{ "__inputs": [ { "name": "DS_INFLUXDB_- TELEGRAF", "label": "", "description": "", "type": "datasource", "pluginId": "influxdb", "pluginName": "InfluxDB" }, { "name": "DS_ELASTICSEARCH", "label": "Elasticsearch", "description": "Data parsed from Graylog", "type": "datasource", "pluginId": "elasticsearch", "pluginName": "Elasticsearch" } ], "__requires": [ { "type": "datasource", "id": "elasticsearch", "name": "Elasticsearch", "version": "1.0.0" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "6.4.4" }, { "type": "panel", "id": "grafana-piechart-panel", "name": "Pie Chart", "version": "1.3.9" }, { "type": "panel", "id": "grafana-worldmap-panel", "name": "Worldmap Panel", "version": "0.2.1" }, { "type": "panel", "id": "graph", "name": "Graph", "version": "" }, { "type": "datasource", "id": "influxdb", "name": "InfluxDB", "version": "1.0.0" }, { "type": "panel", "id": "singlestat", "name": "Singlestat", "version": "" }, { "type": "panel", "id": "table", "name": "Table", "version": "" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "description": "A Snort IDS/IPS dashboard build on Elastisearch, using data parsed from Graylog.\r\n\r\nBased on the setup from IT Security Labs:\r\n\r\nhttps://www.youtube.com/watch?v=WWitHleGFd8\r\n\r\nAnd the original Security Panel dashboard by Tal Bar-Or:\r\n\r\nhttps://grafana.com/grafana/dashboards/3099", "editable": true, "gnetId": 11191, "graphTooltip": 0, "id": null, "links": [ { "asDropdown": true, "icon": "external link", "tags": [], "type": "dashboards" } ], "panels": [ { "collapsed": false, "datasource": "${DS_INFLUXDB_- TELEGRAF}", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 17, "panels": [], "repeat": null, "title": "Event Severity", "type": "row" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 0, "y": 1 }, "id": 9, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "options": {}, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(189, 31, 111, 0.18)", "full": true, "lineColor": "#bf1b00", "show": true }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "priority:1 AND application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "", "title": "High Severity", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 6, "y": 1 }, "id": 10, "interval": "", "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "options": {}, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(204, 181, 21, 0.18)", "full": true, "lineColor": "rgb(193, 180, 31)", "show": true }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "priority:2 AND application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "", "title": "Medium Severity", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 6, "x": 12, "y": 1 }, "id": 11, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "options": {}, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 204, 21, 0.18)", "full": true, "lineColor": "rgb(8, 126, 33)", "show": true }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "priority:3 AND application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "", "title": "Low Severity", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 3, "x": 18, "y": 1 }, "id": 26, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "options": {}, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(189, 31, 111, 0.18)", "full": true, "lineColor": "#bf1b00", "show": true }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "dst_addr_threat_indicated:true AND application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "", "title": "Outbound to Known Threat", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": false, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 3, "w": 3, "x": 21, "y": 1 }, "id": 27, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "options": {}, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(189, 31, 111, 0.18)", "full": true, "lineColor": "#bf1b00", "show": true }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "src_addr_threat_indicated:true AND application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "", "title": "Inbound from Known Threat", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "collapsed": false, "datasource": "${DS_INFLUXDB_- TELEGRAF}", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 4 }, "id": 18, "panels": [], "repeat": null, "title": "Alert Metrics", "type": "row" }, { "alert": { "alertRuleTags": {}, "conditions": [ { "evaluator": { "params": [ 10 ], "type": "gt" }, "operator": { "type": "and" }, "query": { "params": [ "A", "5m", "now" ] }, "reducer": { "params": [], "type": "avg" }, "type": "query" }, { "evaluator": { "params": [ 50 ], "type": "gt" }, "operator": { "type": "and" }, "query": { "params": [ "B", "5m", "now" ] }, "reducer": { "params": [], "type": "avg" }, "type": "query" } ], "executionErrorState": "keep_state", "for": "5m", "frequency": "1m", "handler": 1, "message": "Potential Network Attack - high volume of severe Snort alerts", "name": "Network Attack", "noDataState": "keep_state", "notifications": [] }, "aliasColors": { "Events": "#962d82", "Low": "dark-green", "Medium": "dark-yellow" }, "bars": true, "dashLength": 10, "dashes": false, "datasource": "${DS_ELASTICSEARCH}", "decimals": 0, "editable": true, "error": false, "fill": 1, "fillGradient": 0, "grid": {}, "gridPos": { "h": 9, "w": 8, "x": 0, "y": 5 }, "id": 1, "interval": "", "legend": { "alignAsTable": true, "avg": false, "current": false, "hideEmpty": true, "hideZero": true, "max": false, "min": false, "rightSide": true, "show": true, "sort": null, "sortDesc": null, "total": true, "values": true }, "lines": false, "linewidth": 2, "links": [], "nullPointMode": "null as zero", "options": { "dataLinks": [] }, "percentage": false, "pointradius": 2, "points": true, "renderer": "flot", "seriesOverrides": [ { "alias": "High", "color": "#bf1b00" }, { "alias": "Medium", "color": "#e5ac0e" }, { "alias": "Low", "color": "#37872D" } ], "spaceLength": 10, "stack": false, "steppedLine": true, "targets": [ { "alias": "Low", "bucketAggs": [ { "fake": true, "field": "priority", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "3", "type": "count" } ], "query": "priority:3 AND application_name:snort-alerts", "refId": "C", "timeField": "timestamp" }, { "alias": "Medium", "bucketAggs": [ { "fake": true, "field": "priority", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "3", "type": "count" } ], "query": "priority:2 AND application_name:snort-alerts", "refId": "B", "timeField": "timestamp" }, { "alias": "High", "bucketAggs": [ { "fake": true, "field": "priority", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "3", "type": "count" } ], "query": "priority:1 AND application_name:snort-alerts", "refId": "A", "timeField": "timestamp" }, { "alias": "Outbound Threats", "bucketAggs": [ { "fake": true, "field": "dst_addr_threat_indicated", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "dst_addr_threat_indicated:true AND application_name:snort-alerts", "refId": "D", "timeField": "timestamp" }, { "alias": "Inbound Threats", "bucketAggs": [ { "fake": true, "field": "src_addr_threat_indicated", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "src_addr_threat_indicated:true AND application_name:snort-alerts", "refId": "E", "timeField": "timestamp" } ], "thresholds": [ { "colorMode": "critical", "fill": true, "line": true, "op": "gt", "value": 10 } ], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Alert by Severity", "tooltip": { "msResolution": true, "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "none", "label": "Alerts", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": { "Low - Detection of a Network Scan": "#96D98D", "Low - Generic Protocol Command Decode": "#C8F2C2", "Low - Not Suspicious Traffic": "#37872D", "Medium - Attempted Information Leak": "#FF780A", "Medium - Potentially Bad Traffic": "#E0B400" }, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "fontSize": "60%", "format": "short", "gridPos": { "h": 9, "w": 8, "x": 8, "y": 5 }, "height": "250px", "id": 14, "interval": "", "legend": { "header": "", "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "donut", "strokeWidth": 1, "targets": [ { "alias": "", "bucketAggs": [ { "fake": true, "id": "4", "query": "*", "settings": { "filters": [ { "label": "Low -", "query": "priority:3" }, { "label": "Medium -", "query": "priority:2" }, { "label": "High -", "query": "priority:1" } ] }, "type": "filters" }, { "fake": true, "field": "classification", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "alert_description", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "title": "Top Alert Type", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": { "PROTO:255": "#C4162A", "TCP": "#1F60C4" }, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "fontSize": "60%", "format": "short", "gridPos": { "h": 9, "w": 8, "x": 16, "y": 5 }, "height": "250px", "id": 22, "interval": null, "legend": { "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "donut", "strokeWidth": 1, "targets": [ { "bucketAggs": [ { "fake": true, "field": "protocol", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "alert_description", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "title": "Top Protocols", "type": "grafana-piechart-panel", "valueName": "total" }, { "circleMaxSize": "10", "circleMinSize": 2, "colors": [ "#37872D", "rgba(237, 129, 40, 0.89)", "#C4162A", "#8F3BB8" ], "datasource": "${DS_ELASTICSEARCH}", "decimals": 0, "editable": true, "error": false, "esGeoPoint": "DstGeoip.location", "esLocationName": "DstGeoip.ip", "esMetric": "Count", "gridPos": { "h": 9, "w": 7, "x": 0, "y": 14 }, "hideEmpty": false, "hideTimeOverride": false, "hideZero": false, "id": 3, "initialZoom": 1, "jsonUrl": "", "links": [], "locationData": "countries", "mapCenter": "Europe", "mapCenterLatitude": 46, "mapCenterLongitude": 14, "maxDataPoints": 1, "mouseWheelZoom": false, "options": {}, "showLegend": true, "stickyLabels": false, "tableLabel": "DstGeo", "tableQueryOptions": { "geohashField": "geohash", "latitudeField": "latitude", "longitudeField": "longitude", "metricField": "metric", "queryType": "geohash" }, "targets": [ { "bucketAggs": [ { "fake": true, "field": "dst_addr_country_code", "id": "5", "settings": { "min_doc_count": 1, "order": "asc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "fake": true, "field": "timestamp", "id": "3", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "ip", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "10,100,500", "timeFrom": null, "title": "Outbound", "type": "grafana-worldmap-panel", "unitPlural": "ips", "unitSingle": "", "unitSingular": "ip", "valueName": "total" }, { "columns": [], "datasource": "${DS_ELASTICSEARCH}", "fontSize": "100%", "gridPos": { "h": 9, "w": 5, "x": 7, "y": 14 }, "id": 25, "options": {}, "pageSize": null, "showHeader": true, "sort": { "col": 1, "desc": true }, "styles": [ { "alias": "Country", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "dst_addr_country_code", "thresholds": [], "type": "number", "unit": "short" } ], "targets": [ { "bucketAggs": [ { "field": "dst_addr_country_code", "id": "2", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" } ], "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "timeFrom": null, "timeShift": null, "title": "Destination by Country", "transform": "table", "transparent": true, "type": "table" }, { "circleMaxSize": "10", "circleMinSize": 2, "colors": [ "#37872D", "rgba(237, 129, 40, 0.89)", "#C4162A", "#8F3BB8" ], "datasource": "${DS_ELASTICSEARCH}", "decimals": 0, "editable": true, "error": false, "esGeoPoint": "SrcGeoip.location", "esLocationName": "SrcGeoip.ip", "esMetric": "Count", "gridPos": { "h": 9, "w": 7, "x": 12, "y": 14 }, "hideEmpty": false, "hideTimeOverride": false, "hideZero": false, "id": 21, "initialZoom": 1, "jsonUrl": "", "links": [], "locationData": "countries", "mapCenter": "Europe", "mapCenterLatitude": 46, "mapCenterLongitude": 14, "maxDataPoints": 1, "mouseWheelZoom": false, "options": {}, "showLegend": true, "stickyLabels": false, "tableLabel": "DstGeo", "tableQueryOptions": { "geohashField": "geohash", "labelField": "src_addr_country_code", "latitudeField": "src_ip_latitude", "longitudeField": "src_ip_longitude", "metricField": "priority", "queryType": "coordinates" }, "targets": [ { "bucketAggs": [ { "fake": true, "field": "src_addr_country_code", "id": "7", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "fake": true, "field": "timestamp", "id": "6", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "ip", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": "10,100,500", "timeFrom": null, "title": "Inbound", "type": "grafana-worldmap-panel", "unitPlural": "ips", "unitSingle": "", "unitSingular": "ip", "valueName": "total" }, { "columns": [], "datasource": "${DS_ELASTICSEARCH}", "fontSize": "100%", "gridPos": { "h": 9, "w": 5, "x": 19, "y": 14 }, "id": 24, "options": {}, "pageSize": null, "showHeader": true, "sort": { "col": 1, "desc": true }, "styles": [ { "alias": "Country", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "src_addr_country_code", "thresholds": [], "type": "number", "unit": "short" } ], "targets": [ { "bucketAggs": [ { "field": "src_addr_country_code", "id": "2", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" } ], "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "timeFrom": null, "timeShift": null, "title": "Source by Country", "transform": "table", "transparent": true, "type": "table" }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "fontSize": "60%", "format": "short", "gridPos": { "h": 7, "w": 8, "x": 0, "y": 23 }, "height": "250px", "id": 7, "interval": null, "legend": { "show": true, "sideWidth": 200, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "pie", "strokeWidth": 1, "targets": [ { "bucketAggs": [ { "fake": true, "field": "src_addr", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "title": "Top Source IP", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "fontSize": "60%", "format": "short", "gridPos": { "h": 7, "w": 8, "x": 8, "y": 23 }, "height": "250px", "id": 8, "interval": null, "legend": { "header": "", "show": true, "sideWidth": 200, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "pie", "strokeWidth": 1, "targets": [ { "bucketAggs": [ { "fake": true, "field": "dst_port", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "title": "Top Destination Port", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "fontSize": "60%", "format": "short", "gridPos": { "h": 7, "w": 8, "x": 16, "y": 23 }, "height": "300px", "id": 6, "interval": null, "legend": { "show": true, "sideWidth": 200, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "pie", "strokeWidth": 1, "targets": [ { "bucketAggs": [ { "fake": true, "field": "dst_addr", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "title": "Top Destination IP", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": { "PROTO:255": "dark-red", "TCP": "#1f78c1", "UDP": "#cca300", "tcp": "#6D1F62", "udp": "#64B0C8" }, "bars": false, "dashLength": 10, "dashes": false, "datasource": "${DS_ELASTICSEARCH}", "decimals": 0, "editable": true, "error": false, "fill": 1, "fillGradient": 0, "grid": {}, "gridPos": { "h": 7, "w": 24, "x": 0, "y": 30 }, "id": 13, "legend": { "alignAsTable": true, "avg": false, "current": true, "max": false, "min": false, "rightSide": true, "show": true, "total": true, "values": true }, "lines": true, "linewidth": 2, "links": [], "nullPointMode": "connected", "options": { "dataLinks": [] }, "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "bucketAggs": [ { "fake": true, "field": "protocol", "id": "3", "settings": { "min_doc_count": 1, "order": "asc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Protocole vs Time", "tooltip": { "msResolution": true, "shared": true, "sort": 0, "value_type": "cumulative" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "short", "label": "Events", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "collapsed": false, "datasource": "${DS_INFLUXDB_- TELEGRAF}", "gridPos": { "h": 1, "w": 24, "x": 0, "y": 37 }, "id": 19, "panels": [], "repeat": null, "title": "Log", "type": "row" }, { "columns": [ { "text": "timestamp", "value": "timestamp" }, { "text": "description", "value": "description" }, { "text": "src_addr", "value": "src_addr" }, { "text": "src_addr_country_code", "value": "src_addr_country_code" }, { "text": "dst_addr", "value": "dst_addr" }, { "text": "dst_port", "value": "dst_port" }, { "text": "classification", "value": "classification" }, { "text": "priority", "value": "priority" } ], "datasource": "${DS_ELASTICSEARCH}", "editable": true, "error": false, "fontSize": "90%", "gridPos": { "h": 12, "w": 24, "x": 0, "y": 38 }, "height": "300px", "id": 5, "links": [], "options": {}, "pageSize": null, "scroll": true, "showHeader": true, "sort": { "col": 0, "desc": true }, "styles": [ { "alias": "Time", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "timestamp", "thresholds": [], "type": "date", "unit": "short" }, { "alias": "Alert", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "description", "preserveFormat": false, "sanitize": false, "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Source", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "src_addr", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Source Country", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "src_addr_country_code", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Destination", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "dst_addr", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Port", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 0, "mappingType": 1, "pattern": "dst_port", "thresholds": [], "type": "number", "unit": "none" }, { "alias": "Alert Class", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "classification", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Severity", "colorMode": "row", "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "priority", "thresholds": [ "2", "3" ], "type": "string", "unit": "short", "valueMaps": [ { "text": "High", "value": "1" }, { "text": "Medium", "value": "2" }, { "text": "Low", "value": "3" } ] } ], "targets": [ { "alias": "", "bucketAggs": [], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "meta": {}, "settings": { "size": 500 }, "type": "raw_document" } ], "query": "application_name:snort-alerts", "refId": "A", "timeField": "timestamp" } ], "title": "Alert Log", "transform": "json", "transparent": true, "type": "table" } ], "refresh": false, "schemaVersion": 20, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-24h", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Snort IDS/IPS Dashboard", "uid": "ALgSiPiWk", "version": 27 }