amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-02-17 07:03:58 +00:00
Code Issues Projects Releases Wiki Activity
Files
82b48e4d017ab722a475db29865bed55a9ffd0af
parsedmarc/grafana/Grafana-DMARC_Reports.json-new_panel.json
ericericsw 82b48e4d01 Add files via upload (#578) 
update new version dashbroad

panel model change list:
grafana-piechart-panel -> pie chart
Graph(old) -> time series
worldmap panel -> geomap

some table panel has change , be like overview add ARC Column

The problem cannot be solved at the moment: Multiple DKIM information will cause table display errors
2024-12-25 16:09:43 -05:00

5901 lines
152 KiB
JSON
Raw Blame History

{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "datasource",
"uid": "grafana"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"description": "",
"editable": true,
"fiscalYearStartMonth": 0,
"gnetId": 11227,
"graphTooltip": 0,
"id": 7,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"decimals": 2,
"mappings": [],
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "SPF Aligned Fail & ARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "SPF Aligned Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "SPF Aligned Fail & NOT ARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 8,
"x": 0,
"y": 0
},
"id": 6,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true,
"values": [
"percent"
]
},
"pieType": "donut",
"reduceOptions": {
"calcs": [
"sum"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"alias": "SPF Aligned Pass",
"bucketAggs": [
{
"$$hashKey": "object:244",
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:241",
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND spf_aligned:true",
"refId": "A",
"timeField": "date_begin"
},
{
"alias": "SPF Aligned Fail & ARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto"
},
"type": "date_histogram"
}
],
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND spf_aligned:false AND policy_overrides.comment.keyword:arc=pass",
"refId": "B",
"timeField": "date_begin"
},
{
"alias": "SPF Aligned Fail & NOT ARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto"
},
"type": "date_histogram"
}
],
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND spf_aligned:false AND NOT policy_overrides.comment.keyword:arc=pass",
"refId": "C",
"timeField": "date_begin"
}
],
"title": "SPF Alignment",
"transparent": true,
"type": "piechart"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"decimals": 2,
"mappings": [],
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "DKIM Aligned Fail & ARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "DKIM Aligned Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "DKIM Aligned Fail & NOT ARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 8,
"x": 8,
"y": 0
},
"id": 2,
"interval": "1h",
"options": {
"displayLabels": [],
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true,
"values": [
"percent"
]
},
"pieType": "donut",
"reduceOptions": {
"calcs": [
"sum"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"alias": "DKIM Aligned Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND dkim_aligned:true",
"refId": "A",
"timeField": "date_begin"
},
{
"alias": "DKIM Aligned Fail & ARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto"
},
"type": "date_histogram"
}
],
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND dkim_aligned:false AND policy_overrides.comment.keyword:arc=pass",
"refId": "B",
"timeField": "date_begin"
},
{
"alias": "DKIM Aligned Fail & NOT ARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto"
},
"type": "date_histogram"
}
],
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND dkim_aligned:false AND NOT policy_overrides.comment.keyword:arc=pass",
"refId": "C",
"timeField": "date_begin"
}
],
"title": "DKIM Alignment",
"transparent": true,
"type": "piechart"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"decimals": 2,
"mappings": [],
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "DMARC Fail & ARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "DMARC Fail & NOT ARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "DMARC Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "green",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 8,
"x": 16,
"y": 0
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true,
"values": [
"percent"
]
},
"pieType": "donut",
"reduceOptions": {
"calcs": [
"sum"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"alias": "DMARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "4",
"settings": {
"interval": "auto",
"min_doc_count": "0",
"timeZone": "utc",
"trimEdges": "0"
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:383",
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND passed_dmarc:true",
"refId": "A",
"timeField": "date_begin"
},
{
"alias": "DMARC Fail & ARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto"
},
"type": "date_histogram"
}
],
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND passed_dmarc:false AND policy_overrides.comment.keyword:arc=pass",
"refId": "B",
"timeField": "date_begin"
},
{
"alias": "DMARC Fail & NOT ARC Pass",
"bucketAggs": [
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "auto"
},
"type": "date_histogram"
}
],
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain AND passed_dmarc:false AND NOT policy_overrides.comment.keyword:arc=pass",
"refId": "C",
"timeField": "date_begin"
}
],
"title": "DMARC Passage",
"transparent": true,
"type": "piechart"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 60,
"gradientMode": "opacity",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [
{
"title": "",
"url": ""
}
],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "fail"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "false"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "neutral"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "super-light-blue",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "none"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "permerror"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-orange",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "softfail"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "super-light-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "temperror"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "true"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 9
},
"id": 33,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "10.4.3",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "spf_results.result.keyword",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "1d",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "SPF Results Over Time",
"type": "timeseries"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 60,
"gradientMode": "opacity",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "fail"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "false"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "neutral"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "super-light-blue",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "none"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "pass"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "permerror"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-orange",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "temperror"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "true"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 9
},
"id": 19,
"interval": "$interval",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "10.4.3",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "dkim_results.result.keyword",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "1d",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "DKIM Results Over Time",
"type": "timeseries"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 60,
"gradientMode": "opacity",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "false"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "true"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 18
},
"id": 18,
"interval": "$interval",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "10.4.3",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "spf_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "1d",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "SPF Alignment Over Time",
"type": "timeseries"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 60,
"gradientMode": "opacity",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "false"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-yellow",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "true"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 18
},
"id": 34,
"interval": "$interval",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "10.4.3",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "dkim_aligned",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "1d",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "DKIM Alignment Over Time",
"type": "timeseries"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 60,
"gradientMode": "opacity",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "false"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-red",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "true"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 27
},
"id": 7,
"interval": "1day",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "10.4.3",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "passed_dmarc",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "1d",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "DMARC Passage Over Time",
"type": "timeseries"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 60,
"gradientMode": "opacity",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 2,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"links": [],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "none"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "dark-green",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "quarantine"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "semi-dark-orange",
"mode": "fixed"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "reject"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 12,
"x": 12,
"y": 27
},
"id": 8,
"interval": "$interval",
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "right",
"showLegend": true
},
"tooltip": {
"mode": "multi",
"sort": "none"
}
},
"pluginVersion": "10.4.3",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "disposition.keyword",
"id": "3",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "date_begin",
"id": "2",
"settings": {
"interval": "1d",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"field": "message_count",
"id": "1",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Message Disposition Over Time",
"type": "timeseries"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"description": "Total Message Count",
"fieldConfig": {
"defaults": {
"displayName": "Total Message Count",
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "dark-blue",
"value": null
}
]
},
"unit": "locale"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Value"
},
"properties": [
{
"id": "unit",
"value": "none"
}
]
}
]
},
"gridPos": {
"h": 4,
"w": 12,
"x": 0,
"y": 36
},
"id": 36,
"interval": "24h",
"options": {
"colorMode": "background",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"sum"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "value_and_name",
"wideLayout": true
},
"pluginVersion": "10.1.6",
"targets": [
{
"alias": "",
"bucketAggs": [
{
"$$hashKey": "object:430",
"fake": true,
"field": "date_begin",
"id": "6",
"settings": {
"interval": "auto",
"min_doc_count": 0,
"trimEdges": 0
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:428",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"transparent": true,
"type": "stat"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 36
},
"id": 10,
"interval": "$interval",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:920",
"fake": true,
"field": "source_base_domain.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "4",
"size": "2000"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:918",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Top 2000 Message Sources by Reverse DNS",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Sum": "Messages",
"source_base_domain.keyword": "Sender PTR Domain"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Reporting Organisation"
},
"properties": [
{
"id": "custom.width",
"value": 183
}
]
}
]
},
"gridPos": {
"h": 11,
"w": 12,
"x": 0,
"y": 40
},
"id": 9,
"interval": "$interval",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"Sum"
],
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:291",
"fake": true,
"field": "org_name.keyword",
"id": "7",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:98",
"fake": true,
"field": "org_extra_contact_info.keyword",
"id": "6",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:96",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
},
{
"bucketAggs": [
{
"$$hashKey": "object:102",
"fake": true,
"field": "org_extra_contact_info.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": true,
"metrics": [
{
"$$hashKey": "object:100",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "B",
"timeField": "date_begin"
}
],
"title": "Reporting Organisations",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Sum": "Messages",
"org_extra_contact_info.keyword": "Org Contact Info",
"org_name.keyword": "Reporting Organisation"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Header From"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record",
"url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage"
}
]
}
]
},
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
}
]
}
]
},
"gridPos": {
"h": 7,
"w": 12,
"x": 12,
"y": 44
},
"id": 11,
"interval": "$interval",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:388",
"fake": true,
"field": "header_from.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:386",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Message Volume by Header From",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Sum": "Messages",
"header_from.keyword": "Header From"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "dark-green",
"value": null
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "source_country.keyword"
},
"properties": [
{
"id": "displayName",
"value": "Country"
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 16,
"x": 0,
"y": 51
},
"id": 12,
"interval": "$interval",
"maxDataPoints": 1,
"options": {
"basemap": {
"name": "Basemap",
"type": "default"
},
"controls": {
"mouseWheelZoom": true,
"showAttribution": true,
"showDebug": false,
"showMeasure": false,
"showScale": false,
"showZoom": true
},
"layers": [
{
"config": {
"showLegend": true,
"style": {
"color": {
"fixed": "dark-green"
},
"opacity": 0.4,
"rotation": {
"fixed": 0,
"max": 360,
"min": -360,
"mode": "mod"
},
"size": {
"field": "Sum",
"fixed": 5,
"max": 35,
"min": 3
},
"symbol": {
"fixed": "img/icons/marker/circle.svg",
"mode": "fixed"
},
"symbolAlign": {
"horizontal": "center",
"vertical": "center"
},
"textConfig": {
"fontSize": 12,
"offsetX": 0,
"offsetY": 0,
"textAlign": "center",
"textBaseline": "middle"
}
}
},
"filterData": {
"id": "byRefId",
"options": "A"
},
"location": {
"lookup": "source_country.keyword",
"mode": "lookup"
},
"name": "Message Count",
"tooltip": true,
"type": "markers"
},
{
"config": {
"nightColor": "#000000",
"show": "to",
"sun": false
},
"name": "Night / Day",
"opacity": 0.4,
"tooltip": true,
"type": "dayNight"
}
],
"tooltip": {
"mode": "details"
},
"view": {
"allLayers": true,
"id": "zero",
"lat": 0,
"lon": 0,
"shared": false,
"zoom": 1
}
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:710",
"fake": true,
"field": "source_country.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:708",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Map of Message Source Countries",
"transformations": [
{
"disabled": true,
"id": "reduce",
"options": {
"labelsToFields": false,
"reducers": [
"sum"
]
}
}
],
"type": "geomap"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Country"
},
"properties": [
{
"id": "custom.width",
"value": 96
}
]
},
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
}
]
}
]
},
"gridPos": {
"h": 10,
"w": 8,
"x": 16,
"y": 51
},
"id": 39,
"interval": "$interval",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:524",
"fake": true,
"field": "source_country.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:522",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Message Source Countries",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Sum": "Messages",
"source_country.keyword": "Country"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [
{
"options": {
"arc=fail": {
"index": 1,
"text": "Fail"
},
"arc=pass": {
"index": 0,
"text": "Pass"
},
"fail": {
"index": 4,
"text": "Fail"
},
"false": {
"index": 5,
"text": "False"
},
"pass": {
"index": 6,
"text": "Pass"
},
"true": {
"index": 3,
"text": "True"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"index": 2,
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
},
{
"id": "custom.align",
"value": "left"
},
{
"id": "custom.width",
"value": 400
}
]
},
{
"matcher": {
"id": "byName",
"options": "Source IP"
},
"properties": [
{
"id": "custom.width",
"value": 200
}
]
},
{
"matcher": {
"id": "byName",
"options": "Country"
},
"properties": [
{
"id": "custom.width",
"value": 86
}
]
},
{
"matcher": {
"id": "byName",
"options": "Disposition"
},
"properties": [
{
"id": "custom.width",
"value": 114
}
]
},
{
"matcher": {
"id": "byName",
"options": "Simple SPF"
},
"properties": [
{
"id": "custom.width",
"value": 127
}
]
},
{
"matcher": {
"id": "byName",
"options": "Simple DKIM"
},
"properties": [
{
"id": "custom.width",
"value": 122
}
]
},
{
"matcher": {
"id": "byName",
"options": "SPF Alignment"
},
"properties": [
{
"id": "custom.width",
"value": 134
}
]
},
{
"matcher": {
"id": "byName",
"options": "Sender PTR Domain"
},
"properties": [
{
"id": "custom.width",
"value": 180
}
]
},
{
"matcher": {
"id": "byName",
"options": "ARC Result"
},
"properties": [
{
"id": "custom.width",
"value": 112
}
]
},
{
"matcher": {
"id": "byName",
"options": "Header From Domain"
},
"properties": [
{
"id": "custom.width",
"value": 126
}
]
},
{
"matcher": {
"id": "byName",
"options": "DMARC Pass"
},
"properties": [
{
"id": "unit",
"value": "bool"
},
{
"id": "custom.align",
"value": "left"
},
{
"id": "custom.width",
"value": 129
}
]
},
{
"matcher": {
"id": "byName",
"options": "DKIM Alignment"
},
"properties": [
{
"id": "custom.width",
"value": 145
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 61
},
"id": 41,
"interval": "$interval",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"Sum"
],
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:457",
"fake": true,
"field": "source_base_domain.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:458",
"fake": true,
"field": "source_reverse_dns.keyword",
"id": "7",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:459",
"fake": true,
"field": "source_ip_address.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:460",
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:384",
"fake": true,
"field": "disposition.keyword",
"id": "12",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:391",
"fake": true,
"field": "spf_aligned",
"id": "13",
"settings": {
"min_doc_count": "1",
"missing": "false",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:398",
"fake": true,
"field": "dkim_aligned",
"id": "14",
"settings": {
"min_doc_count": "1",
"missing": "false",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:405",
"fake": true,
"field": "org_name.keyword",
"id": "15",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:412",
"fake": true,
"field": "spf_results.result.keyword",
"id": "16",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:622",
"fake": true,
"field": "header_from.keyword",
"id": "17",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:461",
"fake": true,
"field": "dkim_results.result.keyword",
"id": "10",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"field": "policy_overrides.comment.keyword",
"id": "18",
"settings": {
"min_doc_count": "1",
"missing": "N/A",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "passed_dmarc",
"id": "19",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:455",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_range"
}
],
"title": "Overview",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"passed_dmarc": false
},
"indexByName": {
"Sum": 13,
"disposition.keyword": 5,
"dkim_aligned": 9,
"dkim_results.result.keyword": 11,
"header_from.keyword": 12,
"org_name.keyword": 4,
"passed_dmarc": 7,
"policy_overrides.comment.keyword": 6,
"source_base_domain.keyword": 0,
"source_country.keyword": 3,
"source_ip_address.keyword": 2,
"source_reverse_dns.keyword": 1,
"spf_aligned": 8,
"spf_results.result.keyword": 10
},
"renameByName": {
"Sum": "Messages",
"disposition.keyword": "Disposition",
"dkim_aligned": "DKIM Alignment",
"dkim_results.result.keyword": "Simple DKIM",
"header_from.keyword": "Header From Domain",
"org_name.keyword": "Reporter",
"passed_dmarc": "DMARC Pass",
"policy_overrides.comment.keyword": "ARC Result",
"source_base_domain.keyword": "Sender PTR Domain",
"source_country.keyword": "Country",
"source_ip_address.keyword": "Source IP",
"source_reverse_dns.keyword": "PTR",
"spf_aligned": "SPF Alignment",
"spf_results.result.keyword": "Simple SPF"
}
}
}
],
"type": "table"
},
{
"datasource": {
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [
{
"options": {
"r": {
"text": "relaxed"
},
"s": {
"text": "strict"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
},
{
"id": "custom.align",
"value": "left"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Percentage"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "thresholds",
"value": {
"mode": "absolute",
"steps": [
{
"color": "dark-yellow",
"value": null
},
{
"color": "dark-green",
"value": 100
}
]
}
},
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "color-background"
}
},
{
"id": "custom.width",
"value": 90
}
]
},
{
"matcher": {
"id": "byName",
"options": "Subdomain Policy"
},
"properties": [
{
"id": "custom.width",
"value": 169
}
]
},
{
"matcher": {
"id": "byName",
"options": "Policy"
},
"properties": [
{
"id": "custom.width",
"value": 113
}
]
},
{
"matcher": {
"id": "byName",
"options": "Forensic Policy"
},
"properties": [
{
"id": "custom.width",
"value": 138
}
]
},
{
"matcher": {
"id": "byName",
"options": "SPF Policy"
},
"properties": [
{
"id": "custom.width",
"value": 132
}
]
},
{
"matcher": {
"id": "byName",
"options": "DKIM Policy"
},
"properties": [
{
"id": "custom.width",
"value": 136
}
]
},
{
"matcher": {
"id": "byName",
"options": "Header From Domain"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"published_policy.domain.keyword\"]} DMARC record",
"url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"published_policy.domain.keyword\"]}&run=toolpage"
}
]
},
{
"id": "custom.width",
"value": 604
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 70
},
"id": 43,
"interval": "86399",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"Sum"
],
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:457",
"fake": true,
"field": "published_policy.adkim.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:458",
"fake": true,
"field": "published_policy.aspf.keyword",
"id": "7",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:459",
"fake": true,
"field": "published_policy.domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:460",
"fake": true,
"field": "published_policy.fo.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:384",
"fake": true,
"field": "published_policy.p.keyword",
"id": "12",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:391",
"fake": true,
"field": "published_policy.pct",
"id": "13",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:398",
"fake": true,
"field": "published_policy.sp.keyword",
"id": "14",
"settings": {
"min_doc_count": "1",
"missing": "false",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:455",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Published Policies (as reported)",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"date_begin": false
},
"indexByName": {
"Sum": 7,
"published_policy.adkim.keyword": 1,
"published_policy.aspf.keyword": 2,
"published_policy.domain.keyword": 0,
"published_policy.fo.keyword": 3,
"published_policy.p.keyword": 4,
"published_policy.pct": 5,
"published_policy.sp.keyword": 6
},
"renameByName": {
"Sum": "Messages",
"date_begin": "Date",
"disposition.keyword": "Applied Policy",
"dkim_aligned": "DKIM",
"dkim_results.domain.keyword": "DKIM Domain",
"dkim_results.result.keyword": "DKIM Auth Result",
"dkim_results.selector.keyword": "DKIM Selector",
"envelope_from.keyword": "Envelope From",
"header_from.keyword": "Header From",
"org_name.keyword": "Reporter",
"published_policy.adkim.keyword": "DKIM Policy",
"published_policy.aspf.keyword": "SPF Policy",
"published_policy.domain.keyword": "Header From Domain",
"published_policy.fo.keyword": "Forensic Policy",
"published_policy.p.keyword": "Policy",
"published_policy.pct": "Percentage",
"published_policy.sp.keyword": "Subdomain Policy",
"source_base_domain.keyword": "Reverse DNS Base",
"source_country.keyword": "Country",
"source_ip_address.keyword": "Source IP",
"source_reverse_dns.keyword": "PTR",
"spf_aligned": "SPF",
"spf_results.result.keyword": "SPF Auth Result"
}
}
}
],
"type": "table"
},
{
"datasource": {
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Sender IP"
},
"properties": [
{
"id": "custom.width",
"value": 216
}
]
},
{
"matcher": {
"id": "byName",
"options": "Country"
},
"properties": [
{
"id": "custom.width",
"value": 103
}
]
},
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.width",
"value": 400
},
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
},
{
"id": "custom.align",
"value": "left"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Sender PTR Domain"
},
"properties": [
{
"id": "custom.width",
"value": 300
},
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Visit Domain",
"url": "https://${__data.fields[\"source_base_domain.keyword\"]}"
}
]
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 79
},
"id": 14,
"interval": "",
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"Sum"
],
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:921",
"fake": true,
"field": "source_ip_address.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
},
{
"$$hashKey": "object:922",
"fake": true,
"field": "source_reverse_dns.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
},
{
"$$hashKey": "object:923",
"fake": true,
"field": "source_base_domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
},
{
"$$hashKey": "object:924",
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "1000"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:919",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_begin"
}
],
"title": "Top 1000 Message Source IP Addresses",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Sum": "Messages",
"source_base_domain.keyword": "Sender PTR Domain",
"source_country.keyword": "Country",
"source_ip_address.keyword": "Sender IP",
"source_reverse_dns.keyword": "Sender PTR"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [
{
"options": {
"arc=fail": {
"index": 1,
"text": "Fail"
},
"arc=pass": {
"index": 0,
"text": "Pass"
},
"fail": {
"index": 4,
"text": "Fail"
},
"false": {
"index": 6,
"text": "False"
},
"pass": {
"index": 3,
"text": "Pass"
},
"true": {
"index": 5,
"text": "True"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"index": 2,
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
},
{
"id": "custom.align",
"value": "left"
},
{
"id": "custom.width",
"value": 400
}
]
},
{
"matcher": {
"id": "byName",
"options": "Sender PTR Domain"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Visit Domain",
"url": "https://${__data.fields[\"source_base_domain.keyword\"]}"
}
]
}
]
},
{
"matcher": {
"id": "byName",
"options": "Envelope From"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"envelope_from.keyword\"]} SPF record",
"url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"envelope_from.keyword\"]}"
}
]
}
]
},
{
"matcher": {
"id": "byName",
"options": "ARC Result"
},
"properties": [
{
"id": "custom.width",
"value": 112
}
]
},
{
"matcher": {
"id": "byName",
"options": "SPF Alignment"
},
"properties": [
{
"id": "custom.width",
"value": 131
}
]
},
{
"matcher": {
"id": "byName",
"options": "Simple SPF"
},
"properties": [
{
"id": "custom.width",
"value": 110
}
]
},
{
"matcher": {
"id": "byName",
"options": "Source IP"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"source_ip_address.keyword\"]} SPF record result",
"url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"envelope_from.keyword\"]}?ip=${__data.fields[\"source_ip_address.keyword\"]}"
}
]
},
{
"id": "custom.width",
"value": 137
}
]
},
{
"matcher": {
"id": "byName",
"options": "DMARC Pass"
},
"properties": [
{
"id": "custom.width",
"value": 120
},
{
"id": "unit",
"value": "bool"
},
{
"id": "custom.align",
"value": "left"
}
]
},
{
"matcher": {
"id": "byName",
"options": "SPF Alignment"
},
"properties": [
{
"id": "custom.width",
"value": 130
}
]
},
{
"matcher": {
"id": "byName",
"options": "Header From"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record",
"url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage"
}
]
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 88
},
"id": 16,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"enablePagination": false,
"fields": [
"Sum"
],
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:457",
"fake": true,
"field": "header_from.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:458",
"fake": true,
"field": "envelope_from.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:459",
"fake": true,
"field": "spf_results.result.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:460",
"fake": true,
"field": "spf_aligned",
"id": "9",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:461",
"fake": true,
"field": "source_base_domain.keyword",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"field": "policy_overrides.comment.keyword",
"id": "11",
"settings": {
"min_doc_count": "1",
"missing": "N/A",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "source_ip_address.keyword",
"id": "12",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "passed_dmarc",
"id": "13",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:455",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_range"
}
],
"title": "SPF Alignment Details",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {
"Sum": 8,
"envelope_from.keyword": 1,
"header_from.keyword": 0,
"passed_dmarc": 4,
"policy_overrides.comment.keyword": 3,
"source_base_domain.keyword": 7,
"source_ip_address.keyword": 2,
"spf_aligned": 5,
"spf_results.result.keyword": 6
},
"renameByName": {
"Sum": "Messages",
"envelope_from.keyword": "Envelope From",
"header_from.keyword": "Header From",
"passed_dmarc": "DMARC Pass",
"policy_overrides.comment.keyword": "ARC Result",
"source_base_domain.keyword": "Sender PTR Domain",
"source_ip_address.keyword": "Source IP",
"spf_aligned": "SPF Alignment",
"spf_results.result.keyword": "Simple SPF"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourceag"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"filterable": true,
"inspect": false
},
"mappings": [
{
"options": {
"arc=fail": {
"index": 1,
"text": "Fail"
},
"arc=pass": {
"index": 0,
"text": "Pass"
},
"fail": {
"index": 4,
"text": "Fail"
},
"false": {
"index": 6,
"text": "False"
},
"pass": {
"index": 3,
"text": "Pass"
},
"true": {
"index": 5,
"text": "True"
}
},
"type": "value"
},
{
"options": {
"match": "null",
"result": {
"index": 2,
"text": "N/A"
}
},
"type": "special"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "dark-purple",
"value": 101
}
]
}
},
{
"id": "custom.align",
"value": "left"
},
{
"id": "custom.width",
"value": 400
},
{
"id": "unit",
"value": "none"
},
{
"id": "max"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Sender PTR Domain"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Visit Domain",
"url": "https://${__data.fields[\"source_base_domain.keyword\"]}"
}
]
}
]
},
{
"matcher": {
"id": "byName",
"options": "DKIM Selector"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Open dmarcian.com DKIM Record Checker",
"url": "https://dmarcian.com/dkim-inspector/?domain=${__data.fields[\"dkim_results.domain.keyword\"]}&selector=${__data.fields[\"dkim_results.selector.keyword\"]}"
}
]
},
{
"id": "custom.align",
"value": "left"
},
{
"id": "unit",
"value": "string"
}
]
},
{
"matcher": {
"id": "byName",
"options": "DMARC Pass"
},
"properties": [
{
"id": "custom.width",
"value": 126
},
{
"id": "custom.align",
"value": "left"
},
{
"id": "unit",
"value": "bool"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Header From"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record",
"url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage"
}
]
}
]
},
{
"matcher": {
"id": "byName",
"options": "ARC Result"
},
"properties": [
{
"id": "custom.width",
"value": 116
}
]
},
{
"matcher": {
"id": "byName",
"options": "Simple DKIM"
},
"properties": [
{
"id": "custom.width",
"value": 119
}
]
},
{
"matcher": {
"id": "byName",
"options": "DKIM Alignment"
},
"properties": [
{
"id": "custom.width",
"value": 144
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 97
},
"id": 40,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": [
"Sum"
],
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:457",
"fake": true,
"field": "header_from.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:458",
"fake": true,
"field": "dkim_results.selector.keyword",
"id": "7",
"settings": {
"min_doc_count": "1",
"missing": "-",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:459",
"fake": true,
"field": "dkim_results.domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:460",
"fake": true,
"field": "dkim_results.result.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:798",
"fake": true,
"field": "dkim_aligned",
"id": "11",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:461",
"fake": true,
"field": "source_base_domain.keyword",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "4",
"size": "0"
},
"type": "terms"
},
{
"field": "passed_dmarc",
"id": "12",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "policy_overrides.comment.keyword",
"id": "13",
"settings": {
"min_doc_count": "1",
"missing": "N/A",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourceag"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:455",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "sum"
}
],
"query": "header_from.keyword:$fromdomain",
"refId": "A",
"timeField": "date_range"
}
],
"title": "DKIM Alignment Details",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"dkim_results.selector.keyword": false
},
"indexByName": {
"Sum": 8,
"dkim_aligned": 5,
"dkim_results.domain.keyword": 2,
"dkim_results.result.keyword": 6,
"dkim_results.selector.keyword": 1,
"header_from.keyword": 0,
"passed_dmarc": 4,
"policy_overrides.comment.keyword": 3,
"source_base_domain.keyword": 7
},
"renameByName": {
"Sum": "Messages",
"dkim_aligned": "DKIM Alignment",
"dkim_results.domain.keyword": "DKIM Domain",
"dkim_results.result.keyword": "Simple DKIM",
"dkim_results.selector.keyword": "DKIM Selector",
"envelope_from.keyword": "Envelope From",
"header_from.keyword": "Header From",
"passed_dmarc": "DMARC Pass",
"policy_overrides.comment.keyword": "ARC Result",
"source_base_domain.keyword": "Sender PTR Domain",
"spf_aligned": "SPF Aligned",
"spf_results.result.keyword": "SPF Result"
}
}
}
],
"type": "table"
},
{
"collapsed": false,
"datasource": {
"type": "elasticsearch",
"uid": "fe02a4f7-cf1f-4b97-8d78-774cff09356c"
},
"gridPos": {
"h": 1,
"w": 24,
"x": 0,
"y": 106
},
"id": 32,
"panels": [],
"targets": [
{
"datasource": {
"type": "elasticsearch",
"uid": "fe02a4f7-cf1f-4b97-8d78-774cff09356c"
},
"refId": "A"
}
],
"title": "DMARC Forensic",
"type": "row"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourcefo"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Arrival_Date"
},
"properties": [
{
"id": "unit",
"value": "dateTimeAsIso"
},
{
"id": "custom.width",
"value": 175
}
]
},
{
"matcher": {
"id": "byName",
"options": "AuthFailure"
},
"properties": [
{
"id": "custom.width",
"value": 84
}
]
},
{
"matcher": {
"id": "byName",
"options": "DeliveryResult"
},
"properties": [
{
"id": "custom.width",
"value": 104
}
]
},
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "custom.width",
"value": 71
}
]
},
{
"matcher": {
"id": "byName",
"options": "ReplyTo"
},
"properties": [
{
"id": "custom.width",
"value": 122
}
]
},
{
"matcher": {
"id": "byName",
"options": "Sender IP"
},
"properties": [
{
"id": "custom.width",
"value": 140
},
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Check ${__data.fields[\"source_ip_address.keyword\"]} SPF record result",
"url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"domain.keyword\"]}?ip=${__data.fields[\"source_ip_address.keyword\"]}"
}
]
}
]
}
]
},
"gridPos": {
"h": 9,
"w": 24,
"x": 0,
"y": 107
},
"id": 20,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "10.1.6",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:340",
"fake": true,
"field": "arrival_date",
"id": "6",
"settings": {
"interval": "auto",
"min_doc_count": 1,
"trimEdges": 0
},
"type": "date_histogram"
},
{
"$$hashKey": "object:341",
"fake": true,
"field": "sample.headers.from.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:342",
"fake": true,
"field": "sample.headers.to.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:343",
"fake": true,
"field": "sample.headers.reply-to.keyword",
"id": "10",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:344",
"fake": true,
"field": "auth_failure.keyword",
"id": "11",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:345",
"fake": true,
"field": "sample.subject.keyword",
"id": "12",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:346",
"fake": true,
"field": "delivery_results.keyword",
"id": "14",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:347",
"fake": true,
"field": "authentication_results.keyword",
"id": "15",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"$$hashKey": "object:348",
"fake": true,
"field": "sample.headers.received.keyword",
"id": "13",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
},
{
"field": "sample.date",
"id": "16",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "source_ip_address.keyword",
"id": "17",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "source_reverse_dns.keyword",
"id": "18",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
},
{
"field": "domain.keyword",
"id": "19",
"settings": {
"min_doc_count": "1",
"order": "desc",
"orderBy": "_term",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourcefo"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:338",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"query": "domain.keyword:$fromdomain",
"refId": "A",
"timeField": "arrival_date"
}
],
"title": "Forensic Samples",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"arrival_date": true,
"domain.keyword": false,
"sample.headers.received.keyword": true
},
"indexByName": {
"Count": 13,
"arrival_date": 2,
"auth_failure.keyword": 7,
"authentication_results.keyword": 9,
"delivery_results.keyword": 8,
"domain.keyword": 0,
"sample.date": 1,
"sample.headers.from.keyword": 3,
"sample.headers.received.keyword": 10,
"sample.headers.reply-to.keyword": 5,
"sample.headers.to.keyword": 4,
"sample.subject.keyword": 6,
"source_ip_address.keyword": 11,
"source_reverse_dns.keyword": 12
},
"renameByName": {
"Count": "Message Count",
"arrival_date": "",
"auth_failure.keyword": "AuthFailure",
"authentication_results.keyword": "Auth Results",
"delivery_results.keyword": "DeliveryResult",
"domain.keyword": "Header From Domain",
"sample.date": "Arrival_Date",
"sample.headers.from.keyword": "Envelope From",
"sample.headers.received.keyword": "Mail Hop 1",
"sample.headers.reply-to.keyword": "ReplyTo",
"sample.headers.to.keyword": "Envelope To",
"sample.subject.keyword": "Subject",
"source_ip_address.keyword": "Sender IP",
"source_reverse_dns.keyword": "Sender PTR"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "$datasourcefo"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "dark-green"
}
]
},
"unit": "none"
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Field"
},
"properties": [
{
"id": "displayName",
"value": "Country"
}
]
}
]
},
"gridPos": {
"h": 11,
"w": 8,
"x": 0,
"y": 116
},
"id": 22,
"maxDataPoints": 1,
"options": {
"basemap": {
"name": "Basemap",
"type": "default"
},
"controls": {
"mouseWheelZoom": true,
"showAttribution": true,
"showDebug": false,
"showMeasure": false,
"showScale": false,
"showZoom": true
},
"layers": [
{
"config": {
"showLegend": true,
"style": {
"color": {
"field": "Total",
"fixed": "dark-green"
},
"opacity": 0.4,
"rotation": {
"fixed": 0,
"max": 360,
"min": -360,
"mode": "mod"
},
"size": {
"field": "Total",
"fixed": 5,
"max": 30,
"min": 2
},
"symbol": {
"fixed": "img/icons/marker/circle.svg",
"mode": "fixed"
},
"textConfig": {
"fontSize": 12,
"offsetX": 0,
"offsetY": 0,
"textAlign": "center",
"textBaseline": "middle"
}
}
},
"filterData": {
"id": "byRefId",
"options": "A"
},
"location": {
"gazetteer": "public/gazetteer/countries.json",
"lookup": "Field",
"mode": "lookup"
},
"name": "Forensic Count",
"tooltip": true,
"type": "markers"
},
{
"config": {
"nightColor": "#000000",
"show": "to",
"sun": false
},
"name": "Layer 2",
"opacity": 0.4,
"tooltip": true,
"type": "dayNight"
}
],
"tooltip": {
"mode": "details"
},
"view": {
"allLayers": true,
"id": "zero",
"lat": 0,
"lon": 0,
"zoom": 1
}
},
"pluginVersion": "11.1.0-179769",
"targets": [
{
"bucketAggs": [
{
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"order": "desc",
"orderBy": "_term",
"size": "10"
},
"type": "terms"
},
{
"field": "arrival_date",
"id": "10",
"settings": {
"interval": "auto",
"min_doc_count": "0",
"timeZone": "utc",
"trimEdges": "0"
},
"type": "date_histogram"
}
],
"datasource": {
"uid": "$datasourcefo"
},
"hide": false,
"metrics": [
{
"id": "4",
"type": "count"
}
],
"query": "domain.keyword:$fromdomain",
"refId": "A",
"timeField": "arrival_date"
}
],
"title": "Forensic Sample Sources by Country",
"transformations": [
{
"id": "reduce",
"options": {
"reducers": [
"sum"
]
}
}
],
"type": "geomap"
},
{
"datasource": {
"uid": "$datasourcefo"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green"
},
{
"color": "dark-purple",
"value": 101
}
]
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Country"
},
"properties": [
{
"id": "custom.width",
"value": 70
}
]
}
]
},
"gridPos": {
"h": 11,
"w": 5,
"x": 8,
"y": 116
},
"id": 23,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": []
},
"pluginVersion": "11.1.0-179769",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:840",
"fake": true,
"field": "source_country.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "none",
"order": "desc",
"orderBy": "_count",
"size": "0"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourcefo"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:838",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"query": "domain.keyword:$fromdomain",
"refId": "A",
"timeField": "arrival_date"
}
],
"title": "DMARC Forensic Sample Source Countries",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"source_country.keyword": "Country"
}
}
}
],
"type": "table"
},
{
"datasource": {
"uid": "$datasourcefo"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green"
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Country"
},
"properties": [
{
"id": "custom.width",
"value": 70
}
]
},
{
"matcher": {
"id": "byName",
"options": "Base Domain"
},
"properties": [
{
"id": "links",
"value": [
{
"targetBlank": true,
"title": "Visit https://${__data.fields[\"source_base_domain.keyword\"]}",
"url": "https://${__data.fields[\"source_base_domain.keyword\"]}"
}
]
}
]
},
{
"matcher": {
"id": "byName",
"options": "Messages"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"mode": "gradient",
"type": "gauge"
}
},
{
"id": "thresholds",
"value": {
"mode": "percentage",
"steps": [
{
"color": "green"
},
{
"color": "dark-purple",
"value": 101
}
]
}
}
]
}
]
},
"gridPos": {
"h": 11,
"w": 11,
"x": 13,
"y": 116
},
"id": 24,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Messages"
}
]
},
"pluginVersion": "11.1.0-179769",
"targets": [
{
"bucketAggs": [
{
"$$hashKey": "object:653",
"fake": true,
"field": "source_ip_address.keyword",
"id": "6",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
},
{
"$$hashKey": "object:654",
"fake": true,
"field": "source_reverse_dns.keyword",
"id": "7",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
},
{
"$$hashKey": "object:655",
"fake": true,
"field": "source_base_domain.keyword",
"id": "8",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
},
{
"$$hashKey": "object:656",
"fake": true,
"field": "source_country.keyword",
"id": "9",
"settings": {
"min_doc_count": 1,
"missing": "-",
"order": "desc",
"orderBy": "_count",
"size": "1000"
},
"type": "terms"
}
],
"datasource": {
"uid": "$datasourcefo"
},
"hide": false,
"metrics": [
{
"$$hashKey": "object:651",
"field": "message_count",
"id": "4",
"meta": {},
"settings": {},
"type": "count"
}
],
"query": "domain.keyword:$fromdomain",
"refId": "A",
"timeField": "arrival_date"
}
],
"title": "Top 1000 Forensic Sample Source IP Addresses",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Count": "Messages",
"source_base_domain.keyword": "Base Domain",
"source_country.keyword": "Country",
"source_ip_address.keyword": "IP Address",
"source_reverse_dns.keyword": "Reverse DNS"
}
}
}
],
"type": "table"
}
],
"refresh": "",
"schemaVersion": 38,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": false,
"text": "dmarc-ag",
"value": "f79d0082-7d3f-4e44-9f8a-ec546b954d22"
},
"hide": 2,
"includeAll": false,
"label": "Datasource: Aggregate",
"multi": false,
"name": "datasourceag",
"options": [],
"query": "elasticsearch",
"refresh": 1,
"regex": "/.*dmarc-ag/",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {
"selected": false,
"text": "dmarc-fo",
"value": "deae39d9-c143-40ed-8470-c5560059ad22"
},
"hide": 2,
"includeAll": false,
"label": "Datasource: Forensic",
"multi": false,
"name": "datasourcefo",
"options": [],
"query": "elasticsearch",
"refresh": 1,
"regex": "/.*dmarc-fo/",
"skipUrlSync": false,
"type": "datasource"
},
{
"current": {
"selected": true,
"text": [
"All"
],
"value": [
"$__all"
]
},
"datasource": {
"uid": "$datasourceag"
},
"definition": "{\"find\":\"terms\",\"field\":\"header_from.keyword\"}",
"hide": 0,
"includeAll": true,
"label": "From Domain",
"multi": true,
"name": "fromdomain",
"options": [],
"query": "{\"find\":\"terms\",\"field\":\"header_from.keyword\"}",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 5,
"tagValuesQuery": "",
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"auto": false,
"auto_count": 30,
"auto_min": "10s",
"current": {
"selected": false,
"text": "1d",
"value": "1d"
},
"hide": 2,
"label": "Interval",
"name": "interval",
"options": [
{
"selected": true,
"text": "1d",
"value": "1d"
}
],
"query": "1d",
"refresh": 2,
"skipUrlSync": false,
"type": "interval"
},
{
"datasource": {
"type": "elasticsearch",
"uid": "${datasourceag}"
},
"filters": [],
"hide": 0,
"label": "Filter",
"name": "Filter",
"skipUrlSync": false,
"type": "adhoc"
}
]
},
"time": {
"from": "now-30d",
"to": "now"
},
"timepicker": {
"hidden": false,
"refresh_intervals": [
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "utc",
"title": "DMARC Reports-2024/11/13",
"uid": "SDksirRWz-new",
"version": 10,
"weekStart": ""
}
Reference in New Issue View Git Blame Copy Permalink