mirror of
https://github.com/bsmithio/OPNsense-Dashboard.git
synced 2026-02-16 14:14:16 +00:00
758 lines
19 KiB
JSON
758 lines
19 KiB
JSON
{
|
|
"annotations": {
|
|
"list": [
|
|
{
|
|
"builtIn": 1,
|
|
"datasource": "-- Grafana --",
|
|
"enable": true,
|
|
"hide": true,
|
|
"iconColor": "rgba(0, 211, 255, 1)",
|
|
"name": "Annotations & Alerts",
|
|
"target": {
|
|
"limit": 100,
|
|
"matchAny": false,
|
|
"tags": [],
|
|
"type": "dashboard"
|
|
},
|
|
"type": "dashboard"
|
|
}
|
|
]
|
|
},
|
|
"editable": true,
|
|
"fiscalYearStartMonth": 0,
|
|
"graphTooltip": 0,
|
|
"id": 23,
|
|
"iteration": 1644864155168,
|
|
"links": [],
|
|
"liveNow": false,
|
|
"panels": [
|
|
{
|
|
"collapsed": false,
|
|
"gridPos": {
|
|
"h": 1,
|
|
"w": 24,
|
|
"x": 0,
|
|
"y": 0
|
|
},
|
|
"id": 155,
|
|
"panels": [],
|
|
"title": "Suricata",
|
|
"type": "row"
|
|
},
|
|
{
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 5,
|
|
"w": 7,
|
|
"x": 0,
|
|
"y": 1
|
|
},
|
|
"id": 373,
|
|
"options": {
|
|
"colorMode": "value",
|
|
"graphMode": "none",
|
|
"justifyMode": "auto",
|
|
"orientation": "auto",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "/^_value$/",
|
|
"values": false
|
|
},
|
|
"text": {},
|
|
"textMode": "auto"
|
|
},
|
|
"pluginVersion": "8.3.3",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_category\")\r\n |> map(fn: (r) => ({ r with _count: r[\"_value\"]}))\r\n |> group(columns: [\"_value\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n:1)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top Alert Category",
|
|
"type": "stat"
|
|
},
|
|
{
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 5,
|
|
"w": 3,
|
|
"x": 7,
|
|
"y": 1
|
|
},
|
|
"id": 463,
|
|
"options": {
|
|
"colorMode": "value",
|
|
"graphMode": "none",
|
|
"justifyMode": "auto",
|
|
"orientation": "auto",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "/^src_ip$/",
|
|
"limit": 1,
|
|
"values": true
|
|
},
|
|
"textMode": "auto"
|
|
},
|
|
"pluginVersion": "8.3.3",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_category\")\r\n |> map(fn: (r) => ({ r with _count: r[\"src_ip\"]}))\r\n |> group(columns: [\"src_ip\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n:1)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top Source IP",
|
|
"type": "stat"
|
|
},
|
|
{
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "palette-classic"
|
|
},
|
|
"custom": {
|
|
"hideFrom": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": false
|
|
}
|
|
},
|
|
"mappings": []
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 9,
|
|
"w": 7,
|
|
"x": 10,
|
|
"y": 1
|
|
},
|
|
"id": 419,
|
|
"options": {
|
|
"legend": {
|
|
"displayMode": "table",
|
|
"placement": "right",
|
|
"values": [
|
|
"value"
|
|
]
|
|
},
|
|
"pieType": "pie",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "",
|
|
"values": true
|
|
},
|
|
"tooltip": {
|
|
"mode": "single"
|
|
}
|
|
},
|
|
"pluginVersion": "8.3.3",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_category\")\r\n |> map(fn: (r) => ({ r with _count: r[\"dest_port\"]}))\r\n |> group(columns: [\"dest_port\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n: 10)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top 10 Destination Ports",
|
|
"type": "piechart"
|
|
},
|
|
{
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "palette-classic"
|
|
},
|
|
"custom": {
|
|
"hideFrom": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": false
|
|
}
|
|
},
|
|
"mappings": []
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 9,
|
|
"w": 7,
|
|
"x": 17,
|
|
"y": 1
|
|
},
|
|
"id": 507,
|
|
"options": {
|
|
"displayLabels": [],
|
|
"legend": {
|
|
"displayMode": "table",
|
|
"placement": "right",
|
|
"sortBy": "Value",
|
|
"sortDesc": true,
|
|
"values": [
|
|
"value"
|
|
]
|
|
},
|
|
"pieType": "pie",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "",
|
|
"values": true
|
|
},
|
|
"tooltip": {
|
|
"mode": "single"
|
|
}
|
|
},
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"proto\")\r\n |> map(fn: (r) => ({ r with _count: r[\"_value\"]}))\r\n |> group(columns: [\"_value\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Protocols",
|
|
"type": "piechart"
|
|
},
|
|
{
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 4,
|
|
"w": 7,
|
|
"x": 0,
|
|
"y": 6
|
|
},
|
|
"id": 375,
|
|
"options": {
|
|
"colorMode": "value",
|
|
"graphMode": "none",
|
|
"justifyMode": "auto",
|
|
"orientation": "auto",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "/^_value$/",
|
|
"values": true
|
|
},
|
|
"textMode": "auto"
|
|
},
|
|
"pluginVersion": "8.3.3",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_signature\")\r\n |> map(fn: (r) => ({ r with _count: r[\"_value\"]}))\r\n |> group(columns: [\"_value\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n:1)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top Alert Signature",
|
|
"type": "stat"
|
|
},
|
|
{
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 4,
|
|
"w": 3,
|
|
"x": 7,
|
|
"y": 6
|
|
},
|
|
"id": 551,
|
|
"options": {
|
|
"colorMode": "value",
|
|
"graphMode": "none",
|
|
"justifyMode": "auto",
|
|
"orientation": "auto",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "/^dest_ip$/",
|
|
"values": false
|
|
},
|
|
"textMode": "auto"
|
|
},
|
|
"pluginVersion": "8.3.3",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_category\")\r\n |> map(fn: (r) => ({ r with _count: r[\"dest_ip\"]}))\r\n |> group(columns: [\"dest_ip\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n:1)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top Destination IP",
|
|
"type": "stat"
|
|
},
|
|
{
|
|
"description": "",
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "palette-classic"
|
|
},
|
|
"custom": {
|
|
"hideFrom": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": false
|
|
}
|
|
},
|
|
"displayName": "${__field.labels.__values}",
|
|
"mappings": []
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 9,
|
|
"w": 10,
|
|
"x": 0,
|
|
"y": 10
|
|
},
|
|
"id": 285,
|
|
"options": {
|
|
"displayLabels": [],
|
|
"legend": {
|
|
"displayMode": "table",
|
|
"placement": "right",
|
|
"values": [
|
|
"value"
|
|
]
|
|
},
|
|
"pieType": "pie",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "",
|
|
"values": true
|
|
},
|
|
"tooltip": {
|
|
"mode": "single"
|
|
}
|
|
},
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_category\")\r\n |> map(fn: (r) => ({ r with _count: r[\"_value\"]}))\r\n |> group(columns: [\"_value\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n:10)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top 10 Alert Categories",
|
|
"transformations": [],
|
|
"type": "piechart"
|
|
},
|
|
{
|
|
"description": "",
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "palette-classic"
|
|
},
|
|
"custom": {
|
|
"hideFrom": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": false
|
|
}
|
|
},
|
|
"displayName": "${__field.labels.__values}",
|
|
"mappings": []
|
|
},
|
|
"overrides": [
|
|
{
|
|
"__systemRef": "hideSeriesFrom",
|
|
"matcher": {
|
|
"id": "byNames",
|
|
"options": {
|
|
"mode": "exclude",
|
|
"names": [
|
|
"_count",
|
|
"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)"
|
|
],
|
|
"prefix": "All except:",
|
|
"readOnly": true
|
|
}
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hideFrom",
|
|
"value": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": true
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 9,
|
|
"w": 14,
|
|
"x": 10,
|
|
"y": 10
|
|
},
|
|
"id": 329,
|
|
"options": {
|
|
"displayLabels": [],
|
|
"legend": {
|
|
"displayMode": "table",
|
|
"placement": "right",
|
|
"values": [
|
|
"value"
|
|
]
|
|
},
|
|
"pieType": "pie",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"lastNotNull"
|
|
],
|
|
"fields": "/^_count$/",
|
|
"values": true
|
|
},
|
|
"tooltip": {
|
|
"mode": "single"
|
|
}
|
|
},
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: \"opnsense\")\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_signature\")\r\n |> map(fn: (r) => ({ r with _count: r[\"_value\"]}))\r\n |> group(columns: [\"_value\"])\r\n |> count(column: \"_count\")\r\n |> group()\r\n |> sort(desc:true, columns: [\"_count\"])\r\n |> limit(n:10)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Top 10 Alert Signatures",
|
|
"transformations": [],
|
|
"type": "piechart"
|
|
},
|
|
{
|
|
"description": "Last 100 events, newest on top",
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto"
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Metric"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 192
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 205
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Signature"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 432
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Source IP"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 203
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Source Port"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 242
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Destination IP"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 394
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 8,
|
|
"w": 24,
|
|
"x": 0,
|
|
"y": 19
|
|
},
|
|
"id": 241,
|
|
"options": {
|
|
"footer": {
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"frameIndex": 0,
|
|
"showHeader": true,
|
|
"sortBy": []
|
|
},
|
|
"pluginVersion": "8.3.3",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "influxdb",
|
|
"uid": "${dataSource}"
|
|
},
|
|
"query": "from(bucket: v.defaultBucket)\r\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\r\n |> filter(fn: (r) => r[\"_measurement\"] == \"suricata\")\r\n |> filter(fn: (r) => r[\"_field\"] == \"alert_signature\")\r\n |> group()\r\n |> sort(columns: [\"_time\"], desc: true)\r\n |> limit(n:100)",
|
|
"refId": "A"
|
|
}
|
|
],
|
|
"title": "Alert Logs",
|
|
"transformations": [
|
|
{
|
|
"id": "labelsToFields",
|
|
"options": {
|
|
"keepLabels": [
|
|
"dest_ip",
|
|
"dest_port",
|
|
"src_ip",
|
|
"src_port"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "organize",
|
|
"options": {
|
|
"excludeByName": {
|
|
"_field": true,
|
|
"_measurement": true,
|
|
"event_type": true,
|
|
"host": true,
|
|
"path": true
|
|
},
|
|
"indexByName": {
|
|
"_field": 6,
|
|
"_measurement": 7,
|
|
"_time": 0,
|
|
"_value": 1,
|
|
"dest_ip": 4,
|
|
"dest_port": 5,
|
|
"event_type": 8,
|
|
"host": 9,
|
|
"path": 10,
|
|
"src_ip": 2,
|
|
"src_port": 3
|
|
},
|
|
"renameByName": {
|
|
"_time": "Time",
|
|
"_value": "Alert Signature",
|
|
"alert_signature": "Signature",
|
|
"dest_ip": "Destination IP",
|
|
"dest_port": "Destination Port",
|
|
"src_ip": "Source IP",
|
|
"src_port": "Source Port"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"id": "sortBy",
|
|
"options": {
|
|
"fields": {},
|
|
"sort": [
|
|
{
|
|
"desc": true,
|
|
"field": "Time"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"type": "table"
|
|
}
|
|
],
|
|
"schemaVersion": 34,
|
|
"style": "dark",
|
|
"tags": [],
|
|
"templating": {
|
|
"list": [
|
|
{
|
|
"current": {
|
|
"selected": false,
|
|
"text": "InfluxDB",
|
|
"value": "InfluxDB"
|
|
},
|
|
"hide": 0,
|
|
"includeAll": false,
|
|
"label": "InfluxDB",
|
|
"multi": false,
|
|
"name": "dataSource",
|
|
"options": [],
|
|
"query": "influxdb",
|
|
"refresh": 1,
|
|
"regex": "",
|
|
"skipUrlSync": false,
|
|
"type": "datasource"
|
|
}
|
|
]
|
|
},
|
|
"time": {
|
|
"from": "now-5m",
|
|
"to": "now"
|
|
},
|
|
"timepicker": {},
|
|
"timezone": "",
|
|
"title": "OPNsense Suricata",
|
|
"uid": "94raP_-7z",
|
|
"version": 5,
|
|
"weekStart": ""
|
|
}
|