{ "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "datasource", "uid": "grafana" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "description": "", "editable": true, "fiscalYearStartMonth": 0, "gnetId": 11227, "graphTooltip": 0, "id": 7, "links": [], "liveNow": false, "panels": [ { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "decimals": 2, "mappings": [], "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "SPF Aligned Fail & ARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "SPF Aligned Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "SPF Aligned Fail & NOT ARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 8, "x": 0, "y": 0 }, "id": 6, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true, "values": [ "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "alias": "SPF Aligned Pass", "bucketAggs": [ { "$$hashKey": "object:244", "field": "date_begin", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:241", "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND spf_aligned:true", "refId": "A", "timeField": "date_begin" }, { "alias": "SPF Aligned Fail & ARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND spf_aligned:false AND policy_overrides.comment.keyword:arc=pass", "refId": "B", "timeField": "date_begin" }, { "alias": "SPF Aligned Fail & NOT ARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND spf_aligned:false AND NOT policy_overrides.comment.keyword:arc=pass", "refId": "C", "timeField": "date_begin" } ], "title": "SPF Alignment", "transparent": true, "type": "piechart" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "decimals": 2, "mappings": [], "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "DKIM Aligned Fail & ARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "DKIM Aligned Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "DKIM Aligned Fail & NOT ARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 8, "x": 8, "y": 0 }, "id": 2, "interval": "1h", "options": { "displayLabels": [], "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true, "values": [ "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "alias": "DKIM Aligned Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND dkim_aligned:true", "refId": "A", "timeField": "date_begin" }, { "alias": "DKIM Aligned Fail & ARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND dkim_aligned:false AND policy_overrides.comment.keyword:arc=pass", "refId": "B", "timeField": "date_begin" }, { "alias": "DKIM Aligned Fail & NOT ARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND dkim_aligned:false AND NOT policy_overrides.comment.keyword:arc=pass", "refId": "C", "timeField": "date_begin" } ], "title": "DKIM Alignment", "transparent": true, "type": "piechart" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "decimals": 2, "mappings": [], "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "DMARC Fail & ARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "DMARC Fail & NOT ARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "DMARC Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 8, "x": 16, "y": 0 }, "id": 5, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true, "values": [ "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "alias": "DMARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "4", "settings": { "interval": "auto", "min_doc_count": "0", "timeZone": "utc", "trimEdges": "0" }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:383", "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND passed_dmarc:true", "refId": "A", "timeField": "date_begin" }, { "alias": "DMARC Fail & ARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND passed_dmarc:false AND policy_overrides.comment.keyword:arc=pass", "refId": "B", "timeField": "date_begin" }, { "alias": "DMARC Fail & NOT ARC Pass", "bucketAggs": [ { "field": "date_begin", "id": "2", "settings": { "interval": "auto" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain AND passed_dmarc:false AND NOT policy_overrides.comment.keyword:arc=pass", "refId": "C", "timeField": "date_begin" } ], "title": "DMARC Passage", "transparent": true, "type": "piechart" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 60, "gradientMode": "opacity", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 2, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "links": [ { "title": "", "url": "" } ], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "fail" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "false" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "neutral" }, "properties": [ { "id": "color", "value": { "fixedColor": "super-light-blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "none" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "permerror" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "softfail" }, "properties": [ { "id": "color", "value": { "fixedColor": "super-light-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "temperror" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "true" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 9 }, "id": 33, "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "pluginVersion": "10.4.3", "targets": [ { "bucketAggs": [ { "fake": true, "field": "spf_results.result.keyword", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "date_begin", "id": "2", "settings": { "interval": "1d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "SPF Results Over Time", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 60, "gradientMode": "opacity", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 2, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "links": [], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "Pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "fail" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "false" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "neutral" }, "properties": [ { "id": "color", "value": { "fixedColor": "super-light-blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "none" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "pass" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "permerror" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "temperror" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "true" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 9 }, "id": 19, "interval": "$interval", "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "pluginVersion": "10.4.3", "targets": [ { "bucketAggs": [ { "fake": true, "field": "dkim_results.result.keyword", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "date_begin", "id": "2", "settings": { "interval": "1d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "DKIM Results Over Time", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 60, "gradientMode": "opacity", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 2, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "links": [], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "false" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "true" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 18 }, "id": 18, "interval": "$interval", "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "pluginVersion": "10.4.3", "targets": [ { "bucketAggs": [ { "fake": true, "field": "spf_aligned", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "date_begin", "id": "2", "settings": { "interval": "1d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "SPF Alignment Over Time", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 60, "gradientMode": "opacity", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 2, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "links": [], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "false" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-yellow", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "true" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 18 }, "id": 34, "interval": "$interval", "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "pluginVersion": "10.4.3", "targets": [ { "bucketAggs": [ { "fake": true, "field": "dkim_aligned", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "date_begin", "id": "2", "settings": { "interval": "1d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "DKIM Alignment Over Time", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 60, "gradientMode": "opacity", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 2, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "links": [], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "false" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-red", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "true" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 0, "y": 27 }, "id": 7, "interval": "1day", "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "desc" } }, "pluginVersion": "10.4.3", "targets": [ { "bucketAggs": [ { "fake": true, "field": "passed_dmarc", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "date_begin", "id": "2", "settings": { "interval": "1d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "DMARC Passage Over Time", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "drawStyle": "line", "fillOpacity": 60, "gradientMode": "opacity", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 2, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "never", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } }, "links": [], "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "none" }, "properties": [ { "id": "color", "value": { "fixedColor": "dark-green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "quarantine" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-orange", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "reject" }, "properties": [ { "id": "color", "value": { "fixedColor": "red", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 27 }, "id": 8, "interval": "$interval", "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "right", "showLegend": true }, "tooltip": { "mode": "multi", "sort": "none" } }, "pluginVersion": "10.4.3", "targets": [ { "bucketAggs": [ { "fake": true, "field": "disposition.keyword", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "date_begin", "id": "2", "settings": { "interval": "1d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "field": "message_count", "id": "1", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Message Disposition Over Time", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "description": "Total Message Count", "fieldConfig": { "defaults": { "displayName": "Total Message Count", "mappings": [ { "options": { "match": "null", "result": { "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "dark-blue", "value": null } ] }, "unit": "locale" }, "overrides": [ { "matcher": { "id": "byName", "options": "Value" }, "properties": [ { "id": "unit", "value": "none" } ] } ] }, "gridPos": { "h": 4, "w": 12, "x": 0, "y": 36 }, "id": 36, "interval": "24h", "options": { "colorMode": "background", "graphMode": "area", "justifyMode": "auto", "orientation": "auto", "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "showPercentChange": false, "textMode": "value_and_name", "wideLayout": true }, "pluginVersion": "10.1.6", "targets": [ { "alias": "", "bucketAggs": [ { "$$hashKey": "object:430", "fake": true, "field": "date_begin", "id": "6", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:428", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "transparent": true, "type": "stat" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } } ] } ] }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 36 }, "id": 10, "interval": "$interval", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:920", "fake": true, "field": "source_base_domain.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "none", "order": "desc", "orderBy": "4", "size": "2000" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:918", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Top 2000 Message Sources by Reverse DNS", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "Sum": "Messages", "source_base_domain.keyword": "Sender PTR Domain" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } } ] }, { "matcher": { "id": "byName", "options": "Reporting Organisation" }, "properties": [ { "id": "custom.width", "value": 183 } ] } ] }, "gridPos": { "h": 11, "w": 12, "x": 0, "y": 40 }, "id": 9, "interval": "$interval", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": [ "Sum" ], "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:291", "fake": true, "field": "org_name.keyword", "id": "7", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:98", "fake": true, "field": "org_extra_contact_info.keyword", "id": "6", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:96", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" }, { "bucketAggs": [ { "$$hashKey": "object:102", "fake": true, "field": "org_extra_contact_info.keyword", "id": "6", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": true, "metrics": [ { "$$hashKey": "object:100", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "B", "timeField": "date_begin" } ], "title": "Reporting Organisations", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "Sum": "Messages", "org_extra_contact_info.keyword": "Org Contact Info", "org_name.keyword": "Reporting Organisation" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Header From" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record", "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage" } ] } ] }, { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } } ] } ] }, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 44 }, "id": 11, "interval": "$interval", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:388", "fake": true, "field": "header_from.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "none", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:386", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Message Volume by Header From", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "Sum": "Messages", "header_from.keyword": "Header From" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "dark-green", "value": null } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "source_country.keyword" }, "properties": [ { "id": "displayName", "value": "Country" } ] } ] }, "gridPos": { "h": 10, "w": 16, "x": 0, "y": 51 }, "id": 12, "interval": "$interval", "maxDataPoints": 1, "options": { "basemap": { "name": "Basemap", "type": "default" }, "controls": { "mouseWheelZoom": true, "showAttribution": true, "showDebug": false, "showMeasure": false, "showScale": false, "showZoom": true }, "layers": [ { "config": { "showLegend": true, "style": { "color": { "fixed": "dark-green" }, "opacity": 0.4, "rotation": { "fixed": 0, "max": 360, "min": -360, "mode": "mod" }, "size": { "field": "Sum", "fixed": 5, "max": 35, "min": 3 }, "symbol": { "fixed": "img/icons/marker/circle.svg", "mode": "fixed" }, "symbolAlign": { "horizontal": "center", "vertical": "center" }, "textConfig": { "fontSize": 12, "offsetX": 0, "offsetY": 0, "textAlign": "center", "textBaseline": "middle" } } }, "filterData": { "id": "byRefId", "options": "A" }, "location": { "lookup": "source_country.keyword", "mode": "lookup" }, "name": "Message Count", "tooltip": true, "type": "markers" }, { "config": { "nightColor": "#000000", "show": "to", "sun": false }, "name": "Night / Day", "opacity": 0.4, "tooltip": true, "type": "dayNight" } ], "tooltip": { "mode": "details" }, "view": { "allLayers": true, "id": "zero", "lat": 0, "lon": 0, "shared": false, "zoom": 1 } }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:710", "fake": true, "field": "source_country.keyword", "id": "7", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:708", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Map of Message Source Countries", "transformations": [ { "disabled": true, "id": "reduce", "options": { "labelsToFields": false, "reducers": [ "sum" ] } } ], "type": "geomap" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Country" }, "properties": [ { "id": "custom.width", "value": 96 } ] }, { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } } ] } ] }, "gridPos": { "h": 10, "w": 8, "x": 16, "y": 51 }, "id": 39, "interval": "$interval", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:524", "fake": true, "field": "source_country.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "none", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:522", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Message Source Countries", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "Sum": "Messages", "source_country.keyword": "Country" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [ { "options": { "arc=fail": { "index": 1, "text": "Fail" }, "arc=pass": { "index": 0, "text": "Pass" }, "fail": { "index": 4, "text": "Fail" }, "false": { "index": 5, "text": "False" }, "pass": { "index": 6, "text": "Pass" }, "true": { "index": 3, "text": "True" } }, "type": "value" }, { "options": { "match": "null", "result": { "index": 2, "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } }, { "id": "custom.align", "value": "left" }, { "id": "custom.width", "value": 400 } ] }, { "matcher": { "id": "byName", "options": "Source IP" }, "properties": [ { "id": "custom.width", "value": 200 } ] }, { "matcher": { "id": "byName", "options": "Country" }, "properties": [ { "id": "custom.width", "value": 86 } ] }, { "matcher": { "id": "byName", "options": "Disposition" }, "properties": [ { "id": "custom.width", "value": 114 } ] }, { "matcher": { "id": "byName", "options": "Simple SPF" }, "properties": [ { "id": "custom.width", "value": 127 } ] }, { "matcher": { "id": "byName", "options": "Simple DKIM" }, "properties": [ { "id": "custom.width", "value": 122 } ] }, { "matcher": { "id": "byName", "options": "SPF Alignment" }, "properties": [ { "id": "custom.width", "value": 134 } ] }, { "matcher": { "id": "byName", "options": "Sender PTR Domain" }, "properties": [ { "id": "custom.width", "value": 180 } ] }, { "matcher": { "id": "byName", "options": "ARC Result" }, "properties": [ { "id": "custom.width", "value": 112 } ] }, { "matcher": { "id": "byName", "options": "Header From Domain" }, "properties": [ { "id": "custom.width", "value": 126 } ] }, { "matcher": { "id": "byName", "options": "DMARC Pass" }, "properties": [ { "id": "unit", "value": "bool" }, { "id": "custom.align", "value": "left" }, { "id": "custom.width", "value": 129 } ] }, { "matcher": { "id": "byName", "options": "DKIM Alignment" }, "properties": [ { "id": "custom.width", "value": 145 } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 61 }, "id": 41, "interval": "$interval", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": [ "Sum" ], "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:457", "fake": true, "field": "source_base_domain.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:458", "fake": true, "field": "source_reverse_dns.keyword", "id": "7", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:459", "fake": true, "field": "source_ip_address.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:460", "fake": true, "field": "source_country.keyword", "id": "9", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:384", "fake": true, "field": "disposition.keyword", "id": "12", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:391", "fake": true, "field": "spf_aligned", "id": "13", "settings": { "min_doc_count": "1", "missing": "false", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:398", "fake": true, "field": "dkim_aligned", "id": "14", "settings": { "min_doc_count": "1", "missing": "false", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:405", "fake": true, "field": "org_name.keyword", "id": "15", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:412", "fake": true, "field": "spf_results.result.keyword", "id": "16", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:622", "fake": true, "field": "header_from.keyword", "id": "17", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:461", "fake": true, "field": "dkim_results.result.keyword", "id": "10", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "field": "policy_overrides.comment.keyword", "id": "18", "settings": { "min_doc_count": "1", "missing": "N/A", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "passed_dmarc", "id": "19", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:455", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_range" } ], "title": "Overview", "transformations": [ { "id": "organize", "options": { "excludeByName": { "passed_dmarc": false }, "indexByName": { "Sum": 13, "disposition.keyword": 5, "dkim_aligned": 9, "dkim_results.result.keyword": 11, "header_from.keyword": 12, "org_name.keyword": 4, "passed_dmarc": 7, "policy_overrides.comment.keyword": 6, "source_base_domain.keyword": 0, "source_country.keyword": 3, "source_ip_address.keyword": 2, "source_reverse_dns.keyword": 1, "spf_aligned": 8, "spf_results.result.keyword": 10 }, "renameByName": { "Sum": "Messages", "disposition.keyword": "Disposition", "dkim_aligned": "DKIM Alignment", "dkim_results.result.keyword": "Simple DKIM", "header_from.keyword": "Header From Domain", "org_name.keyword": "Reporter", "passed_dmarc": "DMARC Pass", "policy_overrides.comment.keyword": "ARC Result", "source_base_domain.keyword": "Sender PTR Domain", "source_country.keyword": "Country", "source_ip_address.keyword": "Source IP", "source_reverse_dns.keyword": "PTR", "spf_aligned": "SPF Alignment", "spf_results.result.keyword": "Simple SPF" } } } ], "type": "table" }, { "datasource": { "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [ { "options": { "r": { "text": "relaxed" }, "s": { "text": "strict" } }, "type": "value" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } }, { "id": "custom.align", "value": "left" } ] }, { "matcher": { "id": "byName", "options": "Percentage" }, "properties": [ { "id": "unit", "value": "percent" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "dark-yellow", "value": null }, { "color": "dark-green", "value": 100 } ] } }, { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "color-background" } }, { "id": "custom.width", "value": 90 } ] }, { "matcher": { "id": "byName", "options": "Subdomain Policy" }, "properties": [ { "id": "custom.width", "value": 169 } ] }, { "matcher": { "id": "byName", "options": "Policy" }, "properties": [ { "id": "custom.width", "value": 113 } ] }, { "matcher": { "id": "byName", "options": "Forensic Policy" }, "properties": [ { "id": "custom.width", "value": 138 } ] }, { "matcher": { "id": "byName", "options": "SPF Policy" }, "properties": [ { "id": "custom.width", "value": 132 } ] }, { "matcher": { "id": "byName", "options": "DKIM Policy" }, "properties": [ { "id": "custom.width", "value": 136 } ] }, { "matcher": { "id": "byName", "options": "Header From Domain" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"published_policy.domain.keyword\"]} DMARC record", "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"published_policy.domain.keyword\"]}&run=toolpage" } ] }, { "id": "custom.width", "value": 604 } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 70 }, "id": 43, "interval": "86399", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": [ "Sum" ], "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:457", "fake": true, "field": "published_policy.adkim.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:458", "fake": true, "field": "published_policy.aspf.keyword", "id": "7", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:459", "fake": true, "field": "published_policy.domain.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:460", "fake": true, "field": "published_policy.fo.keyword", "id": "9", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:384", "fake": true, "field": "published_policy.p.keyword", "id": "12", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:391", "fake": true, "field": "published_policy.pct", "id": "13", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:398", "fake": true, "field": "published_policy.sp.keyword", "id": "14", "settings": { "min_doc_count": "1", "missing": "false", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:455", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Published Policies (as reported)", "transformations": [ { "id": "organize", "options": { "excludeByName": { "date_begin": false }, "indexByName": { "Sum": 7, "published_policy.adkim.keyword": 1, "published_policy.aspf.keyword": 2, "published_policy.domain.keyword": 0, "published_policy.fo.keyword": 3, "published_policy.p.keyword": 4, "published_policy.pct": 5, "published_policy.sp.keyword": 6 }, "renameByName": { "Sum": "Messages", "date_begin": "Date", "disposition.keyword": "Applied Policy", "dkim_aligned": "DKIM", "dkim_results.domain.keyword": "DKIM Domain", "dkim_results.result.keyword": "DKIM Auth Result", "dkim_results.selector.keyword": "DKIM Selector", "envelope_from.keyword": "Envelope From", "header_from.keyword": "Header From", "org_name.keyword": "Reporter", "published_policy.adkim.keyword": "DKIM Policy", "published_policy.aspf.keyword": "SPF Policy", "published_policy.domain.keyword": "Header From Domain", "published_policy.fo.keyword": "Forensic Policy", "published_policy.p.keyword": "Policy", "published_policy.pct": "Percentage", "published_policy.sp.keyword": "Subdomain Policy", "source_base_domain.keyword": "Reverse DNS Base", "source_country.keyword": "Country", "source_ip_address.keyword": "Source IP", "source_reverse_dns.keyword": "PTR", "spf_aligned": "SPF", "spf_results.result.keyword": "SPF Auth Result" } } } ], "type": "table" }, { "datasource": { "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Sender IP" }, "properties": [ { "id": "custom.width", "value": 216 } ] }, { "matcher": { "id": "byName", "options": "Country" }, "properties": [ { "id": "custom.width", "value": 103 } ] }, { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.width", "value": 400 }, { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } }, { "id": "custom.align", "value": "left" } ] }, { "matcher": { "id": "byName", "options": "Sender PTR Domain" }, "properties": [ { "id": "custom.width", "value": 300 }, { "id": "links", "value": [ { "targetBlank": true, "title": "Visit Domain", "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" } ] } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 79 }, "id": 14, "interval": "", "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": [ "Sum" ], "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:921", "fake": true, "field": "source_ip_address.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "1000" }, "type": "terms" }, { "$$hashKey": "object:922", "fake": true, "field": "source_reverse_dns.keyword", "id": "7", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "1000" }, "type": "terms" }, { "$$hashKey": "object:923", "fake": true, "field": "source_base_domain.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "1000" }, "type": "terms" }, { "$$hashKey": "object:924", "fake": true, "field": "source_country.keyword", "id": "9", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "1000" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:919", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_begin" } ], "title": "Top 1000 Message Source IP Addresses", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "Sum": "Messages", "source_base_domain.keyword": "Sender PTR Domain", "source_country.keyword": "Country", "source_ip_address.keyword": "Sender IP", "source_reverse_dns.keyword": "Sender PTR" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [ { "options": { "arc=fail": { "index": 1, "text": "Fail" }, "arc=pass": { "index": 0, "text": "Pass" }, "fail": { "index": 4, "text": "Fail" }, "false": { "index": 6, "text": "False" }, "pass": { "index": 3, "text": "Pass" }, "true": { "index": 5, "text": "True" } }, "type": "value" }, { "options": { "match": "null", "result": { "index": 2, "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } }, { "id": "custom.align", "value": "left" }, { "id": "custom.width", "value": 400 } ] }, { "matcher": { "id": "byName", "options": "Sender PTR Domain" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Visit Domain", "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" } ] } ] }, { "matcher": { "id": "byName", "options": "Envelope From" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"envelope_from.keyword\"]} SPF record", "url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"envelope_from.keyword\"]}" } ] } ] }, { "matcher": { "id": "byName", "options": "ARC Result" }, "properties": [ { "id": "custom.width", "value": 112 } ] }, { "matcher": { "id": "byName", "options": "SPF Alignment" }, "properties": [ { "id": "custom.width", "value": 131 } ] }, { "matcher": { "id": "byName", "options": "Simple SPF" }, "properties": [ { "id": "custom.width", "value": 110 } ] }, { "matcher": { "id": "byName", "options": "Source IP" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"source_ip_address.keyword\"]} SPF record result", "url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"envelope_from.keyword\"]}?ip=${__data.fields[\"source_ip_address.keyword\"]}" } ] }, { "id": "custom.width", "value": 137 } ] }, { "matcher": { "id": "byName", "options": "DMARC Pass" }, "properties": [ { "id": "custom.width", "value": 120 }, { "id": "unit", "value": "bool" }, { "id": "custom.align", "value": "left" } ] }, { "matcher": { "id": "byName", "options": "SPF Alignment" }, "properties": [ { "id": "custom.width", "value": 130 } ] }, { "matcher": { "id": "byName", "options": "Header From" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record", "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage" } ] } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 88 }, "id": 16, "options": { "cellHeight": "sm", "footer": { "countRows": false, "enablePagination": false, "fields": [ "Sum" ], "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:457", "fake": true, "field": "header_from.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:458", "fake": true, "field": "envelope_from.keyword", "id": "7", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:459", "fake": true, "field": "spf_results.result.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:460", "fake": true, "field": "spf_aligned", "id": "9", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:461", "fake": true, "field": "source_base_domain.keyword", "id": "10", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "field": "policy_overrides.comment.keyword", "id": "11", "settings": { "min_doc_count": "1", "missing": "N/A", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "source_ip_address.keyword", "id": "12", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "passed_dmarc", "id": "13", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:455", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_range" } ], "title": "SPF Alignment Details", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": { "Sum": 8, "envelope_from.keyword": 1, "header_from.keyword": 0, "passed_dmarc": 4, "policy_overrides.comment.keyword": 3, "source_base_domain.keyword": 7, "source_ip_address.keyword": 2, "spf_aligned": 5, "spf_results.result.keyword": 6 }, "renameByName": { "Sum": "Messages", "envelope_from.keyword": "Envelope From", "header_from.keyword": "Header From", "passed_dmarc": "DMARC Pass", "policy_overrides.comment.keyword": "ARC Result", "source_base_domain.keyword": "Sender PTR Domain", "source_ip_address.keyword": "Source IP", "spf_aligned": "SPF Alignment", "spf_results.result.keyword": "Simple SPF" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourceag" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [ { "options": { "arc=fail": { "index": 1, "text": "Fail" }, "arc=pass": { "index": 0, "text": "Pass" }, "fail": { "index": 4, "text": "Fail" }, "false": { "index": 6, "text": "False" }, "pass": { "index": 3, "text": "Pass" }, "true": { "index": 5, "text": "True" } }, "type": "value" }, { "options": { "match": "null", "result": { "index": 2, "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "dark-purple", "value": 101 } ] } }, { "id": "custom.align", "value": "left" }, { "id": "custom.width", "value": 400 }, { "id": "unit", "value": "none" }, { "id": "max" } ] }, { "matcher": { "id": "byName", "options": "Sender PTR Domain" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Visit Domain", "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" } ] } ] }, { "matcher": { "id": "byName", "options": "DKIM Selector" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Open dmarcian.com DKIM Record Checker", "url": "https://dmarcian.com/dkim-inspector/?domain=${__data.fields[\"dkim_results.domain.keyword\"]}&selector=${__data.fields[\"dkim_results.selector.keyword\"]}" } ] }, { "id": "custom.align", "value": "left" }, { "id": "unit", "value": "string" } ] }, { "matcher": { "id": "byName", "options": "DMARC Pass" }, "properties": [ { "id": "custom.width", "value": 126 }, { "id": "custom.align", "value": "left" }, { "id": "unit", "value": "bool" } ] }, { "matcher": { "id": "byName", "options": "Header From" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record", "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage" } ] } ] }, { "matcher": { "id": "byName", "options": "ARC Result" }, "properties": [ { "id": "custom.width", "value": 116 } ] }, { "matcher": { "id": "byName", "options": "Simple DKIM" }, "properties": [ { "id": "custom.width", "value": 119 } ] }, { "matcher": { "id": "byName", "options": "DKIM Alignment" }, "properties": [ { "id": "custom.width", "value": 144 } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 97 }, "id": 40, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": [ "Sum" ], "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:457", "fake": true, "field": "header_from.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:458", "fake": true, "field": "dkim_results.selector.keyword", "id": "7", "settings": { "min_doc_count": "1", "missing": "-", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:459", "fake": true, "field": "dkim_results.domain.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:460", "fake": true, "field": "dkim_results.result.keyword", "id": "9", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:798", "fake": true, "field": "dkim_aligned", "id": "11", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:461", "fake": true, "field": "source_base_domain.keyword", "id": "10", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "4", "size": "0" }, "type": "terms" }, { "field": "passed_dmarc", "id": "12", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "policy_overrides.comment.keyword", "id": "13", "settings": { "min_doc_count": "1", "missing": "N/A", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourceag" }, "hide": false, "metrics": [ { "$$hashKey": "object:455", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "sum" } ], "query": "header_from.keyword:$fromdomain", "refId": "A", "timeField": "date_range" } ], "title": "DKIM Alignment Details", "transformations": [ { "id": "organize", "options": { "excludeByName": { "dkim_results.selector.keyword": false }, "indexByName": { "Sum": 8, "dkim_aligned": 5, "dkim_results.domain.keyword": 2, "dkim_results.result.keyword": 6, "dkim_results.selector.keyword": 1, "header_from.keyword": 0, "passed_dmarc": 4, "policy_overrides.comment.keyword": 3, "source_base_domain.keyword": 7 }, "renameByName": { "Sum": "Messages", "dkim_aligned": "DKIM Alignment", "dkim_results.domain.keyword": "DKIM Domain", "dkim_results.result.keyword": "Simple DKIM", "dkim_results.selector.keyword": "DKIM Selector", "envelope_from.keyword": "Envelope From", "header_from.keyword": "Header From", "passed_dmarc": "DMARC Pass", "policy_overrides.comment.keyword": "ARC Result", "source_base_domain.keyword": "Sender PTR Domain", "spf_aligned": "SPF Aligned", "spf_results.result.keyword": "SPF Result" } } } ], "type": "table" }, { "collapsed": false, "datasource": { "type": "elasticsearch", "uid": "fe02a4f7-cf1f-4b97-8d78-774cff09356c" }, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 106 }, "id": 32, "panels": [], "targets": [ { "datasource": { "type": "elasticsearch", "uid": "fe02a4f7-cf1f-4b97-8d78-774cff09356c" }, "refId": "A" } ], "title": "DMARC Forensic", "type": "row" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourcefo" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Arrival_Date" }, "properties": [ { "id": "unit", "value": "dateTimeAsIso" }, { "id": "custom.width", "value": 175 } ] }, { "matcher": { "id": "byName", "options": "AuthFailure" }, "properties": [ { "id": "custom.width", "value": 84 } ] }, { "matcher": { "id": "byName", "options": "DeliveryResult" }, "properties": [ { "id": "custom.width", "value": 104 } ] }, { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.width", "value": 71 } ] }, { "matcher": { "id": "byName", "options": "ReplyTo" }, "properties": [ { "id": "custom.width", "value": 122 } ] }, { "matcher": { "id": "byName", "options": "Sender IP" }, "properties": [ { "id": "custom.width", "value": 140 }, { "id": "links", "value": [ { "targetBlank": true, "title": "Check ${__data.fields[\"source_ip_address.keyword\"]} SPF record result", "url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"domain.keyword\"]}?ip=${__data.fields[\"source_ip_address.keyword\"]}" } ] } ] } ] }, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 107 }, "id": 20, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "10.1.6", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:340", "fake": true, "field": "arrival_date", "id": "6", "settings": { "interval": "auto", "min_doc_count": 1, "trimEdges": 0 }, "type": "date_histogram" }, { "$$hashKey": "object:341", "fake": true, "field": "sample.headers.from.keyword", "id": "7", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:342", "fake": true, "field": "sample.headers.to.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:343", "fake": true, "field": "sample.headers.reply-to.keyword", "id": "10", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:344", "fake": true, "field": "auth_failure.keyword", "id": "11", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:345", "fake": true, "field": "sample.subject.keyword", "id": "12", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:346", "fake": true, "field": "delivery_results.keyword", "id": "14", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:347", "fake": true, "field": "authentication_results.keyword", "id": "15", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "$$hashKey": "object:348", "fake": true, "field": "sample.headers.received.keyword", "id": "13", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "field": "sample.date", "id": "16", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "source_ip_address.keyword", "id": "17", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "source_reverse_dns.keyword", "id": "18", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "domain.keyword", "id": "19", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourcefo" }, "hide": false, "metrics": [ { "$$hashKey": "object:338", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "count" } ], "query": "domain.keyword:$fromdomain", "refId": "A", "timeField": "arrival_date" } ], "title": "Forensic Samples", "transformations": [ { "id": "organize", "options": { "excludeByName": { "arrival_date": true, "domain.keyword": false, "sample.headers.received.keyword": true }, "indexByName": { "Count": 13, "arrival_date": 2, "auth_failure.keyword": 7, "authentication_results.keyword": 9, "delivery_results.keyword": 8, "domain.keyword": 0, "sample.date": 1, "sample.headers.from.keyword": 3, "sample.headers.received.keyword": 10, "sample.headers.reply-to.keyword": 5, "sample.headers.to.keyword": 4, "sample.subject.keyword": 6, "source_ip_address.keyword": 11, "source_reverse_dns.keyword": 12 }, "renameByName": { "Count": "Message Count", "arrival_date": "", "auth_failure.keyword": "AuthFailure", "authentication_results.keyword": "Auth Results", "delivery_results.keyword": "DeliveryResult", "domain.keyword": "Header From Domain", "sample.date": "Arrival_Date", "sample.headers.from.keyword": "Envelope From", "sample.headers.received.keyword": "Mail Hop 1", "sample.headers.reply-to.keyword": "ReplyTo", "sample.headers.to.keyword": "Envelope To", "sample.subject.keyword": "Subject", "source_ip_address.keyword": "Sender IP", "source_reverse_dns.keyword": "Sender PTR" } } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "$datasourcefo" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "dark-green" } ] }, "unit": "none" }, "overrides": [ { "matcher": { "id": "byName", "options": "Field" }, "properties": [ { "id": "displayName", "value": "Country" } ] } ] }, "gridPos": { "h": 11, "w": 8, "x": 0, "y": 116 }, "id": 22, "maxDataPoints": 1, "options": { "basemap": { "name": "Basemap", "type": "default" }, "controls": { "mouseWheelZoom": true, "showAttribution": true, "showDebug": false, "showMeasure": false, "showScale": false, "showZoom": true }, "layers": [ { "config": { "showLegend": true, "style": { "color": { "field": "Total", "fixed": "dark-green" }, "opacity": 0.4, "rotation": { "fixed": 0, "max": 360, "min": -360, "mode": "mod" }, "size": { "field": "Total", "fixed": 5, "max": 30, "min": 2 }, "symbol": { "fixed": "img/icons/marker/circle.svg", "mode": "fixed" }, "textConfig": { "fontSize": 12, "offsetX": 0, "offsetY": 0, "textAlign": "center", "textBaseline": "middle" } } }, "filterData": { "id": "byRefId", "options": "A" }, "location": { "gazetteer": "public/gazetteer/countries.json", "lookup": "Field", "mode": "lookup" }, "name": "Forensic Count", "tooltip": true, "type": "markers" }, { "config": { "nightColor": "#000000", "show": "to", "sun": false }, "name": "Layer 2", "opacity": 0.4, "tooltip": true, "type": "dayNight" } ], "tooltip": { "mode": "details" }, "view": { "allLayers": true, "id": "zero", "lat": 0, "lon": 0, "zoom": 1 } }, "pluginVersion": "11.1.0-179769", "targets": [ { "bucketAggs": [ { "fake": true, "field": "source_country.keyword", "id": "9", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "10" }, "type": "terms" }, { "field": "arrival_date", "id": "10", "settings": { "interval": "auto", "min_doc_count": "0", "timeZone": "utc", "trimEdges": "0" }, "type": "date_histogram" } ], "datasource": { "uid": "$datasourcefo" }, "hide": false, "metrics": [ { "id": "4", "type": "count" } ], "query": "domain.keyword:$fromdomain", "refId": "A", "timeField": "arrival_date" } ], "title": "Forensic Sample Sources by Country", "transformations": [ { "id": "reduce", "options": { "reducers": [ "sum" ] } } ], "type": "geomap" }, { "datasource": { "uid": "$datasourcefo" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green" }, { "color": "dark-purple", "value": 101 } ] } } ] }, { "matcher": { "id": "byName", "options": "Country" }, "properties": [ { "id": "custom.width", "value": 70 } ] } ] }, "gridPos": { "h": 11, "w": 5, "x": 8, "y": 116 }, "id": 23, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "11.1.0-179769", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:840", "fake": true, "field": "source_country.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "none", "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" } ], "datasource": { "uid": "$datasourcefo" }, "hide": false, "metrics": [ { "$$hashKey": "object:838", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "count" } ], "query": "domain.keyword:$fromdomain", "refId": "A", "timeField": "arrival_date" } ], "title": "DMARC Forensic Sample Source Countries", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "source_country.keyword": "Country" } } } ], "type": "table" }, { "datasource": { "uid": "$datasourcefo" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Country" }, "properties": [ { "id": "custom.width", "value": 70 } ] }, { "matcher": { "id": "byName", "options": "Base Domain" }, "properties": [ { "id": "links", "value": [ { "targetBlank": true, "title": "Visit https://${__data.fields[\"source_base_domain.keyword\"]}", "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" } ] } ] }, { "matcher": { "id": "byName", "options": "Messages" }, "properties": [ { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "gauge" } }, { "id": "thresholds", "value": { "mode": "percentage", "steps": [ { "color": "green" }, { "color": "dark-purple", "value": 101 } ] } } ] } ] }, "gridPos": { "h": 11, "w": 11, "x": 13, "y": 116 }, "id": 24, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Messages" } ] }, "pluginVersion": "11.1.0-179769", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:653", "fake": true, "field": "source_ip_address.keyword", "id": "6", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "1000" }, "type": "terms" }, { "$$hashKey": "object:654", "fake": true, "field": "source_reverse_dns.keyword", "id": "7", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "1000" }, "type": "terms" }, { "$$hashKey": "object:655", "fake": true, "field": "source_base_domain.keyword", "id": "8", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "1000" }, "type": "terms" }, { "$$hashKey": "object:656", "fake": true, "field": "source_country.keyword", "id": "9", "settings": { "min_doc_count": 1, "missing": "-", "order": "desc", "orderBy": "_count", "size": "1000" }, "type": "terms" } ], "datasource": { "uid": "$datasourcefo" }, "hide": false, "metrics": [ { "$$hashKey": "object:651", "field": "message_count", "id": "4", "meta": {}, "settings": {}, "type": "count" } ], "query": "domain.keyword:$fromdomain", "refId": "A", "timeField": "arrival_date" } ], "title": "Top 1000 Forensic Sample Source IP Addresses", "transformations": [ { "id": "organize", "options": { "excludeByName": {}, "indexByName": {}, "renameByName": { "Count": "Messages", "source_base_domain.keyword": "Base Domain", "source_country.keyword": "Country", "source_ip_address.keyword": "IP Address", "source_reverse_dns.keyword": "Reverse DNS" } } } ], "type": "table" } ], "refresh": "", "schemaVersion": 38, "style": "dark", "tags": [], "templating": { "list": [ { "current": { "selected": false, "text": "dmarc-ag", "value": "f79d0082-7d3f-4e44-9f8a-ec546b954d22" }, "hide": 2, "includeAll": false, "label": "Datasource: Aggregate", "multi": false, "name": "datasourceag", "options": [], "query": "elasticsearch", "refresh": 1, "regex": "/.*dmarc-ag/", "skipUrlSync": false, "type": "datasource" }, { "current": { "selected": false, "text": "dmarc-fo", "value": "deae39d9-c143-40ed-8470-c5560059ad22" }, "hide": 2, "includeAll": false, "label": "Datasource: Forensic", "multi": false, "name": "datasourcefo", "options": [], "query": "elasticsearch", "refresh": 1, "regex": "/.*dmarc-fo/", "skipUrlSync": false, "type": "datasource" }, { "current": { "selected": true, "text": [ "All" ], "value": [ "$__all" ] }, "datasource": { "uid": "$datasourceag" }, "definition": "{\"find\":\"terms\",\"field\":\"header_from.keyword\"}", "hide": 0, "includeAll": true, "label": "From Domain", "multi": true, "name": "fromdomain", "options": [], "query": "{\"find\":\"terms\",\"field\":\"header_from.keyword\"}", "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 5, "tagValuesQuery": "", "tagsQuery": "", "type": "query", "useTags": false }, { "auto": false, "auto_count": 30, "auto_min": "10s", "current": { "selected": false, "text": "1d", "value": "1d" }, "hide": 2, "label": "Interval", "name": "interval", "options": [ { "selected": true, "text": "1d", "value": "1d" } ], "query": "1d", "refresh": 2, "skipUrlSync": false, "type": "interval" }, { "datasource": { "type": "elasticsearch", "uid": "${datasourceag}" }, "filters": [], "hide": 0, "label": "Filter", "name": "Filter", "skipUrlSync": false, "type": "adhoc" } ] }, "time": { "from": "now-30d", "to": "now" }, "timepicker": { "hidden": false, "refresh_intervals": [ "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "utc", "title": "DMARC Reports-2024/11/13", "uid": "SDksirRWz-new", "version": 10, "weekStart": "" }