV)cYjmK&(9xTQ6UaCz=;iq?t273 zW)F=i_9>x1hL0rGy*rGr>t1RYT&}SK7WNHI$)~0@V1G?gw>in=fKeg>wXrb=#Kj)6 zl1j($sKg$@JzjTS0J#r1xB5n4mu7Wb%11A6US55=l zFw=r7MOi8lSNvTY5Gne}{QNwW0rfp=`rUY_YfTB9;kW*dSvdok6Py(!EpB3+3((@^ z^rWB+U=Pwiru&Nv%xirNnRWwek$9ay=VX&j^SU0FWw`dfYrK8nr}rG1xn@3w)O1CJ zLrP^~FhE$GGY1FpV#!L?;pI%cthbn_(?)#AHr0{Z( zU~WGctZ!ltye|76I+g@%E;pj-29)QW^7|^U7?+?7+~E`A+*hq?;Zzhe?7PqWSot=m_Vk{;+aQ5-{qbiY{~(Dy`lzt zu8uG^1j0$_W|#L#`NB;&P4jWjOxE6E&XBF9N}{r!74e3#on z{2_G7AzTWCe!S;~7jK`{ygdHUI0^-KL~B-=9R{{(NA&by%Y@s5!XB{t(WRz^KR!rb zU4^=m#$=1+K;`FFWFtAhS|A=##h6ETW>sBs7nt|)$6y_jmUy1?c{b2{9ka-|iBqgtOZhMGLpzd_JEa6*>0?yGzZORWE50($^B=xBKp^k1 zf7k$mF<+hg&uV(h5xZ$T9Y1j+Zfk1nk>@_~TMY+u*+0}DjDEm9{N4W5qkEg>Kc0O) zfB)hSwZoV8`}Srdx`z#PB4}jte32>fXCb;!1+4(O$w@mo@?#jV-5}UGKzrx)v&+-L zfEBM1aNhrSia6HquVn!SdDcfYV;h1z+J3jk_NzV~9b;h-Ar^EIie?ppwlhV{w+ka# z*__{nS%rWG4SaEL7jD=7xLwG}s{KlnRrq9^^ws}O`oAZTn~NwE%qLPDab z63f&J*DFNhCRWr=$_bOy?tcpx7KV&AJh;bs3TdPPnDg%6->dnJt!SWbJU1%G*3fN4 zYWdhm+ePpmJws`i)QfL4E*7hoz;$aVF=zFDzPh0!xYbR&DIt^`w zOxxH4c^7Dgz1J;J;qtL`tQ<3GO+!DTjLN6|ZUs}UQ{s=ViWUZ~B@@yN#8q9;16w8U z*57vt)-4TvTXI<>!BCZG;%wT;SW5R0ytS%vCS#z2ATr~J`!zR|)2{2Qg!FTkbP6nI zd|`Op@Ly7ce;#se>N?Asyr7%2HE-8b?QMY<0QTFsR+#_!-c$aH@w32$SA73+b?Xv# z0jnym(L6Y0*XP{bUBpB(up zB3KYqCLs?)3Wy5o^U)?&3J3^@NP-|lBqW3YQBj6kKt(~Ogajer04NCNCV&MCEnx~% zm_n2(VM-)~q(KsT1=s5P7y8>-_nvizeb2ey`Sw2hJ7&CL(Sn*AXW_+(54PRx4HxZ`7DX#Z_|89DelOiOsxaW5eUck##cLpun!Je2h)_$Zl8;Lo={;ok zV-+j(pl^^*^_!sC#!ppgi)nXTFBy~DB3EMT{gNdfel%gvbat7DS^7gw%~>JO1L`Z! z)Y&d`UC$zee8seHEO{}Hl*O^={?~B3>3;BvJd)>S?d#>U-Dvb{?0szkV@eoEl!to- zlB*0>lAHxwl|M7y&uYS2&(iMOVKhCO-=)p8p#dc$NlINM)%maenmL<=85-&Z_b&uu zyOd)$XB*^;*<~O6xTMe1rPtX{_+q^7=PELg<$I3kRVUnCInqKYZZ=GJ|1ygEfHt}rb~1LiQSFe8SY`| zx|XK*CsGx}a2j#4c(iHaG+)X5W?hXGa-LpPmN2UMBy7n!i~I-5X02v{XqBRaveC`) z@28%IS-)zivMIZ25F#k$bU{B-w{ZHY;$mRUtmj(HcP!Mtz_wnl!T5G^9INHX zuRcu9rr_EuI9g!kFkK;*dS=dg_@r02Ma3aM%o;o~mM`m^x;454v-GZzM+3`jOek*c zAu0v{w$-QLA-)dyTTPf#UPpZB@I12OMRuS!7^BBR;q{_kVLzTpLah_pH*E$1wwI9` zI}q~i)(t`oxw`*2NO3>xO2}rx#?ppZ8+%Sw2adLOz|4P1&``FChJ$Uo1lkTQ^OaA*$e5~;;J_pKK zMsm699=X)bf{;zpNs>Y$+SBuC#zgE_{y^Vu0H3L$>i7fF+OUW!Uf4IENvtoud;;S# zEVrzNZyUGRysLQNhE zNm*Y|t*MfLw}nczi9I-Z2MnH=LL6I>f-YRh~AnH`ah@+V?E{xX7Ekz?d>a+1p?b9ASE|)d#{%KX3*Di!i@gF>hg(oLd zGq;(erX$918Ac%lLM1^)qq^Y*=%%iS2;{JHYE{ya+HNVjU1)Orm_Je^FlYfY=s7SlQJ7KjPjv*7>_@JvloMc^zTm>RwT5gC@X)OWQ(reV&qScK1 z?G-cdH%+2ku3mN-fA*|=8fYeuH{m(&hWLx_WH_L%RS}(HX0j;G(~HqYui-|NtuCt# zcLH_Aa0WEvB8B48j7)loeK@`7MB~TI;lGR0tls2QeEwFYQh|xel~5Qg9lTKIm>~hL z^X-5-64|Mp(WG>7@~3VHc_Yp{@^x`#BmecgtO@uxT||9>fIRsIiK$TE+bXaC$P&7@ zd2qbMcYbtqOA#eC(xKGr@%{H8v$UD#})&P;A)g2Q=lLP~X8&po;I9 zz`5dGK_9>24)!n@5)yF|8kZ;T@CvsU+9nizK2Jkve!*fZT9PU`Fx^H)WIQXr9@H3& z>X`5V7WrPBRTW~bhPcVf>wc7BYh47x{}uz$Z5KMi2(c*&$veQqYoTh7tmlQ_VJE~+9 zs>l?`e_xwO1|aI)K+xNNw}4?eM=ZKJ|G-$)+rnwJKbx?IJ9@~@ZrDu)s+G1q@~q6x z35a8X3AF7jj?=Y#a)u$&4u>~#No1s{3@p4r%{S|NLoKc7`yt$b&~fq=8AF^*-6rV9 zr3qUHq+w>GQksLOgdF0YornEH#o;-7nDyI8oby6)Qkn@caxRb}zrb)5(pA=nT~Z@o zYV}^rJE>qri`tG}SR*Jr&1;#ZrFv5l1;pPXDqK@^%o|2-OMaHPC76wqBJg-WmNo+# zhr+uy!W^7=Zc>@LwXILc=Vs+AG3BJ}0-L=+@ankH6y3gf>JH+NB{ngCr@o+&M;mmJ zOK%v8H}SNI#@F)8U^{p22lI8Uw%k^aicwFnkEj%4Y^=j3 zx;7}7QyDVuoboT&!`h3z7@oFPTI89w$Wg$PDj=0Q&URyZ7A|jhWLoT_dftkzM=}=)r zc2Z_~ddzX6hN?A~oIJLQySSqHgeMq-tMkOk#}4CNDLI0_a$wwF#Z?RU&T9GSLumG1p0+X(O=MHp6Jfds^DTgFQ|}cE+#0se-3Cw*lneyj z0Y5T2_Y$_LaB$(}bGg%xm(U2yBMhjdb7qP(KTyETkq$1NOq=JUOo;_QQ4e=YMMGo$ zJZJHpb1VR5gER6Oh=~L3YtaS8fs>*Rn?EcJ&~d*l zPA0DwNWj)MW6?wfq3f;)+ZERc2TW-BUFgeX6vFZf1G-|qmM~o-`|L{g1KsDcSBPHe zhZi3P_5FE!kC_|FS0&>lXQ@buu~v14YfUZ&k$yQt{(U%}2P0vK!Q=(7|e*@Hvhw0pyRj`c;h;_fGI7q2@zL@v4bRADLj+^MfXUV@|QlyWs)Z z;^5GYKj*~~jyX>~@b($zw2nMQoXq}qn_`YESM6dEm4Sr+otZ{|#cS)2f=I)2yuNMQ0<>q b5E+?ypwn#O-YMY00CMse%B|w)x$A!cCWG+F literal 0 HcmV?d00001 diff --git a/frontend/src/api/index.ts b/frontend/src/api/index.ts index a12ef3de7..028eb2365 100644 --- a/frontend/src/api/index.ts +++ b/frontend/src/api/index.ts @@ -19,6 +19,7 @@ import stackProvisioning from "./stackProvisioning" import reporting from "./reporting" import license from "./license" import scheduler from "./scheduler" +import networkConnectors from "./networkConnectors" export default { agents, @@ -41,5 +42,6 @@ export default { stackProvisioning, reporting, license, - scheduler + scheduler, + networkConnectors } diff --git a/frontend/src/api/integrations.ts b/frontend/src/api/integrations.ts index 5695c7acd..18a419c97 100644 --- a/frontend/src/api/integrations.ts +++ b/frontend/src/api/integrations.ts @@ -12,19 +12,12 @@ export interface NewIntegration { }[] } -export interface NewIntegrationPayload { - customer_code: string - customer_name: string - integration_name: string +export interface NewIntegrationPayload extends NewIntegration { integration_config: { auth_type: string config_key: string config_value: string } - integration_auth_keys: { - auth_key_name: string - auth_value: string - }[] } export default { diff --git a/frontend/src/api/networkConnectors.ts b/frontend/src/api/networkConnectors.ts new file mode 100644 index 000000000..62ed9bfc0 --- /dev/null +++ b/frontend/src/api/networkConnectors.ts @@ -0,0 +1,77 @@ +import { type FlaskBaseResponse } from "@/types/flask.d" +import { HttpClient } from "./httpClient" +import type { CustomerNetworkConnector, NetworkConnector } from "@/types/networkConnectors" + +export interface NewNetworkConnector { + customer_code: string + customer_name: string + network_connector_name: string + network_connector_auth_keys: { + auth_key_name: string + auth_value: string + }[] +} + +export interface NewNetworkConnectorPayload extends NewNetworkConnector { + network_connector_config: { + auth_type: string + config_key: string + config_value: string + } +} + +export interface FortinetProvision { + tcp_enabled: boolean + udp_enabled: boolean + hot_data_retention: number + index_replicas: number +} + +export interface FortinetProvisionPayload extends FortinetProvision { + customer_code: string + integration_name: string +} + +export default { + getAvailableNetworkConnectors() { + return HttpClient.get( + `/network_connectors/available_network_connectors` + ) + }, + getCustomerNetworkConnectors(customerCode: string) { + return HttpClient.get( + `/network_connectors/customer_network_connectors/${customerCode}` + ) + }, + createNetworkConnector(props: NewNetworkConnector) { + const payload: NewNetworkConnectorPayload = { + ...props, + network_connector_config: { + auth_type: "Fortinet", + config_key: "firewall", + config_value: "not applicable" + } + } + return HttpClient.post(`/network_connectors/create_network_connector`, payload) + }, + deleteNetworkConnector(customerCode: string, networkConnectorName: string) { + return HttpClient.delete(`/network_connectors/delete_network_connector`, { + data: { customer_code: customerCode, network_connector_name: networkConnectorName } + }) + }, + decommissionNetworkConnector(customerCode: string, networkConnectorName: string) { + return HttpClient.post(`/stack_decommissioning/graylog/decommission/network_connector`, { + customer_code: customerCode, + network_connector: networkConnectorName + }) + }, + + fortinetProvision(customerCode: string, networkConnectorName: string, props: FortinetProvision) { + const payload: FortinetProvisionPayload = { + ...props, + customer_code: customerCode, + integration_name: networkConnectorName + } + return HttpClient.post(`/stack_provisioning/graylog/provision/fortinet`, payload) + } +} diff --git a/frontend/src/components/connectors/ConfigForm/FormTypes/CredentialsType.vue b/frontend/src/components/connectors/ConfigForm/FormTypes/CredentialsType.vue index a5a00759b..8d0976063 100644 --- a/frontend/src/components/connectors/ConfigForm/FormTypes/CredentialsType.vue +++ b/frontend/src/components/connectors/ConfigForm/FormTypes/CredentialsType.vue @@ -44,7 +44,7 @@ const validateUrl = (rule: FormItemRule, value: string) => { if (!value) { return new Error("Please input a valid URL") } - if (!isURL(value)) { + if (!isURL(value, { require_tld: false })) { return new Error("Please input a valid URL") } diff --git a/frontend/src/components/connectors/ConfigForm/FormTypes/HostType.vue b/frontend/src/components/connectors/ConfigForm/FormTypes/HostType.vue index cd059c0be..bb01e803a 100644 --- a/frontend/src/components/connectors/ConfigForm/FormTypes/HostType.vue +++ b/frontend/src/components/connectors/ConfigForm/FormTypes/HostType.vue @@ -30,7 +30,7 @@ const validateUrl = (rule: FormItemRule, value: string) => { if (!value) { return new Error("Please input a valid URL") } - if (!isURL(value)) { + if (!isURL(value, { require_tld: false })) { return new Error("Please input a valid URL") } diff --git a/frontend/src/components/connectors/ConfigForm/FormTypes/TokenType.vue b/frontend/src/components/connectors/ConfigForm/FormTypes/TokenType.vue index c9908f794..223c1af88 100644 --- a/frontend/src/components/connectors/ConfigForm/FormTypes/TokenType.vue +++ b/frontend/src/components/connectors/ConfigForm/FormTypes/TokenType.vue @@ -34,7 +34,7 @@ const validateUrl = (rule: FormItemRule, value: string) => { if (!value) { return new Error("Please input a valid URL") } - if (!isURL(value)) { + if (!isURL(value, { require_tld: false })) { return new Error("Please input a valid URL") } diff --git a/frontend/src/components/customers/CustomerForm.vue b/frontend/src/components/customers/CustomerForm.vue index eb1b8ed06..31c4189aa 100644 --- a/frontend/src/components/customers/CustomerForm.vue +++ b/frontend/src/components/customers/CustomerForm.vue @@ -76,8 +76,17 @@ const formRef = ref(null) const rules: FormRules = { customer_code: { required: true, - message: "Please input code", - trigger: ["input", "blur"] + message: "Please input code. Code must be all lowercase and contain no spaces or special characters.", + trigger: ["input", "blur"], + validator: (rule, value) => { + if (value !== value.toLowerCase()) { + return Promise.reject("Code must be all lowercase") + } else if (!/^[a-z]+$/.test(value)) { + return Promise.reject("Code must not contain spaces or special characters") + } else { + return Promise.resolve() + } + } }, customer_name: { required: true, diff --git a/frontend/src/components/customers/CustomerItem.vue b/frontend/src/components/customers/CustomerItem.vue index 01a4c041f..25bc87527 100644 --- a/frontend/src/components/customers/CustomerItem.vue +++ b/frontend/src/components/customers/CustomerItem.vue @@ -123,12 +123,22 @@ @submitted="customerMeta = $event" /> - + + + +