{ "apiVersion": "dashboard.grafana.app/v0alpha1", "kind": "Dashboard", "metadata": { "name": "270488bc-baf3-4db4-88a1-8c2e56ad84b8" }, "spec": { "panels": [ { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 10 }, { "color": "red", "value": 50 } ] } } }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 0 }, "id": 1, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "cs_active_decisions{instance=\"192.168.50.4:6060\"}", "refId": "A" } ], "title": "活躍決策數 (Active Decisions)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 100 }, { "color": "red", "value": 500 } ] } } }, "gridPos": { "h": 4, "w": 6, "x": 6, "y": 0 }, "id": 2, "options": { "colorMode": "value", "graphMode": "area", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(increase(cs_alerts{instance=\"192.168.50.4:6060\"}[24h]))", "refId": "A" } ], "title": "總警報數 (Total Alerts)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" } } }, "gridPos": { "h": 4, "w": 6, "x": 12, "y": 0 }, "id": 3, "options": { "colorMode": "value", "graphMode": "none", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "count(count by (bouncer) (cs_lapi_bouncer_requests_total{instance=\"192.168.50.4:6060\"}))", "refId": "A" } ], "title": "Bouncer 連接數", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" } } }, "gridPos": { "h": 4, "w": 6, "x": 18, "y": 0 }, "id": 4, "options": { "colorMode": "value", "graphMode": "none", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "count(count by (machine) (cs_lapi_machine_requests_total{instance=\"192.168.50.4:6060\"}))", "refId": "A" } ], "title": "Machine 連接數", "type": "stat" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 10, "lineInterpolation": "smooth" }, "unit": "reqps" } }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 4 }, "id": 5, "options": { "legend": { "calcs": [ "last", "max" ], "displayMode": "table", "placement": "right" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "rate(cs_alerts{instance=\"192.168.50.4:6060\"}[5m])", "legendFormat": "{{reason}} - {{origin}}", "refId": "A" } ], "title": "警報趨勢 (Alert Trends)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 10, "lineInterpolation": "smooth" } } }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 4 }, "id": 6, "options": { "legend": { "calcs": [ "last", "max" ], "displayMode": "table", "placement": "right" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "cs_active_decisions{instance=\"192.168.50.4:6060\"}", "legendFormat": "{{reason}} - {{origin}}", "refId": "A" } ], "title": "活躍決策趨勢 (Active Decisions Over Time)", "type": "timeseries" }, { "gridPos": { "h": 8, "w": 8, "x": 0, "y": 12 }, "id": 7, "options": { "legend": { "displayMode": "table", "placement": "right", "values": [ "value", "percent" ] } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum by (origin) (cs_active_decisions{instance=\"192.168.50.4:6060\"})", "refId": "A" } ], "title": "決策來源分布 (Decisions by Origin)", "type": "piechart" }, { "gridPos": { "h": 8, "w": 8, "x": 8, "y": 12 }, "id": 8, "options": { "legend": { "displayMode": "table", "placement": "right", "values": [ "value", "percent" ] } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum by (reason) (cs_active_decisions{instance=\"192.168.50.4:6060\"})", "refId": "A" } ], "title": "決策原因分布 (Decisions by Reason)", "type": "piechart" }, { "gridPos": { "h": 8, "w": 8, "x": 16, "y": 12 }, "id": 9, "options": { "legend": { "displayMode": "table", "placement": "right", "values": [ "value", "percent" ] } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum by (type) (cs_active_decisions{instance=\"192.168.50.4:6060\"})", "refId": "A" } ], "title": "決策類型分布 (Decisions by Type)", "type": "piechart" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 20, "lineInterpolation": "smooth" }, "unit": "ops" } }, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 20 }, "id": 10, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "rate(cs_bucket_overflowed_total{instance=\"192.168.50.4:6060\"}[5m])", "legendFormat": "{{name}}", "refId": "A" } ], "title": "Bucket 溢出率 (Bucket Overflow Rate)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "lineInterpolation": "smooth" }, "unit": "s" } }, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 20 }, "id": 11, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "rate(cs_bucket_pour_seconds_sum{instance=\"192.168.50.4:6060\"}[5m]) / rate(cs_bucket_pour_seconds_count{instance=\"192.168.50.4:6060\"}[5m])", "legendFormat": "平均處理時間", "refId": "A" } ], "title": "Bucket 處理時間 (Bucket Processing Time)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 20, "lineInterpolation": "smooth" }, "unit": "reqps" } }, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 27 }, "id": 12, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(rate(cs_lapi_bouncer_requests_total{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "Bouncer 請求", "refId": "A" }, { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(rate(cs_lapi_machine_requests_total{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "Machine 請求", "refId": "B" } ], "title": "LAPI 請求率 (LAPI Request Rate)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "lineInterpolation": "smooth" }, "unit": "s" } }, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 27 }, "id": 13, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "histogram_quantile(0.95, rate(cs_lapi_request_duration_seconds_bucket{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "P95 延遲", "refId": "A" }, { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "histogram_quantile(0.99, rate(cs_lapi_request_duration_seconds_bucket{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "P99 延遲", "refId": "B" } ], "title": "LAPI 請求延遲 (LAPI Request Duration)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 20, "lineInterpolation": "smooth" }, "unit": "ops" } }, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 34 }, "id": 14, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(rate(cs_parser_hits_ok_total{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "成功", "refId": "A" }, { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(rate(cs_parser_hits_ko_total{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "失敗", "refId": "B" } ], "title": "解析器命中率 (Parser Hit Rate)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "lineInterpolation": "smooth" }, "unit": "s" } }, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 34 }, "id": 15, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "rate(cs_parsing_time_seconds_sum{instance=\"192.168.50.4:6060\"}[5m]) / rate(cs_parsing_time_seconds_count{instance=\"192.168.50.4:6060\"}[5m])", "legendFormat": "平均解析時間", "refId": "A" } ], "title": "解析時間 (Parsing Time)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 20, "lineInterpolation": "smooth" }, "unit": "ops" } }, "gridPos": { "h": 7, "w": 12, "x": 0, "y": 41 }, "id": 16, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(rate(cs_node_hits_ok_total{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "成功命中", "refId": "A" }, { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "sum(rate(cs_node_hits_ko_total{instance=\"192.168.50.4:6060\"}[5m]))", "legendFormat": "失敗命中", "refId": "B" } ], "title": "節點命中統計 (Node Hits)", "type": "timeseries" }, { "fieldConfig": { "defaults": {}, "overrides": [ { "matcher": { "id": "byName", "options": "source" }, "properties": [ { "id": "displayName", "value": "來源" } ] }, { "matcher": { "id": "byName", "options": "Value" }, "properties": [ { "id": "displayName", "value": "警報數" } ] } ] }, "gridPos": { "h": 7, "w": 12, "x": 12, "y": 41 }, "id": 17, "options": { "showHeader": true, "sortBy": [ { "desc": true, "displayName": "Value" } ] }, "targets": [ { "datasource": { "type": "prometheus", "uid": "ff1qkncht70n4c" }, "expr": "topk(10, sum by (source) (increase(cs_alerts{instance=\"192.168.50.4:6060\"}[1h])))", "format": "table", "instant": true, "refId": "A" } ], "title": "前 10 個警報來源 (Top 10 Alert Sources)", "type": "table" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 48 }, "id": 18, "title": "📋 Loki 日誌區域", "type": "row" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 10 }, { "color": "orange", "value": 30 }, { "color": "red", "value": 50 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 49 }, "id": 28, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"ban on Ip\" [1h]))", "refId": "A" } ], "title": "🚫 IP 封鎖數 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 5 }, { "color": "red", "value": 15 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 6, "y": 49 }, "id": 29, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"ssh.*ban on Ip\" [1h]))", "refId": "A" } ], "title": "🔐 SSH 封鎖 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 10 }, { "color": "red", "value": 25 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 12, "y": 49 }, "id": 30, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"http.*ban on Ip\" [1h]))", "refId": "A" } ], "title": "🌐 HTTP 攻擊 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "red", "value": 1 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 18, "y": 49 }, "id": 31, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"CVE.*ban on Ip\" [1h]))", "refId": "A" } ], "title": "⚠️ CVE 漏洞 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "drawStyle": "line", "fillOpacity": 30, "lineInterpolation": "smooth" }, "unit": "short" } }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 53 }, "id": 32, "options": { "legend": { "calcs": [ "last", "sum" ], "displayMode": "table", "placement": "bottom" } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"ban on Ip\" [5m]))", "legendFormat": "封鎖數", "refId": "A" } ], "title": "📈 IP 封鎖趨勢 (Ban Trend)", "type": "timeseries" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 10, "lineInterpolation": "smooth" }, "unit": "short" } }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 53 }, "id": 33, "options": { "legend": { "calcs": [ "last", "max" ], "displayMode": "table", "placement": "bottom" } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"ssh-slow-bf\" [5m]))", "legendFormat": "SSH 暴力", "refId": "A" }, { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"http-probing\" [5m]))", "legendFormat": "HTTP 探測", "refId": "B" }, { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"http-backdoors\" [5m]))", "legendFormat": "後門嘗試", "refId": "C" }, { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} |~ \"wordpress\" [5m]))", "legendFormat": "WordPress", "refId": "D" } ], "title": "🔍 攻擊類型 (Attack Types)", "type": "timeseries" }, { "gridPos": { "h": 12, "w": 12, "x": 0, "y": 61 }, "id": 34, "options": { "enableLogDetails": true, "prettifyLogMessage": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": true }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "{job=\"security/crowdsec-main\"} |~ \"ban on Ip\"", "refId": "A" } ], "title": "🚫 被封鎖 IP 日誌 (Banned IPs)", "type": "logs" }, { "gridPos": { "h": 12, "w": 12, "x": 12, "y": 61 }, "id": 35, "options": { "enableLogDetails": true, "prettifyLogMessage": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": true }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "{job=\"security/crowdsec-main\"} |~ \"performed\"", "refId": "A" } ], "title": "🎯 攻擊詳情 (Attack Details)", "type": "logs" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 100 }, { "color": "orange", "value": 1000 }, { "color": "red", "value": 5000 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 73 }, "id": 19, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-firewall\"} |~ \"decision.*added\" [1h]))", "refId": "A" } ], "title": "決策新增 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "blue", "value": 10 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 6, "y": 73 }, "id": 20, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-firewall\"} |~ \"decision.*deleted\" [1h]))", "refId": "A" } ], "title": "決策刪除 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 1000 }, { "color": "red", "value": 5000 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 12, "y": 73 }, "id": 21, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-api\"} [1h]))", "refId": "A" } ], "title": "API 請求 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 100 } ] }, "unit": "short" } }, "gridPos": { "h": 4, "w": 6, "x": 18, "y": 73 }, "id": 22, "options": { "colorMode": "value", "graphMode": "area", "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "values": false } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-main\"} [1h]))", "refId": "A" } ], "title": "主程序日誌 (1小時)", "type": "stat" }, { "fieldConfig": { "defaults": { "custom": { "drawStyle": "line", "fillOpacity": 10, "lineInterpolation": "smooth" }, "unit": "short" } }, "gridPos": { "h": 8, "w": 12, "x": 0, "y": 77 }, "id": 23, "options": { "legend": { "calcs": [ "last", "max", "mean" ], "displayMode": "table", "placement": "bottom" } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-api\"} |~ \"crowdsec-firewall-bouncer\" [1m]))", "legendFormat": "Firewall Bouncer", "refId": "A" }, { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-api\"} |~ \"Crowdsec-Bouncer-Traefik\" [1m]))", "legendFormat": "Traefik Bouncer", "refId": "B" } ], "title": "Bouncer 請求", "type": "timeseries" }, { "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "drawStyle": "bars", "fillOpacity": 80 }, "unit": "short" } }, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 77 }, "id": 24, "options": { "legend": { "calcs": [ "last", "sum" ], "displayMode": "table", "placement": "bottom" } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-firewall\"} |~ \"added\" [1m]))", "legendFormat": "Added", "refId": "A" }, { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum(count_over_time({job=\"security/crowdsec-firewall\"} |~ \"deleted\" [1m]))", "legendFormat": "Deleted", "refId": "B" } ], "title": "決策變更", "type": "timeseries" }, { "gridPos": { "h": 10, "w": 24, "x": 0, "y": 85 }, "id": 25, "options": { "enableLogDetails": true, "prettifyLogMessage": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": true }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "{job=\"security/crowdsec-api\"}", "refId": "A" } ], "title": "API 活動日誌", "type": "logs" }, { "gridPos": { "h": 10, "w": 12, "x": 0, "y": 95 }, "id": 26, "options": { "enableLogDetails": true, "prettifyLogMessage": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": true }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "{job=\"security/crowdsec-firewall\"}", "refId": "A" } ], "title": "防火牆決策日誌", "type": "logs" }, { "gridPos": { "h": 10, "w": 12, "x": 12, "y": 95 }, "id": 27, "options": { "enableLogDetails": true, "prettifyLogMessage": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": true }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "{job=\"security/crowdsec-main\"}", "refId": "A" } ], "title": "主程序日誌", "type": "logs" }, { "fieldConfig": { "overrides": [ { "matcher": { "id": "byName", "options": "ip" }, "properties": [ { "id": "displayName", "value": "IP 地址" }, { "id": "custom.width", "value": 150 } ] }, { "matcher": { "id": "byName", "options": "country" }, "properties": [ { "id": "displayName", "value": "🌍 國家" }, { "id": "custom.width", "value": 80 } ] }, { "matcher": { "id": "byName", "options": "asn" }, "properties": [ { "id": "displayName", "value": "ASN" }, { "id": "custom.width", "value": 100 } ] }, { "matcher": { "id": "byName", "options": "Value" }, "properties": [ { "id": "displayName", "value": "封鎖次數" }, { "id": "custom.cellOptions", "value": { "type": "color-background" } }, { "id": "custom.width", "value": 120 } ] } ] }, "gridPos": { "h": 10, "w": 12, "x": 0, "y": 53 }, "id": 36, "options": { "showHeader": true, "sortBy": [ { "desc": true, "displayName": "封鎖次數" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "topk(20, sum by (ip, country, asn) (count_over_time({job=\"security/crowdsec-main\"} |~ \"ban on Ip\" | pattern `\u003c_\u003e by ip \u003cip\u003e (\u003ccountry\u003e/\u003casn\u003e) : \u003c_\u003e` [6h])))", "instant": true, "refId": "A" } ], "title": "🌍 Top 20 被封鎖 IP (帶地理位置)", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "indexByName": { "Value": 3, "asn": 2, "country": 1, "ip": 0 }, "renameByName": {} } }, { "id": "sortBy", "options": { "sort": [ { "desc": true, "field": "Value" } ] } } ], "type": "table" }, { "fieldConfig": { "overrides": [ { "matcher": { "id": "byName", "options": "rule" }, "properties": [ { "id": "displayName", "value": "⚠️ 規則名稱" }, { "id": "custom.width", "value": 300 } ] }, { "matcher": { "id": "byName", "options": "Value" }, "properties": [ { "id": "displayName", "value": "觸發次數" }, { "id": "custom.cellOptions", "value": { "type": "color-background" } }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 5 }, { "color": "orange", "value": 20 }, { "color": "red", "value": 50 } ] } } ] } ] }, "gridPos": { "h": 10, "w": 12, "x": 12, "y": 53 }, "id": 37, "options": { "showHeader": true, "sortBy": [ { "desc": true, "displayName": "觸發次數" } ] }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "topk(15, sum by (rule) (count_over_time({job=\"security/crowdsec-main\"} |~ \"ban on Ip\" | pattern `\u003c_\u003e \u003crule\u003e by ip \u003c_\u003e` [6h])))", "instant": true, "refId": "A" } ], "title": "⚠️ Top 15 觸發規則 (Attack Scenarios)", "transformations": [ { "id": "labelsToFields", "options": { "mode": "columns" } }, { "id": "organize", "options": { "excludeByName": { "Time": true }, "indexByName": { "Value": 1, "rule": 0 } } }, { "id": "sortBy", "options": { "sort": [ { "desc": true, "field": "Value" } ] } } ], "type": "table" }, { "fieldConfig": { "defaults": { "unit": "short" } }, "gridPos": { "h": 8, "w": 8, "x": 0, "y": 63 }, "id": 38, "options": { "legend": { "displayMode": "table", "placement": "right", "values": [ "value", "percent" ] }, "pieType": "pie", "tooltip": { "mode": "single" } }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "sum by (duration) (count_over_time({job=\"security/crowdsec-main\"} |~ \"ban on Ip\" | pattern `\u003c_\u003e : \u003cduration\u003e ban on Ip \u003c_\u003e` [6h]))", "refId": "A" } ], "title": "⏱️ 封鎖時長分布 (Ban Duration)", "type": "piechart" }, { "fieldConfig": { "defaults": { "unit": "short" } }, "gridPos": { "h": 8, "w": 8, "x": 8, "y": 63 }, "id": 39, "options": { "legend": { "displayMode": "table", "placement": "right", "values": [ "value", "percent" ] }, "pieType": "pie" }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "topk(10, sum by (country) (count_over_time({job=\"security/crowdsec-main\"} |~ \"ban on Ip\" | pattern `\u003c_\u003e (\u003ccountry\u003e/\u003c_\u003e` [6h])))", "refId": "A" } ], "title": "🌎 攻擊來源國家分布", "type": "piechart" }, { "fieldConfig": { "defaults": { "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": 0 }, { "color": "yellow", "value": 20 }, { "color": "orange", "value": 50 }, { "color": "red", "value": 100 } ] }, "unit": "short" } }, "gridPos": { "h": 8, "w": 8, "x": 16, "y": 63 }, "id": 40, "options": { "displayMode": "gradient", "orientation": "horizontal", "showUnfilled": true }, "targets": [ { "datasource": { "type": "loki", "uid": "ef1qnibjxb5z4a" }, "expr": "topk(8, sum by (events) (count_over_time({job=\"security/crowdsec-main\"} |~ \"performed\" | pattern `\u003c_\u003e (\u003cevents\u003e events over \u003c_\u003e` [6h])))", "refId": "A" } ], "title": "📊 事件頻率統計 (Events per Attack)", "type": "bargauge" } ], "refresh": "30s", "schemaVersion": 42, "tags": [ "crowdsec", "security", "firewall", "loki" ], "time": { "from": "now-6h", "to": "now" }, "timezone": "browser", "title": "CrowdSec Security Dashboard - GBarmub" } }