gbanyan/grafana-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
468907c1544a79cc5a68058ea4efb71432ecf6a7
grafana-dashboard/HomeLab/truenas-audit-overview.json

302 lines
7.9 KiB
JSON
Raw Blame History

{
"apiVersion": "dashboard.grafana.app/v1beta1",
"kind": "Dashboard",
"metadata": {
"name": "truenas-audit-overview"
},
"spec": {
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"links": [],
"panels": [
{
"datasource": null,
"gridPos": {
"h": 5,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"content": "# TrueNAS Audit Overview\\n\\nNative TrueNAS audit events forwarded via remote syslog and ingested to Loki as `job=truenas_syslog`.\\n\\nUse filters above to focus by host and service.",
"mode": "markdown"
},
"pluginVersion": "12.2.1",
"targets": [],
"title": "Status",
"type": "text"
},
{
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"decimals": 0,
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "orange",
"value": 1
},
{
"color": "red",
"value": 10
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 8,
"x": 0,
"y": 5
},
"id": 2,
"options": {
"colorMode": "background",
"graphMode": "none",
"justifyMode": "auto",
"orientation": "auto",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"showPercentChange": false,
"textMode": "auto",
"wideLayout": true
},
"pluginVersion": "12.2.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" [5m]))",
"refId": "A"
}
],
"title": "Audit Related Events (5m)",
"type": "stat"
},
{
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 20,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "red",
"value": 1
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 16,
"x": 8,
"y": 5
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "single",
"sort": "none"
}
},
"pluginVersion": "12.2.1",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" |~ \\\"(?i)(\\\\\\\"success\\\\\\\": false|FAILED|denied|invalid)\\\" [5m]))",
"legendFormat": "Failures",
"refId": "A"
},
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "sum(count_over_time({job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"(SUDO|SYSTEM)\\\\\\\"\\\" [5m]))",
"legendFormat": "Privileged Actions",
"refId": "B"
}
],
"title": "Security Event Rates",
"type": "timeseries"
},
{
"fieldConfig": {
"defaults": {},
"overrides": []
},
"gridPos": {
"h": 11,
"w": 24,
"x": 0,
"y": 13
},
"id": 4,
"options": {
"showCommonLabels": false,
"showLabels": true,
"showTime": true,
"wrapLogMessage": true
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"expr": "{job=\\\"truenas_syslog\\\",host=~\\\"$host\\\"} |= \\\"TNAUDIT\\\" |~ \\\"\\\\\\\"svc\\\\\\\": \\\\\\\"($svc)\\\\\\\"\\\"",
"refId": "A"
}
],
"title": "Audit / Security Logs",
"type": "logs"
}
],
"preload": false,
"refresh": "30s",
"schemaVersion": 42,
"tags": [
"truenas",
"audit",
"security",
"loki"
],
"templating": {
"list": [
{
"name": "host",
"type": "query",
"datasource": {
"type": "loki",
"uid": "ef1qnibjxb5z4a"
},
"definition": "label_values({job=\"truenas_syslog\"}, host)",
"query": "label_values({job=\"truenas_syslog\"}, host)",
"refresh": 1,
"sort": 1,
"includeAll": true,
"allValue": ".*",
"multi": false,
"current": {
"text": "All",
"value": "$__all",
"selected": true
}
},
{
"name": "svc",
"type": "custom",
"query": "SMB,SYSTEM,SUDO,MIDDLEWARE",
"includeAll": true,
"allValue": ".*",
"multi": false,
"current": {
"text": "All",
"value": "$__all",
"selected": true
}
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "browser",
"title": "TrueNAS Audit Overview"
}
}
Reference in New Issue View Git Blame Copy Permalink