diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..965f66f --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +/files/ +/output_files/ +/parsedmarc/GeoLite2-Country* diff --git a/README.md b/README.md index 2a72667..e8954b3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,13 @@ # dmarc-visualizer -Analyse and visualize DMARC results using open-source tools + +Analyse and visualize DMARC results using open-source tools. + +* [parsedmarc](https://github.com/domainaware/parsedmarc) for parsing DMARC reports, +* [Elasticsearch](https://www.elastic.co/) to store aggregated data. +* [Grafana](https://grafana.com/) to visualize the aggregated reports. + +See the full blog post with instructions at https://debricked.com/blog/some-url-here. + +## Screenshot + +![Screenshot of Grafana dashboard](/big_screenshot.png?raw=true) diff --git a/big_screenshot.png b/big_screenshot.png new file mode 100644 index 0000000..e776d15 Binary files /dev/null and b/big_screenshot.png differ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..3d50237 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,23 @@ +version: '3.7' +services: + parsedmarc: + build: ./parsedmarc/ + volumes: + - ./files:/input:ro + - ./output_files:/output + command: parsedmarc -c /parsedmarc.ini /input/* + depends_on: + - elasticsearch + + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0 + environment: + - discovery.type=single-node + + grafana: + build: ./grafana/ + ports: + - 3000:3000 + environment: + GF_INSTALL_PLUGINS: grafana-piechart-panel,grafana-worldmap-panel + GF_AUTH_ANONYMOUS_ENABLED: 'true' diff --git a/grafana/Dockerfile b/grafana/Dockerfile new file mode 100644 index 0000000..5145232 --- /dev/null +++ b/grafana/Dockerfile @@ -0,0 +1,6 @@ +FROM grafana/grafana:6.7.3 + +ADD --chown=grafana:grafana https://raw.githubusercontent.com/domainaware/parsedmarc/master/grafana/Grafana-DMARC_Reports.json /var/lib/grafana/dashboards/ +RUN chmod 644 /var/lib/grafana/dashboards/Grafana-DMARC_Reports.json + +COPY grafana-provisioning/ /etc/grafana/provisioning/ diff --git a/grafana/grafana-provisioning/dashboards/all.yml b/grafana/grafana-provisioning/dashboards/all.yml new file mode 100644 index 0000000..0f17e16 --- /dev/null +++ b/grafana/grafana-provisioning/dashboards/all.yml @@ -0,0 +1,6 @@ +- name: 'default' + org_id: 1 + path: '' + type: 'file' + options: + folder: '/var/lib/grafana/dashboards' diff --git a/grafana/grafana-provisioning/datasources/all.yml b/grafana/grafana-provisioning/datasources/all.yml new file mode 100644 index 0000000..7af657a --- /dev/null +++ b/grafana/grafana-provisioning/datasources/all.yml @@ -0,0 +1,16 @@ +apiVersion: 1 + +datasources: +- name: 'dmarc-ag' + type: 'elasticsearch' + access: 'proxy' + orgId: 1 + url: 'http://elasticsearch:9200' + database: '[dmarc_aggregate-]YYYY-MM-DD' + isDefault: true + jsonData: + esVersion: 70 + timeField: 'date_range' + interval: 'Daily' + version: 1 + editable: false diff --git a/parsedmarc/Dockerfile b/parsedmarc/Dockerfile new file mode 100644 index 0000000..cca9af5 --- /dev/null +++ b/parsedmarc/Dockerfile @@ -0,0 +1,7 @@ +FROM python:alpine + +RUN apk add build-base libxml2-dev libxslt-dev \ + && pip install parsedmarc + +COPY parsedmarc.ini / +#COPY GeoLite2-Country.mmdb /usr/share/GeoIP/GeoLite2-Country.mmdb diff --git a/parsedmarc/parsedmarc.ini b/parsedmarc/parsedmarc.ini new file mode 100644 index 0000000..454a6c6 --- /dev/null +++ b/parsedmarc/parsedmarc.ini @@ -0,0 +1,8 @@ +[general] +save_aggregate = True +save_forensic = True +output = /output/ + +[elasticsearch] +hosts = elasticsearch:9200 +ssl = False