{ "apiVersion": "dashboard.grafana.app/v2", "kind": "Dashboard", "metadata": { "name": "ad-samba-audit", "generation": 1, "labels": {}, "annotations": {} }, "spec": { "annotations": [ { "kind": "AnnotationQuery", "spec": { "query": { "kind": "DataQuery", "group": "grafana", "version": "v0", "spec": {}, "labels": { "grafana.app/export-label": "grafana-1" } }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "builtIn": true } } ], "cursorSync": "Off", "editable": true, "elements": { "panel-1": { "kind": "Panel", "spec": { "id": 1, "title": "Logins OK", "description": "Успешные входы в домен (samba_auth): машинные и пользовательские, разбивка по домену.", "links": [], "data": { "kind": "QueryGroup", "spec": { "queries": [ { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "alias": "machine_login", "groupBy": [ { "params": ["$interval"], "type": "time" }, { "params": ["domain::tag"], "type": "tag" }, { "params": ["null"], "type": "fill" } ], "measurement": "samba_auth", "orderByTime": "ASC", "policy": "default", "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", "rawQuery": false, "resultFormat": "time_series", "select": [ [ { "params": ["client_account"], "type": "field" }, { "params": [], "type": "count" } ] ], "tags": [ { "key": "status::tag", "operator": "=", "value": "NT_STATUS_OK" }, { "condition": "AND", "key": "account::tag", "operator": "=~", "value": "/^MACHINE/" } ] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "A", "hidden": false } }, { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "alias": "user_login", "groupBy": [ { "params": ["$interval"], "type": "time" }, { "params": ["domain::tag"], "type": "tag" }, { "params": ["null"], "type": "fill" } ], "measurement": "samba_auth", "orderByTime": "ASC", "policy": "default", "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^user/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", "rawQuery": false, "resultFormat": "time_series", "select": [ [ { "params": ["client_account"], "type": "field" }, { "params": [], "type": "count" } ] ], "tags": [ { "key": "status::tag", "operator": "=", "value": "NT_STATUS_OK" }, { "condition": "AND", "key": "account::tag", "operator": "=~", "value": "/^user/" } ] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "B", "hidden": false } } ], "transformations": [], "queryOptions": {} } }, "vizConfig": { "kind": "VizConfig", "group": "timeseries", "version": "13.0.1+security-01", "spec": { "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "single", "sort": "none" } }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 10, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } } }, "overrides": [] } } } } }, "panel-2": { "kind": "Panel", "spec": { "id": 2, "title": "DSDB: изменения по операциям", "description": "Число изменений объектов каталога (samba_dsdb), разбивка по типу операции.", "links": [], "data": { "kind": "QueryGroup", "spec": { "queries": [ { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "measurement": "samba_dsdb", "orderByTime": "ASC", "policy": "default", "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"operation\"::tag fill(null)", "rawQuery": true, "resultFormat": "time_series", "select": [], "groupBy": [], "tags": [] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "A", "hidden": false } } ], "transformations": [], "queryOptions": {} } }, "vizConfig": { "kind": "VizConfig", "group": "timeseries", "version": "13.0.1+security-01", "spec": { "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } } }, "overrides": [] } } } } }, "panel-3": { "kind": "Panel", "spec": { "id": 3, "title": "DSDB: система vs пользователь", "description": "Изменения каталога с разбивкой по performedAsSystem (true = выполнено системой).", "links": [], "data": { "kind": "QueryGroup", "spec": { "queries": [ { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "measurement": "samba_dsdb", "orderByTime": "ASC", "policy": "default", "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"as_system\"::tag fill(null)", "rawQuery": true, "resultFormat": "time_series", "select": [], "groupBy": [], "tags": [] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "A", "hidden": false } } ], "transformations": [], "queryOptions": {} } }, "vizConfig": { "kind": "VizConfig", "group": "timeseries", "version": "13.0.1+security-01", "spec": { "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 20, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } } }, "overrides": [] } } } } }, "panel-4": { "kind": "Panel", "spec": { "id": 4, "title": "DSDB: топ инициаторов (SID)", "description": "Кто инициировал изменения каталога — разбивка по userSid.", "links": [], "data": { "kind": "QueryGroup", "spec": { "queries": [ { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "measurement": "samba_dsdb", "orderByTime": "ASC", "policy": "default", "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"user_sid\"::tag fill(null)", "rawQuery": true, "resultFormat": "time_series", "select": [], "groupBy": [], "tags": [] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "A", "hidden": false } } ], "transformations": [], "queryOptions": {} } }, "vizConfig": { "kind": "VizConfig", "group": "timeseries", "version": "13.0.1+security-01", "spec": { "options": { "legend": { "calcs": ["sum"], "displayMode": "table", "placement": "right", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } } }, "overrides": [] } } } } }, "panel-5": { "kind": "Panel", "spec": { "id": 5, "title": "Транзакции: длительность (mean/max)", "description": "Длительность транзакций каталога (samba_dsdb_tx) в микросекундах.", "links": [], "data": { "kind": "QueryGroup", "spec": { "queries": [ { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "measurement": "samba_dsdb_tx", "orderByTime": "ASC", "policy": "default", "query": "SELECT mean(\"duration\") AS \"mean\", max(\"duration\") AS \"max\" FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval) fill(null)", "rawQuery": true, "resultFormat": "time_series", "select": [], "groupBy": [], "tags": [] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "A", "hidden": false } } ], "transformations": [], "queryOptions": {} } }, "vizConfig": { "kind": "VizConfig", "group": "timeseries", "version": "13.0.1+security-01", "spec": { "options": { "legend": { "calcs": ["mean", "max"], "displayMode": "table", "placement": "bottom", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } }, "fieldConfig": { "defaults": { "unit": "µs", "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 10, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } } }, "overrides": [] } } } } }, "panel-6": { "kind": "Panel", "spec": { "id": 6, "title": "Транзакции по типу действия", "description": "Число транзакций каталога, разбивка по action (commit / rollback / prepare commit / begin).", "links": [], "data": { "kind": "QueryGroup", "spec": { "queries": [ { "kind": "PanelQuery", "spec": { "query": { "kind": "DataQuery", "group": "influxdb", "version": "v0", "spec": { "measurement": "samba_dsdb_tx", "orderByTime": "ASC", "policy": "default", "query": "SELECT count(\"duration\") FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval), \"action\"::tag fill(null)", "rawQuery": true, "resultFormat": "time_series", "select": [], "groupBy": [], "tags": [] }, "labels": { "grafana.app/export-label": "influxdb-1" } }, "refId": "A", "hidden": false } } ], "transformations": [], "queryOptions": {} } }, "vizConfig": { "kind": "VizConfig", "group": "timeseries", "version": "13.0.1+security-01", "spec": { "options": { "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } } }, "overrides": [] } } } } } }, "layout": { "kind": "GridLayout", "spec": { "items": [ { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 0, "width": 24, "height": 8, "element": { "kind": "ElementReference", "name": "panel-1" } } }, { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 8, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-2" } } }, { "kind": "GridLayoutItem", "spec": { "x": 12, "y": 8, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-3" } } }, { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 16, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-4" } } }, { "kind": "GridLayoutItem", "spec": { "x": 12, "y": 16, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-5" } } }, { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 24, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-6" } } } ] } }, "links": [], "liveNow": false, "preload": false, "tags": ["samba", "ad", "audit"], "timeSettings": { "timezone": "browser", "from": "now-6h", "to": "now", "autoRefresh": "", "autoRefreshIntervals": ["5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d"], "hideTimepicker": false, "fiscalYearStartMonth": 0 }, "title": "Samba AD audit", "variables": [ { "kind": "IntervalVariable", "spec": { "name": "interval", "query": "1s,3s,5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", "current": { "text": "1m", "value": "1m" }, "options": [ { "selected": true, "text": "1m", "value": "1m" }, { "selected": false, "text": "10m", "value": "10m" }, { "selected": false, "text": "30m", "value": "30m" }, { "selected": false, "text": "1h", "value": "1h" }, { "selected": false, "text": "6h", "value": "6h" }, { "selected": false, "text": "12h", "value": "12h" }, { "selected": false, "text": "1d", "value": "1d" } ], "auto": false, "auto_min": "10s", "auto_count": 30, "refresh": "onTimeRangeChanged", "hide": "dontHide", "skipUrlSync": false } } ], "preferences": { "layout": { "kind": "GridLayout", "spec": { "items": [] } } } } }