From 265bf64240bba07fea23b26a66f0dcb7aca0f7ba Mon Sep 17 00:00:00 2001 From: Sean Whalen <44679+seanthegeek@users.noreply.github.com> Date: Mon, 27 Apr 2026 01:32:29 -0400 Subject: [PATCH] Align Grafana dashboard with OpenSearch Dashboards source-of-truth (#738) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Align Grafana dashboard with OpenSearch Dashboards source-of-truth Adds the two aggregate-DMARC panels that exist on the OSD dashboard but were missing from the bundled Grafana dashboard: - "Message sources by name and type" — buckets by source_name + source_type, sums message_count per (name, type) tuple. Mirrors the OSD viz from 9.4.x. - "Message sources by Autonomous System" — buckets by source_asn + source_as_name + source_as_domain, sums message_count per ASN. Mirrors the OSD viz added in 9.9.0 with the IPinfo Lite ASN integration. Both panels are patterned on the existing "Reporting Organisations" panel (same datasource $datasourceag, same sum(message_count) metric, same gradient-gauge "Messages" column with rename transforms). They sit at the bottom of the existing layout (gridPos y=129 and y=140) so the existing panel positions are unchanged. Verified against the bundled grafana/grafana:12.3.0: dashboard import returns status=success, both panels render with real data from the sample-corpus indexes, and the ES aggregations (terms on source_name + source_type, numeric terms on source_asn) return the expected results. Out of scope: - Extras in the Grafana dashboard that aren't on OSD (SPF/DKIM Results Over Time, Alignment Over Time, Stat overview, Published Policies, Forensic IP / country tables) are left in place. They were community-contributed and likely valued by some users. - Migrating the deprecated `graph` and `grafana-worldmap-panel` panel types to modern timeseries / geomap is a separate, larger task. Co-Authored-By: Claude Opus 4.7 (1M context) * Grafana: migrate deprecated graph and worldmap panels Replaces the 6 legacy `graph` panels with `timeseries` panels and the 2 legacy `grafana-worldmap-panel` panels with `geomap` panels. Both deprecated plugins still rendered in Grafana 12 via auto-migration but were flagged for removal; this ships the modern saved shape. graph -> timeseries (6 panels): SPF Results Over Time, DKIM Results Over Time, SPF Alignment Over Time, DKIM Alignment Over Time, DMARC Passage Over Time, Message Disposition Over Time. Panel `aliasColors` (e.g. {true: dark-green, false: dark-red}) are translated into per-series `fieldConfig.overrides` so the green/red by-pass-fail colorings carry forward; legacy graph fields (lines, fill, yaxes, tooltip etc.) are dropped in favor of the new `fieldConfig.defaults.custom` block and `options.legend` / `options.tooltip`. worldmap -> geomap (2 panels): Map of Message Source Countries (aggregate), Forensic Sample Sources by Country (forensic). The legacy `locationData=countries` lookup-by-ISO becomes a geomap markers layer with `location.mode=lookup`, `gazetteer=public/gazetteer/countries.json`, and `lookup=source_country.keyword` — same input data, modern renderer. Drops the date_histogram bucket from the geomap targets since the map is a snapshot over the panel time range, not a time series. Verified against the bundled grafana/grafana:12.3.0: dashboard imports with status=success and `version=19`, live panel types now report `{timeseries: 6, geomap: 2, table: 14, grafana-piechart-panel: 3, stat: 1, row: 3}` — no more `graph` or `grafana-worldmap-panel` entries. Co-Authored-By: Claude Opus 4.7 (1M context) --------- Co-authored-by: Sean Whalen Co-authored-by: Claude Opus 4.7 (1M context) --- dashboards/grafana/Grafana-DMARC_Reports.json | 1665 +++++++++++------ 1 file changed, 1106 insertions(+), 559 deletions(-) diff --git a/dashboards/grafana/Grafana-DMARC_Reports.json b/dashboards/grafana/Grafana-DMARC_Reports.json index cb3a967..2e9ffcb 100644 --- a/dashboards/grafana/Grafana-DMARC_Reports.json +++ b/dashboards/grafana/Grafana-DMARC_Reports.json @@ -68,7 +68,7 @@ "gnetId": null, "graphTooltip": 0, "id": null, - "iteration": 1616327630073, + "iteration": 1777267012724, "links": [], "panels": [ { @@ -83,7 +83,7 @@ "id": 28, "panels": [ { - "content": "# DMARC Summary\r\nAs the name suggests, this dashboard is the best place to start reviewing your aggregate DMARC data.\r\n\r\nAcross the top of the dashboard, three pie charts display the percentage of alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment will filter for that value.\r\n\r\n***Note***\r\nMessages should not be considered malicious just because they failed to pass DMARC; especially if you have just started collecting data. It may be a legitimate service that needs SPF and DKIM configured correctly.\r\n\r\nStart by filtering the results to only show failed DKIM alignment. While DMARC passes if a message passes SPF or DKIM alignment, only DKIM alignment remains valid when a message is forwarded without changing the from address, which is often caused by a mailbox forwarding rule. This is because DKIM signatures are part of the message headers, whereas SPF relies on SMTP session headers.\r\n\r\nUnderneath the pie charts. you can see graphs of DMARC passage and message disposition over time.\r\n\r\nUnder the graphs you will find the most useful data tables on the dashboard. On the left, there is a list of organizations that are sending you DMARC reports. In the center, there is a list of sending servers grouped by the base domain in their reverse DNS. On the right, there is a list of email from domains, sorted by message volume.\r\n\r\nBy hovering your mouse over a data table value and using the magnifying glass icons, you can filter on or filter out different values. Start by looking at the Message Sources by Reverse DNS table. Find a sender that you recognize, such as an email marketing service, hover over it, and click on the plus (+) magnifying glass icon, to add a filter that only shows results for that sender. Now, look at the Message From Header table to the right. That shows you the domains that a sender is sending as, which might tell you which brand/business is using a particular service. With that information, you can contact them and have them set up DKIM.\r\n\r\n***Note***\r\nIf you have a lot of B2C customers, you may see a high volume of emails as your domains coming from consumer email services, such as Google/Gmail and Yahoo! This occurs when customers have mailbox rules in place that forward emails from an old account to a new account, which is why DKIM authentication is so important, as mentioned earlier. Similar patterns may be observed with businesses who send from reverse DNS addressees of parent, subsidiary, and outdated brands.\r\n\r\n***Note***\r\nYou can add your own custom temporary filters by clicking on Add Filter at the upper right of the page.\r\n\r\n# DMARC Forensic Samples\r\nThe DMARC Forensic Samples section contains information on DMARC forensic reports (also known as failure reports or ruf reports). These reports contain samples of emails that have failed to pass DMARC.\r\n\r\n***Note***\r\nMost recipients do not send forensic/failure/ruf reports at all to avoid privacy leaks. Some recipients (notably Chinese webmail services) will only supply the headers of sample emails. Very few provide the entire email.\r\n\r\n# DMARC Alignment Guide\r\nDMARC ensures that SPF and DKIM authentication mechanisms actually authenticate against the same domain that the end user sees.\r\n\r\nA message passes a DMARC check by passing DKIM or SPF, **as long as the related indicators are also in alignment.**\r\n\r\n| \t| DKIM \t| SPF \t|\r\n|-----------\t|--------------------------------------------------------------------------------------------------------------------------------------------------\t|----------------------------------------------------------------------------------------------------------------\t|\r\n| **Passing** \t| The signature in the DKIM header is validated using a public key that is published as a DNS record of the domain name specified in the signature \t| The mail server's IP address is listed in the SPF record of the domain in the SMTP envelope's mail from header \t|\r\n| **Alignment** \t| The signing domain aligns with the domain in the message's from header \t| The domain in the SMTP envelope's mail from header aligns with the domain in the message's from header \t|\r\n\r\n\r\n# Further Reading\r\n[Demystifying DMARC: A guide to preventing email spoofing](https://seanthegeek.net/459/demystifying-dmarc/amp/)\r\n\r\n[DMARC Manual](https://menainfosec.com/wp-content/uploads/2017/12/DMARC_Service_Manual.pdf)\r\n\r\n[What is “External Destination Verification”?](https://dmarcian.com/what-is-external-destination-verification/)", + "content": "# DMARC Summary\r\nAs the name suggests, this dashboard is the best place to start reviewing your aggregate DMARC data.\r\n\r\nAcross the top of the dashboard, three pie charts display the percentage of alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment will filter for that value.\r\n\r\n***Note***\r\nMessages should not be considered malicious just because they failed to pass DMARC; especially if you have just started collecting data. It may be a legitimate service that needs SPF and DKIM configured correctly.\r\n\r\nStart by filtering the results to only show failed DKIM alignment. While DMARC passes if a message passes SPF or DKIM alignment, only DKIM alignment remains valid when a message is forwarded without changing the from address, which is often caused by a mailbox forwarding rule. This is because DKIM signatures are part of the message headers, whereas SPF relies on SMTP session headers.\r\n\r\nUnderneath the pie charts. you can see graphs of DMARC passage and message disposition over time.\r\n\r\nUnder the graphs you will find the most useful data tables on the dashboard. On the left, there is a list of organizations that are sending you DMARC reports. In the center, there is a list of sending servers grouped by the base domain in their reverse DNS. On the right, there is a list of email from domains, sorted by message volume.\r\n\r\nBy hovering your mouse over a data table value and using the magnifying glass icons, you can filter on or filter out different values. Start by looking at the Message Sources by Reverse DNS table. Find a sender that you recognize, such as an email marketing service, hover over it, and click on the plus (+) magnifying glass icon, to add a filter that only shows results for that sender. Now, look at the Message From Header table to the right. That shows you the domains that a sender is sending as, which might tell you which brand/business is using a particular service. With that information, you can contact them and have them set up DKIM.\r\n\r\n***Note***\r\nIf you have a lot of B2C customers, you may see a high volume of emails as your domains coming from consumer email services, such as Google/Gmail and Yahoo! This occurs when customers have mailbox rules in place that forward emails from an old account to a new account, which is why DKIM authentication is so important, as mentioned earlier. Similar patterns may be observed with businesses who send from reverse DNS addressees of parent, subsidiary, and outdated brands.\r\n\r\n***Note***\r\nYou can add your own custom temporary filters by clicking on Add Filter at the upper right of the page.\r\n\r\n# DMARC Forensic Samples\r\nThe DMARC Forensic Samples section contains information on DMARC forensic reports (also known as failure reports or ruf reports). These reports contain samples of emails that have failed to pass DMARC.\r\n\r\n***Note***\r\nMost recipients do not send forensic/failure/ruf reports at all to avoid privacy leaks. Some recipients (notably Chinese webmail services) will only supply the headers of sample emails. Very few provide the entire email.\r\n\r\n# DMARC Alignment Guide\r\nDMARC ensures that SPF and DKIM authentication mechanisms actually authenticate against the same domain that the end user sees.\r\n\r\nA message passes a DMARC check by passing DKIM or SPF, **as long as the related indicators are also in alignment.**\r\n\r\n| \t| DKIM \t| SPF \t|\r\n|-----------\t|--------------------------------------------------------------------------------------------------------------------------------------------------\t|----------------------------------------------------------------------------------------------------------------\t|\r\n| **Passing** \t| The signature in the DKIM header is validated using a public key that is published as a DNS record of the domain name specified in the signature \t| The mail server's IP address is listed in the SPF record of the domain in the SMTP envelope's mail from header \t|\r\n| **Alignment** \t| The signing domain aligns with the domain in the message's from header \t| The domain in the SMTP envelope's mail from header aligns with the domain in the message's from header \t|\r\n\r\n\r\n# Further Reading\r\n[Demystifying DMARC: A guide to preventing email spoofing](https://seanthegeek.net/459/demystifying-dmarc/amp/)\r\n\r\n[DMARC Manual](https://menainfosec.com/wp-content/uploads/2017/12/DMARC_Service_Manual.pdf)\r\n\r\n[What is \u201cExternal Destination Verification\u201d?](https://dmarcian.com/what-is-external-destination-verification/)", "datasource": null, "fieldConfig": { "defaults": { @@ -101,7 +101,7 @@ "links": [], "mode": "markdown", "options": { - "content": "# DMARC Summary\r\nAs the name suggests, this dashboard is the best place to start reviewing your aggregate DMARC data.\r\n\r\nAcross the top of the dashboard, three pie charts display the percentage of alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment will filter for that value.\r\n\r\n***Note***\r\nMessages should not be considered malicious just because they failed to pass DMARC; especially if you have just started collecting data. It may be a legitimate service that needs SPF and DKIM configured correctly.\r\n\r\nStart by filtering the results to only show failed DKIM alignment. While DMARC passes if a message passes SPF or DKIM alignment, only DKIM alignment remains valid when a message is forwarded without changing the from address, which is often caused by a mailbox forwarding rule. This is because DKIM signatures are part of the message headers, whereas SPF relies on SMTP session headers.\r\n\r\nUnderneath the pie charts. you can see graphs of DMARC passage and message disposition over time.\r\n\r\nUnder the graphs you will find the most useful data tables on the dashboard. On the left, there is a list of organizations that are sending you DMARC reports. In the center, there is a list of sending servers grouped by the base domain in their reverse DNS. On the right, there is a list of email from domains, sorted by message volume.\r\n\r\nBy hovering your mouse over a data table value and using the magnifying glass icons, you can filter on or filter out different values. Start by looking at the Message Sources by Reverse DNS table. Find a sender that you recognize, such as an email marketing service, hover over it, and click on the plus (+) magnifying glass icon, to add a filter that only shows results for that sender. Now, look at the Message From Header table to the right. That shows you the domains that a sender is sending as, which might tell you which brand/business is using a particular service. With that information, you can contact them and have them set up DKIM.\r\n\r\n***Note***\r\nIf you have a lot of B2C customers, you may see a high volume of emails as your domains coming from consumer email services, such as Google/Gmail and Yahoo! This occurs when customers have mailbox rules in place that forward emails from an old account to a new account, which is why DKIM authentication is so important, as mentioned earlier. Similar patterns may be observed with businesses who send from reverse DNS addressees of parent, subsidiary, and outdated brands.\r\n\r\n***Note***\r\nYou can add your own custom temporary filters by clicking on Add Filter at the upper right of the page.\r\n\r\n# DMARC Forensic Samples\r\nThe DMARC Forensic Samples section contains information on DMARC forensic reports (also known as failure reports or ruf reports). These reports contain samples of emails that have failed to pass DMARC.\r\n\r\n***Note***\r\nMost recipients do not send forensic/failure/ruf reports at all to avoid privacy leaks. Some recipients (notably Chinese webmail services) will only supply the headers of sample emails. Very few provide the entire email.\r\n\r\n# DMARC Alignment Guide\r\nDMARC ensures that SPF and DKIM authentication mechanisms actually authenticate against the same domain that the end user sees.\r\n\r\nA message passes a DMARC check by passing DKIM or SPF, **as long as the related indicators are also in alignment.**\r\n\r\n| \t| DKIM \t| SPF \t|\r\n|-----------\t|--------------------------------------------------------------------------------------------------------------------------------------------------\t|----------------------------------------------------------------------------------------------------------------\t|\r\n| **Passing** \t| The signature in the DKIM header is validated using a public key that is published as a DNS record of the domain name specified in the signature \t| The mail server's IP address is listed in the SPF record of the domain in the SMTP envelope's mail from header \t|\r\n| **Alignment** \t| The signing domain aligns with the domain in the message's from header \t| The domain in the SMTP envelope's mail from header aligns with the domain in the message's from header \t|\r\n\r\n\r\n# Further Reading\r\n[Demystifying DMARC: A guide to preventing email spoofing](https://seanthegeek.net/459/demystifying-dmarc/amp/)\r\n\r\n[DMARC Manual](https://menainfosec.com/wp-content/uploads/2017/12/DMARC_Service_Manual.pdf)\r\n\r\n[What is “External Destination Verification”?](https://dmarcian.com/what-is-external-destination-verification/)", + "content": "# DMARC Summary\r\nAs the name suggests, this dashboard is the best place to start reviewing your aggregate DMARC data.\r\n\r\nAcross the top of the dashboard, three pie charts display the percentage of alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment will filter for that value.\r\n\r\n***Note***\r\nMessages should not be considered malicious just because they failed to pass DMARC; especially if you have just started collecting data. It may be a legitimate service that needs SPF and DKIM configured correctly.\r\n\r\nStart by filtering the results to only show failed DKIM alignment. While DMARC passes if a message passes SPF or DKIM alignment, only DKIM alignment remains valid when a message is forwarded without changing the from address, which is often caused by a mailbox forwarding rule. This is because DKIM signatures are part of the message headers, whereas SPF relies on SMTP session headers.\r\n\r\nUnderneath the pie charts. you can see graphs of DMARC passage and message disposition over time.\r\n\r\nUnder the graphs you will find the most useful data tables on the dashboard. On the left, there is a list of organizations that are sending you DMARC reports. In the center, there is a list of sending servers grouped by the base domain in their reverse DNS. On the right, there is a list of email from domains, sorted by message volume.\r\n\r\nBy hovering your mouse over a data table value and using the magnifying glass icons, you can filter on or filter out different values. Start by looking at the Message Sources by Reverse DNS table. Find a sender that you recognize, such as an email marketing service, hover over it, and click on the plus (+) magnifying glass icon, to add a filter that only shows results for that sender. Now, look at the Message From Header table to the right. That shows you the domains that a sender is sending as, which might tell you which brand/business is using a particular service. With that information, you can contact them and have them set up DKIM.\r\n\r\n***Note***\r\nIf you have a lot of B2C customers, you may see a high volume of emails as your domains coming from consumer email services, such as Google/Gmail and Yahoo! This occurs when customers have mailbox rules in place that forward emails from an old account to a new account, which is why DKIM authentication is so important, as mentioned earlier. Similar patterns may be observed with businesses who send from reverse DNS addressees of parent, subsidiary, and outdated brands.\r\n\r\n***Note***\r\nYou can add your own custom temporary filters by clicking on Add Filter at the upper right of the page.\r\n\r\n# DMARC Forensic Samples\r\nThe DMARC Forensic Samples section contains information on DMARC forensic reports (also known as failure reports or ruf reports). These reports contain samples of emails that have failed to pass DMARC.\r\n\r\n***Note***\r\nMost recipients do not send forensic/failure/ruf reports at all to avoid privacy leaks. Some recipients (notably Chinese webmail services) will only supply the headers of sample emails. Very few provide the entire email.\r\n\r\n# DMARC Alignment Guide\r\nDMARC ensures that SPF and DKIM authentication mechanisms actually authenticate against the same domain that the end user sees.\r\n\r\nA message passes a DMARC check by passing DKIM or SPF, **as long as the related indicators are also in alignment.**\r\n\r\n| \t| DKIM \t| SPF \t|\r\n|-----------\t|--------------------------------------------------------------------------------------------------------------------------------------------------\t|----------------------------------------------------------------------------------------------------------------\t|\r\n| **Passing** \t| The signature in the DKIM header is validated using a public key that is published as a DNS record of the domain name specified in the signature \t| The mail server's IP address is listed in the SPF record of the domain in the SMTP envelope's mail from header \t|\r\n| **Alignment** \t| The signing domain aligns with the domain in the message's from header \t| The domain in the SMTP envelope's mail from header aligns with the domain in the message's from header \t|\r\n\r\n\r\n# Further Reading\r\n[Demystifying DMARC: A guide to preventing email spoofing](https://seanthegeek.net/459/demystifying-dmarc/amp/)\r\n\r\n[DMARC Manual](https://menainfosec.com/wp-content/uploads/2017/12/DMARC_Service_Manual.pdf)\r\n\r\n[What is \u201cExternal Destination Verification\u201d?](https://dmarcian.com/what-is-external-destination-verification/)", "mode": "markdown" }, "pluginVersion": "7.1.0", @@ -403,27 +403,27 @@ "valueName": "total" }, { - "aliasColors": { - "Pass": "dark-green", - "fail": "dark-red", - "false": "dark-yellow", - "neutral": "super-light-blue", - "none": "dark-yellow", - "pass": "dark-green", - "permerror": "dark-orange", - "softfail": "super-light-green", - "temperror": "semi-dark-yellow", - "true": "dark-green" - }, - "bars": false, "cacheTimeout": null, - "dashLength": 10, - "dashes": false, "datasource": "$datasourceag", - "decimals": null, "fieldConfig": { "defaults": { - "custom": {}, + "custom": { + "drawStyle": "line", + "lineWidth": 2, + "fillOpacity": 20, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "lineInterpolation": "linear" + }, "links": [ { "title": "", @@ -431,47 +431,180 @@ } ] }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-red" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "neutral" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "super-light-blue" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "permerror" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-orange" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "softfail" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "super-light-green" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "temperror" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "semi-dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + } + ] }, - "fill": 2, - "fillGradient": 6, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 11 }, - "hiddenSeries": false, "id": 33, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "showLegend": true, + "displayMode": "list", + "placement": "right", + "calcs": [] + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, "pluginVersion": "7.4.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "bucketAggs": [ @@ -514,111 +647,194 @@ "timeField": "date_range" } ], - "thresholds": [], "timeFrom": null, - "timeRegions": [], "timeShift": null, "title": "SPF Results Over Time", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "Pass": "dark-green", - "fail": "dark-red", - "false": "dark-yellow", - "neutral": "super-light-blue", - "none": "dark-yellow", - "pass": "dark-green", - "permerror": "dark-orange", - "temperror": "semi-dark-yellow", - "true": "dark-green" - }, - "bars": false, "cacheTimeout": null, - "dashLength": 10, - "dashes": false, "datasource": "$datasourceag", - "decimals": null, "fieldConfig": { "defaults": { - "custom": {}, + "custom": { + "drawStyle": "line", + "lineWidth": 2, + "fillOpacity": 20, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "lineInterpolation": "linear" + }, "links": [] }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-red" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "neutral" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "super-light-blue" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "permerror" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-orange" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "temperror" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "semi-dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + } + ] }, - "fill": 2, - "fillGradient": 6, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 11 }, - "hiddenSeries": false, "id": 19, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "showLegend": true, + "displayMode": "list", + "placement": "right", + "calcs": [] + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, "pluginVersion": "7.4.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "bucketAggs": [ @@ -661,104 +877,89 @@ "timeField": "date_range" } ], - "thresholds": [], "timeFrom": null, - "timeRegions": [], "timeShift": null, "title": "DKIM Results Over Time", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "false": "dark-yellow", - "true": "dark-green" - }, - "bars": false, "cacheTimeout": null, - "dashLength": 10, - "dashes": false, "datasource": "$datasourceag", - "decimals": null, "fieldConfig": { "defaults": { - "custom": {}, + "custom": { + "drawStyle": "line", + "lineWidth": 2, + "fillOpacity": 20, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "lineInterpolation": "linear" + }, "links": [] }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + } + ] }, - "fill": 2, - "fillGradient": 6, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 20 }, - "hiddenSeries": false, "id": 18, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "showLegend": true, + "displayMode": "list", + "placement": "right", + "calcs": [] + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, "pluginVersion": "7.4.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "bucketAggs": [ @@ -803,104 +1004,89 @@ "timeField": "date_range" } ], - "thresholds": [], "timeFrom": null, - "timeRegions": [], "timeShift": null, "title": "SPF Alignment Over Time", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "false": "dark-yellow", - "true": "dark-green" - }, - "bars": false, "cacheTimeout": null, - "dashLength": 10, - "dashes": false, "datasource": "$datasourceag", - "decimals": null, "fieldConfig": { "defaults": { - "custom": {}, + "custom": { + "drawStyle": "line", + "lineWidth": 2, + "fillOpacity": 20, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "lineInterpolation": "linear" + }, "links": [] }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-yellow" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + } + ] }, - "fill": 2, - "fillGradient": 6, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 20 }, - "hiddenSeries": false, "id": 34, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "showLegend": true, + "displayMode": "list", + "placement": "right", + "calcs": [] + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, "pluginVersion": "7.4.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "bucketAggs": [ @@ -945,104 +1131,89 @@ "timeField": "date_range" } ], - "thresholds": [], "timeFrom": null, - "timeRegions": [], "timeShift": null, "title": "DKIM Alignment Over Time", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "false": "dark-red", - "true": "dark-green" - }, - "bars": false, "cacheTimeout": null, - "dashLength": 10, - "dashes": false, "datasource": "$datasourceag", - "decimals": null, "fieldConfig": { "defaults": { - "custom": {}, + "custom": { + "drawStyle": "line", + "lineWidth": 2, + "fillOpacity": 20, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "lineInterpolation": "linear" + }, "links": [] }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-red" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + } + ] }, - "fill": 2, - "fillGradient": 6, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 29 }, - "hiddenSeries": false, "id": 7, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "showLegend": true, + "displayMode": "list", + "placement": "right", + "calcs": [] + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, "pluginVersion": "7.4.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "bucketAggs": [ @@ -1087,102 +1258,104 @@ "timeField": "date_range" } ], - "thresholds": [], "timeFrom": null, - "timeRegions": [], "timeShift": null, "title": "DMARC Passage Over Time", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": { - "none": "dark-green", - "quarantine": "semi-dark-orange", - "reject": "red" - }, - "bars": false, "cacheTimeout": null, - "dashLength": 10, - "dashes": false, "datasource": "$datasourceag", "fieldConfig": { "defaults": { - "custom": {}, + "custom": { + "drawStyle": "line", + "lineWidth": 2, + "fillOpacity": 20, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "mode": "none", + "group": "A" + }, + "axisPlacement": "auto", + "axisLabel": "", + "scaleDistribution": { + "type": "linear" + }, + "lineInterpolation": "linear" + }, "links": [] }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "dark-green" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "quarantine" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "semi-dark-orange" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "reject" + }, + "properties": [ + { + "id": "color", + "value": { + "mode": "fixed", + "fixedColor": "red" + } + } + ] + } + ] }, - "fill": 2, - "fillGradient": 6, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 29 }, - "hiddenSeries": false, "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, "links": [], - "nullPointMode": "null", "options": { - "alertThreshold": true + "legend": { + "showLegend": true, + "displayMode": "list", + "placement": "right", + "calcs": [] + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } }, - "percentage": false, "pluginVersion": "7.4.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, "targets": [ { "bucketAggs": [ @@ -1225,46 +1398,10 @@ "timeField": "date_range" } ], - "thresholds": [], "timeFrom": null, - "timeRegions": [], "timeShift": null, "title": "Message Disposition Over Time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { "cacheTimeout": null, @@ -1816,19 +1953,32 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": [ - "#37872D", - "#FA6400", - "#C4162A" - ], "datasource": "$datasourceag", - "decimals": 0, - "esMetric": "Count", "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "thresholds" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "custom": { + "hideFrom": { + "tooltip": false, + "legend": false, + "viz": false + } + } }, "overrides": [] }, @@ -1838,26 +1988,8 @@ "x": 0, "y": 53 }, - "hideEmpty": true, - "hideZero": true, "id": 12, - "initialZoom": "1", "links": [], - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, - "maxDataPoints": 1, - "mouseWheelZoom": true, - "showLegend": true, - "stickyLabels": true, - "tableQueryOptions": { - "geohashField": "geohash", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" - }, "targets": [ { "bucketAggs": [ @@ -1873,18 +2005,6 @@ "size": "0" }, "type": "terms" - }, - { - "$$hashKey": "object:711", - "fake": true, - "field": "date_range", - "id": "6", - "settings": { - "fixed_interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" } ], "hide": false, @@ -1903,15 +2023,65 @@ "timeField": "date_range" } ], - "thresholds": "10,500", "timeFrom": null, "timeShift": null, "title": "Map of Message Source Countries", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "unitSingular": "", - "valueName": "total" + "type": "geomap", + "options": { + "view": { + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1, + "padding": 0 + }, + "basemap": { + "type": "default", + "name": "Layer 0", + "config": {} + }, + "layers": [ + { + "type": "markers", + "name": "Sources", + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.5, + "size": { + "fixed": 5, + "min": 2, + "max": 30 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + } + } + }, + "location": { + "mode": "lookup", + "lookup": "source_country.keyword", + "gazetteer": "public/gazetteer/countries.json" + }, + "tooltip": true + } + ], + "controls": { + "showZoom": true, + "mouseWheelZoom": true, + "showScale": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false + }, + "tooltip": { + "mode": "details" + } + } }, { "datasource": "$datasourceag", @@ -3784,19 +3954,32 @@ "type": "table" }, { - "circleMaxSize": 30, - "circleMinSize": 2, - "colors": [ - "#C4162A", - "#FA6400", - "#37872D" - ], "datasource": "$datasourcefo", - "decimals": 0, - "esMetric": "Count", "fieldConfig": { "defaults": { - "custom": {} + "color": { + "mode": "thresholds" + }, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "custom": { + "hideFrom": { + "tooltip": false, + "legend": false, + "viz": false + } + } }, "overrides": [] }, @@ -3806,27 +3989,8 @@ "x": 0, "y": 118 }, - "hideEmpty": true, - "hideZero": true, "id": 22, - "initialZoom": "1", "links": [], - "locationData": "countries", - "mapCenter": "(0°, 0°)", - "mapCenterLatitude": 0, - "mapCenterLongitude": 0, - "maxDataPoints": 1, - "mouseWheelZoom": true, - "showLegend": true, - "stickyLabels": true, - "tableQueryOptions": { - "geohashField": "geohash", - "labelField": "", - "latitudeField": "latitude", - "longitudeField": "longitude", - "metricField": "metric", - "queryType": "geohash" - }, "targets": [ { "bucketAggs": [ @@ -3842,18 +4006,6 @@ "size": "10" }, "type": "terms" - }, - { - "$$hashKey": "object:61", - "fake": true, - "field": "arrival_date", - "id": "7", - "settings": { - "fixed_interval": "auto", - "min_doc_count": 0, - "trimEdges": 0 - }, - "type": "date_histogram" } ], "hide": false, @@ -3872,14 +4024,65 @@ "timeField": "arrival_date" } ], - "thresholds": "100,0", "timeFrom": null, "timeShift": null, "title": "Forensic Sample Sources by Country", - "type": "grafana-worldmap-panel", - "unitPlural": "", - "unitSingle": "", - "valueName": "total" + "type": "geomap", + "options": { + "view": { + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1, + "padding": 0 + }, + "basemap": { + "type": "default", + "name": "Layer 0", + "config": {} + }, + "layers": [ + { + "type": "markers", + "name": "Sources", + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.5, + "size": { + "fixed": 5, + "min": 2, + "max": 30 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + } + } + }, + "location": { + "mode": "lookup", + "lookup": "source_country.keyword", + "gazetteer": "public/gazetteer/countries.json" + }, + "tooltip": true + } + ], + "controls": { + "showZoom": true, + "mouseWheelZoom": true, + "showScale": false, + "showAttribution": true, + "showDebug": false, + "showMeasure": false + }, + "tooltip": { + "mode": "details" + } + } }, { "datasource": "$datasourcefo", @@ -4217,6 +4420,350 @@ } ], "type": "table" + }, + { + "datasource": "$datasourceag", + "fieldConfig": { + "defaults": { + "custom": { + "align": null, + "filterable": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.displayMode", + "value": "gradient-gauge" + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Source name" + }, + "properties": [ + { + "id": "custom.width", + "value": 280 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Source type" + }, + "properties": [ + { + "id": "custom.width", + "value": 200 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 129 + }, + "id": 44, + "links": [], + "options": { + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "7.4.5", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "source_name.keyword", + "id": "11", + "settings": { + "min_doc_count": "1", + "missing": null, + "order": "desc", + "orderBy": "1", + "size": "0" + }, + "type": "terms" + }, + { + "fake": true, + "field": "source_type.keyword", + "id": "12", + "settings": { + "min_doc_count": "1", + "missing": null, + "order": "desc", + "orderBy": "1", + "size": "0" + }, + "type": "terms" + } + ], + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_range" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Message sources by name and type", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "source_name.keyword": "Source name", + "source_type.keyword": "Source type", + "Sum": "Messages" + } + } + } + ], + "type": "table" + }, + { + "datasource": "$datasourceag", + "fieldConfig": { + "defaults": { + "custom": { + "align": null, + "filterable": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.displayMode", + "value": "gradient-gauge" + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ASN" + }, + "properties": [ + { + "id": "custom.width", + "value": 100 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "AS name" + }, + "properties": [ + { + "id": "custom.width", + "value": 280 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "AS domain" + }, + "properties": [ + { + "id": "custom.width", + "value": 200 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 140 + }, + "id": 45, + "links": [], + "options": { + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "7.4.5", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "source_asn", + "id": "11", + "settings": { + "min_doc_count": "1", + "missing": null, + "order": "desc", + "orderBy": "1", + "size": "0" + }, + "type": "terms" + }, + { + "fake": true, + "field": "source_as_name.keyword", + "id": "12", + "settings": { + "min_doc_count": "1", + "missing": null, + "order": "desc", + "orderBy": "1", + "size": "0" + }, + "type": "terms" + }, + { + "fake": true, + "field": "source_as_domain.keyword", + "id": "13", + "settings": { + "min_doc_count": "1", + "missing": null, + "order": "desc", + "orderBy": "1", + "size": "0" + }, + "type": "terms" + } + ], + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_range" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Message sources by Autonomous System", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "source_asn": "ASN", + "source_as_name.keyword": "AS name", + "source_as_domain.keyword": "AS domain", + "Sum": "Messages" + } + } + } + ], + "type": "table" } ], "refresh": "10s", @@ -4359,4 +4906,4 @@ "title": "DMARC Reports", "uid": "SDksirRWz", "version": 114 -} \ No newline at end of file +}