diff --git a/HomeLab/truenas-audit-overview.json b/HomeLab/truenas-audit-overview.json new file mode 100644 index 0000000..e68800d --- /dev/null +++ b/HomeLab/truenas-audit-overview.json @@ -0,0 +1,267 @@ +{ + "apiVersion": "dashboard.grafana.app/v1beta1", + "kind": "Dashboard", + "metadata": { + "name": "truenas-audit-overview" + }, + "spec": { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "panels": [ + { + "datasource": null, + "gridPos": { + "h": 5, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "content": "# TrueNAS Audit Overview\\n\\nThis dashboard is for audit/event visibility (not metrics).\\n\\nCurrent status: Loki is reachable but no dedicated TrueNAS audit log stream is labeled yet.\\n\\nNext step: ship TrueNAS audit/syslog events into Loki, then use these panels for detection and triage.", + "mode": "markdown" + }, + "pluginVersion": "12.2.1", + "targets": [], + "title": "Status", + "type": "text" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "orange", + "value": 1 + }, + { + "color": "red", + "value": 10 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 5 + }, + "id": 2, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.2.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "ef1qnibjxb5z4a" + }, + "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas)\" [5m]))", + "refId": "A" + } + ], + "title": "Audit Related Events (5m)", + "type": "stat" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 16, + "x": 8, + "y": 5 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.1", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "ef1qnibjxb5z4a" + }, + "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(failed|failure|denied|unauthorized|invalid user)\" [5m]))", + "legendFormat": "Failures", + "refId": "A" + }, + { + "datasource": { + "type": "loki", + "uid": "ef1qnibjxb5z4a" + }, + "expr": "sum(count_over_time({job=~\".+\"} |~ \"(?i)(sudo|privilege|root)\" [5m]))", + "legendFormat": "Privileged Actions", + "refId": "B" + } + ], + "title": "Security Event Rates", + "type": "timeseries" + }, + { + "fieldConfig": { + "defaults": {}, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 13 + }, + "id": 4, + "options": { + "showCommonLabels": false, + "showLabels": true, + "showTime": true, + "wrapLogMessage": true + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "ef1qnibjxb5z4a" + }, + "expr": "{job=~\".+\"} |~ \"(?i)(audit|sudo|authentication|middleware|truenas|smb)\"", + "refId": "A" + } + ], + "title": "Audit / Security Logs", + "type": "logs" + } + ], + "preload": false, + "refresh": "30s", + "schemaVersion": 42, + "tags": [ + "truenas", + "audit", + "security", + "loki" + ], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "TrueNAS Audit Overview" + } +} diff --git a/home-overview.json b/home-overview.json index 344c4ba..d58d839 100644 --- a/home-overview.json +++ b/home-overview.json @@ -24,7 +24,7 @@ }, "id": 1, "options": { - "content": "# Home Overview\n\n## Grafana Dashboards\n\n### HomeLab\n- [AdGuard Home](/d/AdGuard-Home-Exporter/adguard-home-exporter)\n- [TrueNAS Disk Insight](/d/edlz616ehgmpsd/truenas-scale-disk-insight)\n- [TrueNAS Overview](/d/truenas-overview/truenas-scale-overview)\n- [Unbound Resolver](/d/6edd697a-1ab7-41b5-94d1-57e2b7121217/unbound-resolver-overview)\n- [VyOS Router](/d/9012547f-46a9-44d0-bbb0-a6e8d861fdd6/vyos-router)\n\n### GBarmUB\n- [CrowdSec Security](/d/270488bc-baf3-4db4-88a1-8c2e56ad84b8/crowdsec-security-dashboard-gbarmub)\n- [Docker Metrics](/d/b0ae5882-f3a7-45c5-a4da-21a4815f8ed0/docker-container-metrics)\n- [GBarmUB Node Exporter](/d/rYdddlPWk/gbarmub-node-exporter)\n- [Traefik Log Review](/d/63e74460-92b3-4886-86f2-1fe27c783ece/traefik-log-review-dashboard)\n- [Traefik Official](/d/gbwmrxv/traefik-official-standalone-dashboard)\n\n### Root\n- [Home Overview](/d/home-overview/home-overview)\n- [Prometheus Stats](/d/UDdpyzz7z/prometheus-2-0-stats)", + "content": "# Home Overview\n\n## Grafana Dashboards\n\n### HomeLab\n- [AdGuard Home](/d/AdGuard-Home-Exporter/adguard-home-exporter)\n- [TrueNAS Disk Insight](/d/edlz616ehgmpsd/truenas-scale-disk-insight)\n- [TrueNAS Overview](/d/truenas-overview/truenas-scale-overview)\n- [TrueNAS Audit](/d/truenas-audit-overview/truenas-audit-overview)\n- [Unbound Resolver](/d/6edd697a-1ab7-41b5-94d1-57e2b7121217/unbound-resolver-overview)\n- [VyOS Router](/d/9012547f-46a9-44d0-bbb0-a6e8d861fdd6/vyos-router)\n\n### GBarmUB\n- [CrowdSec Security](/d/270488bc-baf3-4db4-88a1-8c2e56ad84b8/crowdsec-security-dashboard-gbarmub)\n- [Docker Metrics](/d/b0ae5882-f3a7-45c5-a4da-21a4815f8ed0/docker-container-metrics)\n- [GBarmUB Node Exporter](/d/rYdddlPWk/gbarmub-node-exporter)\n- [Traefik Log Review](/d/63e74460-92b3-4886-86f2-1fe27c783ece/traefik-log-review-dashboard)\n- [Traefik Official](/d/gbwmrxv/traefik-official-standalone-dashboard)\n\n### Root\n- [Home Overview](/d/home-overview/home-overview)\n- [Prometheus Stats](/d/UDdpyzz7z/prometheus-2-0-stats)", "mode": "markdown" }, "pluginVersion": "12.1.1",