diff --git a/backend/app/connectors/grafana/dashboards/CarbonBlack/summary.json b/backend/app/connectors/grafana/dashboards/CarbonBlack/summary.json index 5391e667..3e900efd 100644 --- a/backend/app/connectors/grafana/dashboards/CarbonBlack/summary.json +++ b/backend/app/connectors/grafana/dashboards/CarbonBlack/summary.json @@ -1,1891 +1,1864 @@ { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": false, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "red", - "value": null - } - ] - }, - "unit": "locale" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 0, - "y": 0 - }, - "id": 3, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "text": {}, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "bucketAggs": [ - { - "$$hashKey": "object:331", - "field": "timestamp", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "$$hashKey": "object:329", - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity AND mdr_alert:true", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "MDR ALERTS (TOTAL)", - "type": "stat" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "decimals": 0, - "mappings": [], - "unit": "short" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "1" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#C8F2C2", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "2" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#96D98D", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "3" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#56A64B", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "4" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#37872D", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "5" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FFF899", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "7" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2CC0C", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "9" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF9830", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "10" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF9830", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "12" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2495C", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "13" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF7383", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 12, - "w": 4, - "x": 3, - "y": 0 - }, - "id": 7, - "maxDataPoints": 3, - "options": { - "displayLabels": [], - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] - }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "bucketAggs": [ - { - "$$hashKey": "object:235", - "fake": true, - "field": "severity", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "$$hashKey": "object:236", - "field": "timestamp", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "$$hashKey": "object:233", - "field": "select field", - "id": "1", - "meta": {}, - "settings": {}, - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "SECURITY EVENTS BY SEVERITY", - "type": "piechart" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "decimals": 0, - "mappings": [], - "unit": "short" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "1" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#C8F2C2", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "2" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#96D98D", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "3" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#56A64B", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "4" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#37872D", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "5" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FFF899", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "7" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2CC0C", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "9" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF9830", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "10" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF9830", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "12" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2495C", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "13" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF7383", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 12, - "w": 4, - "x": 7, - "y": 0 - }, - "id": 8, - "maxDataPoints": 3, - "options": { - "displayLabels": [], - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] - }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "bucketAggs": [ - { - "$$hashKey": "object:235", - "fake": true, - "field": "attack_tactic", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "$$hashKey": "object:236", - "field": "timestamp", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "$$hashKey": "object:233", - "field": "select field", - "id": "1", - "meta": {}, - "settings": {}, - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "SECURITY EVENTS BY MITRE ID", - "type": "piechart" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "decimals": 0, - "mappings": [], - "unit": "short" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "1" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#C8F2C2", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "2" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#96D98D", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "3" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#56A64B", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "4" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#37872D", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "5" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FFF899", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "7" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2CC0C", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "9" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF9830", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "10" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF9830", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "12" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2495C", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "13" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#FF7383", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "ALLOW" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "super-light-red", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "DENY" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 12, - "w": 4, - "x": 11, - "y": 0 - }, - "id": 12, - "maxDataPoints": 3, - "options": { - "displayLabels": [], - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] - }, - "pieType": "donut", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "text": {}, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "bucketAggs": [ - { - "$$hashKey": "object:235", - "fake": true, - "field": "sensor_action", - "id": "3", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "$$hashKey": "object:236", - "field": "timestamp", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "$$hashKey": "object:233", - "field": "select field", - "id": "1", - "meta": {}, - "settings": {}, - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "SECURITY EVENTS BY SENSOR ACTION", - "type": "piechart" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 12, - "w": 9, - "x": 15, - "y": 0 - }, - "id": 9, - "options": { - "displayMode": "gradient", - "maxVizHeight": 300, - "minVizHeight": 10, - "minVizWidth": 0, - "namePlacement": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showUnfilled": true, - "sizing": "auto", - "text": {}, - "valueMode": "color" - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "reason", - "id": "6", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "fake": true, - "field": "timestamp", - "id": "5", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "field": "type", - "id": "1", - "meta": {}, - "settings": {}, - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "TOP 10 DETECTIONS", - "type": "bargauge" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] - }, - "unit": "locale" - }, - "overrides": [] - }, - "gridPos": { - "h": 6, - "w": 3, - "x": 0, - "y": 6 - }, - "id": 2, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "sum" - ], - "fields": "", - "values": false - }, - "showPercentChange": false, - "text": {}, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "bucketAggs": [ - { - "$$hashKey": "object:331", - "field": "timestamp", - "id": "2", - "settings": { - "interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "$$hashKey": "object:329", - "field": "select field", - "id": "1", - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "EVENTS (TOTAL)", - "type": "stat" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "process_image" - }, - "properties": [ - { - "id": "custom.width", - "value": 657 - } - ] - } - ] - }, - "gridPos": { - "h": 14, - "w": 6, - "x": 0, - "y": 12 - }, - "id": 10, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "device_name", - "id": "6", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "0" - }, - "type": "terms" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "field": "type", - "id": "1", - "meta": {}, - "settings": {}, - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "DEVICES", - "type": "table" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "bars", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "normal" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 14, - "w": 18, - "x": 6, - "y": 12 - }, - "id": 5, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "alias": "", - "bucketAggs": [ - { - "field": "device_name", - "id": "3", - "settings": { - "min_doc_count": "1", - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "field": "timestamp", - "id": "2", - "settings": { - "interval": "5m" - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "id": "1", - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "EVENTS BY DEVICE (TOP 10) - HISTOGRAM", - "transparent": true, - "type": "timeseries" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "process_image" - }, - "properties": [ - { - "id": "custom.width", - "value": 657 - } - ] - } - ] - }, - "gridPos": { - "h": 12, - "w": 6, - "x": 0, - "y": 26 - }, - "id": 11, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "bucketAggs": [ - { - "fake": true, - "field": "device_username", - "id": "6", - "settings": { - "min_doc_count": 1, - "order": "desc", - "orderBy": "_count", - "size": "0" - }, - "type": "terms" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "field": "type", - "id": "1", - "meta": {}, - "settings": {}, - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "USER ACCOUNTS", - "transparent": true, - "type": "table" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "bars", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "normal" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 12, - "w": 18, - "x": 6, - "y": 26 - }, - "id": 4, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "alias": "", - "bucketAggs": [ - { - "field": "severity", - "id": "3", - "settings": { - "min_doc_count": "1", - "order": "desc", - "orderBy": "_count", - "size": "10" - }, - "type": "terms" - }, - { - "field": "timestamp", - "id": "2", - "settings": { - "interval": "5m" - }, - "type": "date_histogram" - } - ], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "metrics": [ - { - "id": "1", - "type": "count" - } - ], - "query": "device_name:$device AND severity:$severity", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "EVENTS SEVERITY - HISTOGRAM", - "type": "timeseries" - }, - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "EVENT ID" - }, - "properties": [ - { - "id": "links", - "value": [ - { - "targetBlank": true, - "title": "EVENT DETAILS", - "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22CARBONBLACK%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-6h%22,%22to%22:%22now%22%7D%7D" - } - ] - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "MDR ALERT" - }, - "properties": [ - { - "id": "custom.width", - "value": 126 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "EXT IP COUNTRY" - }, - "properties": [ - { - "id": "custom.width", - "value": 156 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "DEVICE EXT IP" - }, - "properties": [ - { - "id": "custom.width", - "value": 159 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "EVENT TYPE" - }, - "properties": [ - { - "id": "custom.width", - "value": 152 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "MITRE" - }, - "properties": [ - { - "id": "custom.width", - "value": 110 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "SENSOR ACTION" - }, - "properties": [ - { - "id": "custom.width", - "value": 159 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "REASON" - }, - "properties": [ - { - "id": "custom.width", - "value": 403 - } - ] - } - ] - }, - "gridPos": { - "h": 17, - "w": 24, - "x": 0, - "y": 38 - }, - "id": 6, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "enablePagination": true, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "10.4.1", - "targets": [ - { - "alias": "", - "bucketAggs": [], - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "format": "table", - "metrics": [ - { - "id": "1", - "settings": { - "order": "desc", - "size": "500", - "useTimeRange": true - }, - "type": "raw_data" - } - ], - "query": "device_name:$device AND severity:$severity", - "queryType": "lucene", - "refId": "A", - "timeField": "timestamp" - } - ], - "title": "CB EVENTS", - "transformations": [ - { - "id": "filterFieldsByName", - "options": { - "include": { - "names": [ - "timestamp", - "_id", - "attack_tactic", - "customer_code", - "device_external_ip", - "device_external_ip_country_code", - "device_internal_ip", - "device_name", - "device_username", - "mdr_alert", - "reason", - "sensor_action", - "severity", - "type" - ] - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": {}, - "includeByName": {}, - "indexByName": { - "_id": 1, - "attack_tactic": 8, - "customer_code": 9, - "device_external_ip": 5, - "device_external_ip_country_code": 6, - "device_internal_ip": 7, - "device_name": 3, - "device_username": 4, - "mdr_alert": 10, - "reason": 11, - "sensor_action": 12, - "severity": 13, - "timestamp": 0, - "type": 2 - }, - "renameByName": { - "_id": "EVENT ID", - "attack_tactic": "MITRE", - "customer_code": "CUSTOMER", - "device_external_ip": "DEVICE EXT IP", - "device_external_ip_country_code": "EXT IP COUNTRY", - "device_internal_ip": "DEVICE INTERNAL IP", - "device_name": "DEVICE", - "device_username": "USER", - "mdr_alert": "MDR ALERT", - "reason": "REASON", - "sensor_action": "SENSOR ACTION", - "severity": "SEVERITY", - "timestamp": "DATE/TIME", - "type": "EVENT TYPE" - } - } - } - ], - "transparent": true, - "type": "table" - } - ], - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "filters": [], - "hide": 0, - "label": "Filters", - "name": "query0", - "skipUrlSync": false, - "type": "adhoc" - }, - { - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "definition": "{ \"find\": \"terms\", \"field\": \"severity\", \"query\": \"\"}", - "hide": 0, - "includeAll": true, - "label": "Severity", - "multi": false, - "name": "severity", - "options": [], - "query": "{ \"find\": \"terms\", \"field\": \"severity\", \"query\": \"\"}", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - }, - { - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "grafana-opensearch-datasource", - "uid": "replace_datasource_uid" - }, - "definition": "{ \"find\": \"terms\", \"field\": \"device_name\", \"query\": \"\"}", - "hide": 0, - "includeAll": true, - "label": "Device", - "multi": false, - "name": "device", - "options": [], - "query": "{ \"find\": \"terms\", \"field\": \"device_name\", \"query\": \"\"}", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": {}, - "timezone": "browser", - "title": "CARBON BLACK - _SUMMARY", - "version": 8, - "weekStart": "" + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": false, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "panels": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 0, + "y": 0 + }, + "id": 3, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:331", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:329", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity AND mdr_alert:true", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "MDR ALERTS (TOTAL)", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "1" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C8F2C2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "2" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#96D98D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "3" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#56A64B", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#37872D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "5" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFF899", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "7" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2CC0C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "9" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "10" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "12" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "13" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF7383", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 4, + "x": 3, + "y": 0 + }, + "id": 7, + "maxDataPoints": 3, + "options": { + "displayLabels": [], + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:235", + "fake": true, + "field": "severity", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "$$hashKey": "object:236", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:233", + "field": "select field", + "id": "1", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SECURITY EVENTS BY SEVERITY", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "1" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C8F2C2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "2" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#96D98D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "3" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#56A64B", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#37872D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "5" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFF899", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "7" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2CC0C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "9" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "10" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "12" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "13" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF7383", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 4, + "x": 7, + "y": 0 + }, + "id": 8, + "maxDataPoints": 3, + "options": { + "displayLabels": [], + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:235", + "fake": true, + "field": "attack_tactic", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "$$hashKey": "object:236", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:233", + "field": "select field", + "id": "1", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SECURITY EVENTS BY MITRE ID", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "1" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C8F2C2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "2" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#96D98D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "3" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#56A64B", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "4" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#37872D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "5" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FFF899", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "7" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2CC0C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "9" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "10" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "12" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "13" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF7383", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ALLOW" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "super-light-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DENY" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 4, + "x": 11, + "y": 0 + }, + "id": 12, + "maxDataPoints": 3, + "options": { + "displayLabels": [], + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "text": {}, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:235", + "fake": true, + "field": "sensor_action", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "$$hashKey": "object:236", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:233", + "field": "select field", + "id": "1", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "SECURITY EVENTS BY SENSOR ACTION", + "type": "piechart" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 9, + "x": 15, + "y": 0 + }, + "id": 9, + "options": { + "displayMode": "gradient", + "maxVizHeight": 300, + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "text": {}, + "valueMode": "color" + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "reason", + "id": "6", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "fake": true, + "field": "timestamp", + "id": "5", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "type", + "id": "1", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "TOP 10 DETECTIONS", + "type": "bargauge" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 0, + "y": 6 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:331", + "field": "timestamp", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "$$hashKey": "object:329", + "field": "select field", + "id": "1", + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "EVENTS (TOTAL)", + "type": "stat" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "process_image" + }, + "properties": [ + { + "id": "custom.width", + "value": 657 + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 6, + "x": 0, + "y": 12 + }, + "id": 10, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "device_name", + "id": "6", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "type", + "id": "1", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "DEVICES", + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 18, + "x": 6, + "y": 12 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "device_name", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "5m" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "EVENTS BY DEVICE (TOP 10) - HISTOGRAM", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "process_image" + }, + "properties": [ + { + "id": "custom.width", + "value": 657 + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 6, + "x": 0, + "y": 26 + }, + "id": 11, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "device_username", + "id": "6", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "field": "type", + "id": "1", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "USER ACCOUNTS", + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 18, + "x": 6, + "y": 26 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "field": "severity", + "id": "3", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_count", + "size": "10" + }, + "type": "terms" + }, + { + "field": "timestamp", + "id": "2", + "settings": { + "interval": "5m" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "metrics": [ + { + "id": "1", + "type": "count" + } + ], + "query": "device_name:$device AND severity:$severity", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "EVENTS SEVERITY - HISTOGRAM", + "type": "timeseries" + }, + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "EVENT ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "EVENT DETAILS", + "url": "https://grafana.company.local/explore?left=%7B%22datasource%22:%22CARBONBLACK%22,%22queries%22:%5B%7B%22refId%22:%22A%22,%22query%22:%22_id:${__value.text}%22,%22alias%22:%22%22,%22metrics%22:%5B%7B%22id%22:%221%22,%22type%22:%22logs%22,%22settings%22:%7B%22limit%22:%22500%22%7D%7D%5D,%22bucketAggs%22:%5B%5D,%22timeField%22:%22timestamp%22%7D%5D,%22range%22:%7B%22from%22:%22now-6h%22,%22to%22:%22now%22%7D%7D" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "MDR ALERT" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EXT IP COUNTRY" + }, + "properties": [ + { + "id": "custom.width", + "value": 156 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DEVICE EXT IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 159 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "EVENT TYPE" + }, + "properties": [ + { + "id": "custom.width", + "value": 152 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "MITRE" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SENSOR ACTION" + }, + "properties": [ + { + "id": "custom.width", + "value": 159 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "REASON" + }, + "properties": [ + { + "id": "custom.width", + "value": 403 + } + ] + } + ] + }, + "gridPos": { + "h": 17, + "w": 24, + "x": 0, + "y": 38 + }, + "id": 6, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": ["sum"], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.4.1", + "targets": [ + { + "alias": "", + "bucketAggs": [], + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "format": "table", + "metrics": [ + { + "id": "1", + "settings": { + "order": "desc", + "size": "500", + "useTimeRange": true + }, + "type": "raw_data" + } + ], + "query": "device_name:$device AND severity:$severity", + "queryType": "lucene", + "refId": "A", + "timeField": "timestamp" + } + ], + "title": "CB EVENTS", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "names": [ + "timestamp", + "_id", + "attack_tactic", + "customer_code", + "device_external_ip", + "device_external_ip_country_code", + "device_internal_ip", + "device_name", + "device_username", + "mdr_alert", + "reason", + "sensor_action", + "severity", + "type" + ] + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "includeByName": {}, + "indexByName": { + "_id": 1, + "attack_tactic": 8, + "customer_code": 9, + "device_external_ip": 5, + "device_external_ip_country_code": 6, + "device_internal_ip": 7, + "device_name": 3, + "device_username": 4, + "mdr_alert": 10, + "reason": 11, + "sensor_action": 12, + "severity": 13, + "timestamp": 0, + "type": 2 + }, + "renameByName": { + "_id": "EVENT ID", + "attack_tactic": "MITRE", + "customer_code": "CUSTOMER", + "device_external_ip": "DEVICE EXT IP", + "device_external_ip_country_code": "EXT IP COUNTRY", + "device_internal_ip": "DEVICE INTERNAL IP", + "device_name": "DEVICE", + "device_username": "USER", + "mdr_alert": "MDR ALERT", + "reason": "REASON", + "sensor_action": "SENSOR ACTION", + "severity": "SEVERITY", + "timestamp": "DATE/TIME", + "type": "EVENT TYPE" + } + } + } + ], + "transparent": true, + "type": "table" + } + ], + "schemaVersion": 39, + "tags": [], + "templating": { + "list": [ + { + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "filters": [], + "hide": 0, + "label": "Filters", + "name": "query0", + "skipUrlSync": false, + "type": "adhoc" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"severity\", \"query\": \"\"}", + "hide": 0, + "includeAll": true, + "label": "Severity", + "multi": false, + "name": "severity", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"severity\", \"query\": \"\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "grafana-opensearch-datasource", + "uid": "replace_datasource_uid" + }, + "definition": "{ \"find\": \"terms\", \"field\": \"device_name\", \"query\": \"\"}", + "hide": 0, + "includeAll": true, + "label": "Device", + "multi": false, + "name": "device", + "options": [], + "query": "{ \"find\": \"terms\", \"field\": \"device_name\", \"query\": \"\"}", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "CARBON BLACK - _SUMMARY", + "version": 8, + "weekStart": "" }