amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-02-17 07:03:58 +00:00
Code Issues Projects Releases Wiki Activity
Files
32cfede9ac689f157b54e1a1027af4afa13ae9a6
parsedmarc/grafana/Grafana-DMARC_Reports.json
Sean Whalen 32cfede9ac 6.3.7 
Work around some unexpected IMAP responses reported in issue #75
2019-05-02 22:08:16 -04:00

3305 lines
86 KiB
JSON
Raw Blame History

{
"__inputs": [
{
"name": "DS_ELASTICSEARCH-DMARC-AG",
"label": "Elasticsearch-dmarc-ag",
"description": "",
"type": "datasource",
"pluginId": "elasticsearch",
"pluginName": "Elasticsearch"
},
{
"name": "DS_ELASTICSEARCH-DMARC-FO",
"label": "Elasticsearch-dmarc-fo",
"description": "",
"type": "datasource",
"pluginId": "elasticsearch",
"pluginName": "Elasticsearch"
}
],
"__requires": [
{
"type": "datasource",
"id": "elasticsearch",
"name": "Elasticsearch",
"version": "1.0.0"
},
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "6.1.4"
},
{
"type": "panel",
"id": "grafana-piechart-panel",
"name": "Pie Chart",
"version": "1.3.6"
},
{
"type": "panel",
"id": "grafana-worldmap-panel",
"name": "Worldmap Panel",
"version": "0.2.0"
},
{
"type": "panel",
"id": "graph",
"name": "Graph",
"version": ""
},
{
"type": "panel",
"id": "table",
"name": "Table",
"version": ""
},
{
"type": "panel",
"id": "text",
"name": "Text",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": null,
"iteration": 1556527571208,
"links": [],
"panels": [
{
"collapsed": true,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 0
},
"id": 28,
"panels": [
{
"content": "# DMARC Summary\r\nAs the name suggests, this dashboard is the best place to start reviewing your aggregate DMARC data.\r\n\r\nAcross the top of the dashboard, three pie charts display the percentage of alignment pass/fail for SPF, DKIM, and DMARC. Clicking on any chart segment will filter for that value.\r\n\r\n***Note***\r\nMessages should not be considered malicious just because they failed to pass DMARC; especially if you have just started collecting data. It may be a legitimate service that needs SPF and DKIM configured correctly.\r\n\r\nStart by filtering the results to only show failed DKIM alignment. While DMARC passes if a message passes SPF or DKIM alignment, only DKIM alignment remains valid when a message is forwarded without changing the from address, which is often caused by a mailbox forwarding rule. This is because DKIM signatures are part of the message headers, whereas SPF relies on SMTP session headers.\r\n\r\nUnderneath the pie charts. you can see graphs of DMARC passage and message disposition over time.\r\n\r\nUnder the graphs you will find the most useful data tables on the dashboard. On the left, there is a list of organizations that are sending you DMARC reports. In the center, there is a list of sending servers grouped by the base domain in their reverse DNS. On the right, there is a list of email from domains, sorted by message volume.\r\n\r\nBy hovering your mouse over a data table value and using the magnifying glass icons, you can filter on our filter out different values. Start by looking at the Message Sources by Reverse DNS table. Find a sender that you recognize, such as an email marketing service, hover over it, and click on the plus (+) magnifying glass icon, to add a filter that only shows results for that sender. Now, look at the Message From Header table to the right. That shows you the domains that a sender is sending as, which might tell you which brand/business is using a particular service. With that information, you can contact them and have them set up DKIM.\r\n\r\n***Note***\r\nIf you have a lot of B2C customers, you may see a high volume of emails as your domains coming from consumer email services, such as Google/Gmail and Yahoo! This occurs when customers have mailbox rules in place that forward emails from an old account to a new account, which is why DKIM authentication is so important, as mentioned earlier. Similar patterns may be observed with businesses who send from reverse DNS addressees of parent, subsidiary, and outdated brands.\r\n\r\nFurther down the dashboard, you can filter by source country or source IP address.\r\n\r\nTables showing SPF and DKIM alignment details are located under the IP address table.\r\n\r\n***Note***\r\nPreviously, the alignment tables were included in a separate dashboard called DMARC Alignment Failures. That dashboard has been consolidated into the DMARC Summary dashboard. To view failures only, use the pie chart.\r\n\r\nAny other filters work the same way. You can also add your own custom temporary filters by clicking on Add Filter at the upper right of the page.\r\n\r\n# DMARC Forensic Samples\r\nThe DMARC Forensic Samples dashboard contains information on DMARC forensic reports (also known as failure reports or ruf reports). These reports contain samples of emails that have failed to pass DMARC.\r\n\r\n***Note***\r\nMost recipients do not send forensic/failure/ruf reports at all to avoid privacy leaks. Some recipients (notably Chinese webmail services) will only supply the headers of sample emails. Very few provide the entire email.\r\n\r\n# DMARC Alignment Guide\r\nDMARC ensures that SPF and DKM authentication mechanisms actually authenticate against the same domain that the end user sees.\r\n\r\nA message passes a DMARC check by passing DKIM or SPF, **as long as the related indicators are also in alignment.**\r\n\r\n| \t| DKIM \t| SPF \t|\r\n|-----------\t|--------------------------------------------------------------------------------------------------------------------------------------------------\t|----------------------------------------------------------------------------------------------------------------\t|\r\n| **Passing** \t| The signature in the DKIM header is validated using a public key that is published as a DNS record of the domain name specified in the signature \t| The mail server's IP address is listed in the SPF record of the domain in the SMTP envelope's mail from header \t|\r\n| **Alignment** \t| The signing domain aligns with the domain in the message's from header \t| The domain in the SMTP envelope's mail from header aligns with the domain in the message's from header \t|",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 1
},
"id": 26,
"links": [],
"mode": "markdown",
"timeFrom": null,
"timeShift": null,
"title": "",
"transparent": true,
"type": "text"
}
],
"title": "Guide",
"type": "row"
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 1
},
"id": 30,
"panels": [],
"title": "DMARC Summary",
"type": "row"
},
{
"aliasColors": {
"true": "#37872D"
},
"breakPoint": "50%",
"cacheTimeout": null,
"combine": {
"label": "Others",
"threshold": 0
},
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"format": "none",
"gridPos": {
"h": 9,
"w": 8,
"x": 0,
"y": 2
},
"id": 6,
"interval": null,
"legend": {
"percentage": true,
"show": true,
"values": true
},
"legendType": "On graph",
"links": [],
"maxDataPoints": 3,
"nullPointMode": "connected",
"pieType": "donut",
"strokeWidth": 1,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "spf_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "SPF Alignment",
"type": "grafana-piechart-panel",
"valueName": "total"
},
{
"aliasColors": {
"true": "#37872D"
},
"breakPoint": "50%",
"cacheTimeout": null,
"combine": {
"label": "Others",
"threshold": 0
},
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"format": "none",
"gridPos": {
"h": 9,
"w": 8,
"x": 8,
"y": 2
},
"id": 2,
"interval": null,
"legend": {
"percentage": true,
"show": true,
"values": true
},
"legendType": "On graph",
"links": [],
"maxDataPoints": 3,
"nullPointMode": "connected",
"pieType": "donut",
"strokeWidth": 1,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "dkim_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "DKIM Alignment",
"type": "grafana-piechart-panel",
"valueName": "total"
},
{
"aliasColors": {
"false": "#E02F44",
"true": "#37872D"
},
"breakPoint": "50%",
"cacheTimeout": null,
"combine": {
"label": "Others",
"threshold": 0
},
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"description": "",
"fontSize": "100%",
"format": "none",
"gridPos": {
"h": 9,
"w": 8,
"x": 16,
"y": 2
},
"id": 5,
"interval": null,
"legend": {
"header": "",
"percentage": true,
"show": true,
"values": true
},
"legendType": "On graph",
"links": [],
"maxDataPoints": 3,
"nullPointMode": "connected",
"pieType": "donut",
"strokeWidth": 1,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "passed_dmarc",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
},
{
"bucketAggs": [
{
"fake": true,
"field": "dkim_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": true,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "B",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "DMARC Passage",
"type": "grafana-piechart-panel",
"valueName": "total"
},
{
"aliasColors": {
"false": "dark-yellow"
},
"bars": false,
"cacheTimeout": null,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"decimals": null,
"fill": 1,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 11
},
"id": 18,
"legend": {
"alignAsTable": true,
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "true",
"fill": 2,
"linewidth": 2
},
{
"alias": "false",
"fill": 2,
"linewidth": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "spf_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "86399s",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {
"missing": null
},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "SPF Passage Over Time",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {
"false": "dark-yellow"
},
"bars": false,
"cacheTimeout": null,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"decimals": null,
"fill": 1,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 11
},
"id": 19,
"legend": {
"alignAsTable": true,
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "true",
"fill": 2,
"linewidth": 2
},
{
"alias": "false",
"fill": 2,
"linewidth": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "dkim_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "86399s",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {
"missing": null
},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "DKIM Passage Over Time",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {
"false": "semi-dark-red",
"true": "dark-green"
},
"bars": false,
"cacheTimeout": null,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"decimals": null,
"fill": 1,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 20
},
"id": 7,
"legend": {
"alignAsTable": true,
"avg": false,
"current": false,
"hideEmpty": false,
"hideZero": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "true",
"fill": 2,
"linewidth": 2
},
{
"alias": "false",
"fill": 2,
"linewidth": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "passed_dmarc",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "86399s",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {
"missing": null
},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "DMARC Passage Over Time",
"tooltip": {
"shared": true,
"sort": 2,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "none",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"aliasColors": {
"none": "semi-dark-orange"
},
"bars": false,
"cacheTimeout": null,
"dashLength": 10,
"dashes": false,
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fill": 1,
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 20
},
"id": 8,
"legend": {
"alignAsTable": true,
"avg": false,
"current": false,
"max": false,
"min": false,
"rightSide": true,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [
{
"alias": "/.*/",
"fill": 2,
"linewidth": 2
}
],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "disposition.keyword",
"id": "3",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_range",
"id": "2",
"settings": {
"interval": "86399s",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
"title": "Message Disposition Over Time",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 10,
"w": 8,
"x": 0,
"y": 29
},
"id": 9,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 1,
"desc": true
},
"styles": [
{
"alias": "Reporting Organisation",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkTooltip": "Org Extra Contact Info URL (If available)",
"linkUrl": "${__cell_2:raw}",
"mappingType": 1,
"pattern": "org_name.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Org Extra Contact Info",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "org_extra_contact_info.keyword",
"thresholds": [],
"type": "hidden",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "org_name.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
},
{
"bucketAggs": [
{
"fake": true,
"field": "org_extra_contact_info.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "B",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Reporting Organisations",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 10,
"w": 8,
"x": 8,
"y": 29
},
"id": 10,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 1,
"desc": true
},
"styles": [
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_base_domain.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "4",
"size": "2000"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Top 2000 Message Sources by Reverse DNS",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 10,
"w": 8,
"x": 16,
"y": 29
},
"id": 11,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 1,
"desc": true
},
"styles": [
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Header From",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "header_from.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "header_from.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Message Volume by Header From",
"transform": "table",
"type": "table"
},
{
"circleMaxSize": 30,
"circleMinSize": 2,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"decimals": 0,
"esMetric": "Count",
"gridPos": {
"h": 10,
"w": 16,
"x": 0,
"y": 39
},
"hideEmpty": false,
"hideZero": false,
"id": 12,
"initialZoom": "1",
"links": [],
"locationData": "countries",
"mapCenter": "(0°, 0°)",
"mapCenterLatitude": 0,
"mapCenterLongitude": 0,
"maxDataPoints": 1,
"mouseWheelZoom": false,
"showLegend": true,
"stickyLabels": false,
"tableQueryOptions": {
"geohashField": "geohash",
"latitudeField": "latitude",
"longitudeField": "longitude",
"metricField": "metric",
"queryType": "geohash"
},
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_country.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "date_range",
"id": "6",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"thresholds": "0,10",
"timeFrom": null,
"timeShift": null,
"title": "Map of Message Source Countries",
"type": "grafana-worldmap-panel",
"unitPlural": "",
"unitSingle": "",
"valueName": "total"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 10,
"w": 8,
"x": 16,
"y": 39
},
"id": 13,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 6,
"desc": true
},
"styles": [
{
"alias": "Country",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_country.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_country.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Message Source Countries",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 49
},
"id": 14,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 4,
"desc": true
},
"styles": [
{
"alias": "IP Address",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_ip_address.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Reverse DNS",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_reverse_dns.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Base Domain",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Country",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_country.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_ip_address.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
},
{
"fake": true,
"field": "source_reverse_dns.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
},
{
"fake": true,
"field": "source_base_domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
},
{
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Top 1000 Message Source IP Addresses",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 58
},
"id": 16,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 5,
"desc": true
},
"styles": [
{
"alias": "Header From",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "header_from.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Envelope From",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "envelope_from.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "SPF Result",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "spf_results.result.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "SPF Aligned",
"colorMode": "cell",
"colors": [
"rgba(245, 54, 54, 0.9)",
"#E02F44",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "spf_aligned",
"thresholds": [
"0",
"1"
],
"type": "number",
"unit": "short",
"valueMaps": []
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "header_from.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "envelope_from.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "spf_results.result.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "spf_aligned",
"id": "9",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "source_base_domain.keyword",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "SPF Alignment Details",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-AG}",
"fontSize": "100%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 67
},
"id": 15,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 6,
"desc": true
},
"styles": [
{
"alias": "Header From",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "header_from.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "DKIM Selector",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "dkim_results.selector.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "DKIM Domain",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "dkim_results.domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "DKIM Result",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "dkim_results.result.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "DKIM Aligned",
"colorMode": "cell",
"colors": [
"rgba(245, 54, 54, 0.9)",
"#E02F44",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "dkim_aligned",
"thresholds": [
"0",
"1"
],
"type": "string",
"unit": "short",
"valueMaps": [
{
"text": "True",
"value": "1"
},
{
"text": "False",
"value": "0"
}
]
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "header_from.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "dkim_results.selector.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "dkim_results.domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "dkim_results.result.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "dkim_aligned",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": null,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "source_base_domain.keyword",
"id": "5",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"refId": "A",
"timeField": "date_range"
}
],
"timeFrom": null,
"timeShift": null,
"title": "DKIM Alignment Details",
"transform": "table",
"type": "table"
},
{
"collapsed": false,
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 76
},
"id": 32,
"panels": [],
"title": "DMARC Forensic",
"type": "row"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-FO}",
"fontSize": "100%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 77
},
"id": 20,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": null,
"desc": false
},
"styles": [
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Arrival Date (UTC)",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "arrival_date",
"thresholds": [],
"type": "date",
"unit": "short"
},
{
"alias": "From",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.from.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "To",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.to.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Reply To",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.reply-to.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Subject",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.subject.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Received",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"mappingType": 1,
"pattern": "sample.headers.received.keyword",
"preserveFormat": false,
"sanitize": true,
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "Auth Failure",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "auth_failure.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.body",
"preserveFormat": true,
"sanitize": false,
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "Delivery Result",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "delivery_results.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Auth Results",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "authentication_results.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "arrival_date",
"id": "6",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
},
{
"fake": true,
"field": "sample.headers.from.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.headers.to.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.headers.reply-to.keyword",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "auth_failure.keyword",
"id": "11",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.subject.keyword",
"id": "12",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "delivery_results.keyword",
"id": "14",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "authentication_results.keyword",
"id": "15",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.headers.received.keyword",
"id": "13",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"query": "",
"refId": "A",
"timeField": "arrival_date"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Forensic Samples",
"transform": "table",
"type": "table"
},
{
"columns": [
{
"text": "arrival_date",
"value": "arrival_date"
},
{
"text": "sample.headers.from",
"value": "sample.headers.from"
},
{
"text": "sample.headers.to",
"value": "sample.headers.to"
},
{
"text": "sample.headers.reply-to",
"value": "sample.headers.reply-to"
},
{
"text": "delivery_results",
"value": "delivery_results"
},
{
"text": "sample.headers.return-path",
"value": "sample.headers.return-path"
},
{
"text": "auth_failure",
"value": "auth_failure"
},
{
"text": "sample.subject",
"value": "sample.subject"
},
{
"text": "sample.headers.received",
"value": "sample.headers.received"
}
],
"datasource": "${DS_ELASTICSEARCH-DMARC-FO}",
"fontSize": "100%",
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 86
},
"id": 21,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": null,
"desc": false
},
"styles": [
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Arrival_Date_(UTC)",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "arrival_date",
"thresholds": [],
"type": "date",
"unit": "short"
},
{
"alias": "From",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.from",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "To",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.to",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Reply To",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.reply-to",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Subject",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.subject",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Received",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": false,
"mappingType": 1,
"pattern": "sample.headers.received",
"preserveFormat": false,
"sanitize": true,
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "Auth_Failure",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "auth_failure",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Body",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.body",
"preserveFormat": true,
"sanitize": false,
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "Delivery_Result",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "delivery_results",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Return-Path",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "sample.headers.return-path",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "arrival_date",
"id": "6",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
},
{
"fake": true,
"field": "sample.headers.from.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.headers.to.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.reply_to.address.keyword",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "auth_failure.keyword",
"id": "11",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.subject.keyword",
"id": "12",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"fake": true,
"field": "sample.headers.received.keyword",
"id": "13",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
}
],
"hide": true,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"query": "",
"refId": "A",
"timeField": "arrival_date"
},
{
"bucketAggs": [],
"metrics": [
{
"field": "select field",
"id": "1",
"meta": {},
"settings": {
"size": 500
},
"type": "raw_document"
}
],
"refId": "B",
"timeField": "arrival_date"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Forensic Samples",
"transform": "json",
"type": "table"
},
{
"circleMaxSize": 30,
"circleMinSize": 2,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"datasource": "${DS_ELASTICSEARCH-DMARC-FO}",
"decimals": 0,
"esMetric": "Count",
"gridPos": {
"h": 11,
"w": 8,
"x": 0,
"y": 95
},
"hideEmpty": true,
"hideZero": true,
"id": 22,
"initialZoom": "1",
"links": [],
"locationData": "countries",
"mapCenter": "(0°, 0°)",
"mapCenterLatitude": 0,
"mapCenterLongitude": 0,
"maxDataPoints": 1,
"mouseWheelZoom": false,
"showLegend": true,
"stickyLabels": false,
"tableQueryOptions": {
"geohashField": "geohash",
"labelField": "",
"latitudeField": "latitude",
"longitudeField": "longitude",
"metricField": "metric",
"queryType": "geohash"
},
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "10"
},
"type": "terms"
},
{
"fake": true,
"field": "arrival_date",
"id": "7",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"refId": "A",
"timeField": "arrival_date"
}
],
"thresholds": "0,10",
"timeFrom": null,
"timeShift": null,
"title": "Forensic Sample Sources by Country",
"type": "grafana-worldmap-panel",
"unitPlural": "",
"unitSingle": "",
"valueName": "total"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-FO}",
"fontSize": "100%",
"gridPos": {
"h": 11,
"w": 5,
"x": 8,
"y": 95
},
"id": 23,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 6,
"desc": true
},
"styles": [
{
"alias": "Country",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_country.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_country.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"refId": "A",
"timeField": "arrival_date"
}
],
"timeFrom": null,
"timeShift": null,
"title": "DMARC Forensic Sample Source Countries",
"transform": "table",
"type": "table"
},
{
"columns": [],
"datasource": "${DS_ELASTICSEARCH-DMARC-FO}",
"fontSize": "100%",
"gridPos": {
"h": 11,
"w": 11,
"x": 13,
"y": 95
},
"id": 24,
"links": [],
"pageSize": 20,
"scroll": true,
"showHeader": true,
"sort": {
"col": 4,
"desc": true
},
"styles": [
{
"alias": "IP Address",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_ip_address.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Reverse DNS",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_reverse_dns.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Base Domain",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"link": true,
"linkTargetBlank": true,
"linkTooltip": "https://${__cell:raw}",
"linkUrl": "https://${__cell:raw}",
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Country",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_country.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
},
{
"alias": "Messages",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": null,
"mappingType": 1,
"pattern": "Sum",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "Reverse DNS Base",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "source_base_domain.keyword",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_ip_address.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
},
{
"fake": true,
"field": "source_reverse_dns.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
},
{
"fake": true,
"field": "source_base_domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
},
{
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
}
],
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"refId": "A",
"timeField": "arrival_date"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Top 1000 Forensic Sample Source IP Addresses",
"transform": "table",
"type": "table"
}
],
"refresh": false,
"schemaVersion": 18,
"style": "dark",
"tags": [
"DKIM",
"Experimental",
"SPF",
"DMARC",
"Email"
],
"templating": {
"list": [
{
"datasource": "Elasticsearch-dmarc-ag",
"filters": [],
"hide": 0,
"label": "",
"name": "Filters",
"skipUrlSync": false,
"type": "adhoc"
}
]
},
"time": {
"from": "now-2d",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "DMARC Reports",
"uid": "SDksirRWz",
"version": 55
}
Reference in New Issue View Git Blame Copy Permalink