board.json
· 23 KiB · JSON
Raw
{
"apiVersion": "dashboard.grafana.app/v2",
"kind": "Dashboard",
"metadata": {
"name": "ad-samba-audit",
"generation": 1,
"labels": {},
"annotations": {}
},
"spec": {
"annotations": [
{
"kind": "AnnotationQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "grafana",
"version": "v0",
"spec": {},
"labels": {
"grafana.app/export-label": "grafana-1"
}
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"builtIn": true
}
}
],
"cursorSync": "Off",
"editable": true,
"elements": {
"panel-1": {
"kind": "Panel",
"spec": {
"id": 1,
"title": "Logins OK",
"description": "Успешные входы в домен (samba_auth): машинные и пользовательские, разбивка по домену.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"alias": "machine_login",
"groupBy": [
{ "params": ["$interval"], "type": "time" },
{ "params": ["domain::tag"], "type": "tag" },
{ "params": ["null"], "type": "fill" }
],
"measurement": "samba_auth",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{ "params": ["client_account"], "type": "field" },
{ "params": [], "type": "count" }
]
],
"tags": [
{ "key": "status::tag", "operator": "=", "value": "NT_STATUS_OK" },
{ "condition": "AND", "key": "account::tag", "operator": "=~", "value": "/^MACHINE/" }
]
},
"labels": {
"grafana.app/export-label": "influxdb-1"
}
},
"refId": "A",
"hidden": false
}
},
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"alias": "user_login",
"groupBy": [
{ "params": ["$interval"], "type": "time" },
{ "params": ["domain::tag"], "type": "tag" },
{ "params": ["null"], "type": "fill" }
],
"measurement": "samba_auth",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^user/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)",
"rawQuery": false,
"resultFormat": "time_series",
"select": [
[
{ "params": ["client_account"], "type": "field" },
{ "params": [], "type": "count" }
]
],
"tags": [
{ "key": "status::tag", "operator": "=", "value": "NT_STATUS_OK" },
{ "condition": "AND", "key": "account::tag", "operator": "=~", "value": "/^user/" }
]
},
"labels": {
"grafana.app/export-label": "influxdb-1"
}
},
"refId": "B",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true },
"tooltip": { "hideZeros": false, "mode": "single", "sort": "none" }
},
"fieldConfig": {
"defaults": {
"color": { "mode": "palette-classic" },
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": { "legend": false, "tooltip": false, "viz": false },
"insertNulls": false,
"lineInterpolation": "smooth",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": { "type": "linear" },
"showPoints": "auto",
"spanNulls": false,
"stacking": { "group": "A", "mode": "none" },
"thresholdsStyle": { "mode": "off" }
}
},
"overrides": []
}
}
}
}
},
"panel-2": {
"kind": "Panel",
"spec": {
"id": 2,
"title": "DSDB: изменения по операциям",
"description": "Число изменений объектов каталога (samba_dsdb), разбивка по типу операции.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"measurement": "samba_dsdb",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"operation\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"groupBy": [],
"tags": []
},
"labels": { "grafana.app/export-label": "influxdb-1" }
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true },
"tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" }
},
"fieldConfig": {
"defaults": {
"color": { "mode": "palette-classic" },
"custom": {
"axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text",
"axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6,
"drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none",
"hideFrom": { "legend": false, "tooltip": false, "viz": false },
"insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5,
"scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false,
"stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" }
}
},
"overrides": []
}
}
}
}
},
"panel-3": {
"kind": "Panel",
"spec": {
"id": 3,
"title": "DSDB: система vs пользователь",
"description": "Изменения каталога с разбивкой по performedAsSystem (true = выполнено системой).",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"measurement": "samba_dsdb",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"as_system\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"groupBy": [],
"tags": []
},
"labels": { "grafana.app/export-label": "influxdb-1" }
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true },
"tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" }
},
"fieldConfig": {
"defaults": {
"color": { "mode": "palette-classic" },
"custom": {
"axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text",
"axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6,
"drawStyle": "line", "fillOpacity": 20, "gradientMode": "none",
"hideFrom": { "legend": false, "tooltip": false, "viz": false },
"insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5,
"scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false,
"stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" }
}
},
"overrides": []
}
}
}
}
},
"panel-4": {
"kind": "Panel",
"spec": {
"id": 4,
"title": "DSDB: топ инициаторов (SID)",
"description": "Кто инициировал изменения каталога — разбивка по userSid.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"measurement": "samba_dsdb",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"user_sid\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"groupBy": [],
"tags": []
},
"labels": { "grafana.app/export-label": "influxdb-1" }
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"legend": { "calcs": ["sum"], "displayMode": "table", "placement": "right", "showLegend": true },
"tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" }
},
"fieldConfig": {
"defaults": {
"color": { "mode": "palette-classic" },
"custom": {
"axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text",
"axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6,
"drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none",
"hideFrom": { "legend": false, "tooltip": false, "viz": false },
"insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5,
"scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false,
"stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" }
}
},
"overrides": []
}
}
}
}
},
"panel-5": {
"kind": "Panel",
"spec": {
"id": 5,
"title": "Транзакции: длительность (mean/max)",
"description": "Длительность транзакций каталога (samba_dsdb_tx) в микросекундах.",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"measurement": "samba_dsdb_tx",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT mean(\"duration\") AS \"mean\", max(\"duration\") AS \"max\" FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval) fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"groupBy": [],
"tags": []
},
"labels": { "grafana.app/export-label": "influxdb-1" }
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"legend": { "calcs": ["mean", "max"], "displayMode": "table", "placement": "bottom", "showLegend": true },
"tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" }
},
"fieldConfig": {
"defaults": {
"unit": "µs",
"color": { "mode": "palette-classic" },
"custom": {
"axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text",
"axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6,
"drawStyle": "line", "fillOpacity": 10, "gradientMode": "none",
"hideFrom": { "legend": false, "tooltip": false, "viz": false },
"insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5,
"scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false,
"stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" }
}
},
"overrides": []
}
}
}
}
},
"panel-6": {
"kind": "Panel",
"spec": {
"id": 6,
"title": "Транзакции по типу действия",
"description": "Число транзакций каталога, разбивка по action (commit / rollback / prepare commit / begin).",
"links": [],
"data": {
"kind": "QueryGroup",
"spec": {
"queries": [
{
"kind": "PanelQuery",
"spec": {
"query": {
"kind": "DataQuery",
"group": "influxdb",
"version": "v0",
"spec": {
"measurement": "samba_dsdb_tx",
"orderByTime": "ASC",
"policy": "default",
"query": "SELECT count(\"duration\") FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval), \"action\"::tag fill(null)",
"rawQuery": true,
"resultFormat": "time_series",
"select": [],
"groupBy": [],
"tags": []
},
"labels": { "grafana.app/export-label": "influxdb-1" }
},
"refId": "A",
"hidden": false
}
}
],
"transformations": [],
"queryOptions": {}
}
},
"vizConfig": {
"kind": "VizConfig",
"group": "timeseries",
"version": "13.0.1+security-01",
"spec": {
"options": {
"legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true },
"tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" }
},
"fieldConfig": {
"defaults": {
"color": { "mode": "palette-classic" },
"custom": {
"axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text",
"axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6,
"drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none",
"hideFrom": { "legend": false, "tooltip": false, "viz": false },
"insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5,
"scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false,
"stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" }
}
},
"overrides": []
}
}
}
}
}
},
"layout": {
"kind": "GridLayout",
"spec": {
"items": [
{ "kind": "GridLayoutItem", "spec": { "x": 0, "y": 0, "width": 24, "height": 8, "element": { "kind": "ElementReference", "name": "panel-1" } } },
{ "kind": "GridLayoutItem", "spec": { "x": 0, "y": 8, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-2" } } },
{ "kind": "GridLayoutItem", "spec": { "x": 12, "y": 8, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-3" } } },
{ "kind": "GridLayoutItem", "spec": { "x": 0, "y": 16, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-4" } } },
{ "kind": "GridLayoutItem", "spec": { "x": 12, "y": 16, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-5" } } },
{ "kind": "GridLayoutItem", "spec": { "x": 0, "y": 24, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-6" } } }
]
}
},
"links": [],
"liveNow": false,
"preload": false,
"tags": ["samba", "ad", "audit"],
"timeSettings": {
"timezone": "browser",
"from": "now-6h",
"to": "now",
"autoRefresh": "",
"autoRefreshIntervals": ["5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d"],
"hideTimepicker": false,
"fiscalYearStartMonth": 0
},
"title": "Samba AD audit",
"variables": [
{
"kind": "IntervalVariable",
"spec": {
"name": "interval",
"query": "1s,3s,5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
"current": { "text": "1m", "value": "1m" },
"options": [
{ "selected": true, "text": "1m", "value": "1m" },
{ "selected": false, "text": "10m", "value": "10m" },
{ "selected": false, "text": "30m", "value": "30m" },
{ "selected": false, "text": "1h", "value": "1h" },
{ "selected": false, "text": "6h", "value": "6h" },
{ "selected": false, "text": "12h", "value": "12h" },
{ "selected": false, "text": "1d", "value": "1d" }
],
"auto": false,
"auto_min": "10s",
"auto_count": 30,
"refresh": "onTimeRangeChanged",
"hide": "dontHide",
"skipUrlSync": false
}
}
],
"preferences": {
"layout": { "kind": "GridLayout", "spec": { "items": [] } }
}
}
}
| 1 | { |
| 2 | "apiVersion": "dashboard.grafana.app/v2", |
| 3 | "kind": "Dashboard", |
| 4 | "metadata": { |
| 5 | "name": "ad-samba-audit", |
| 6 | "generation": 1, |
| 7 | "labels": {}, |
| 8 | "annotations": {} |
| 9 | }, |
| 10 | "spec": { |
| 11 | "annotations": [ |
| 12 | { |
| 13 | "kind": "AnnotationQuery", |
| 14 | "spec": { |
| 15 | "query": { |
| 16 | "kind": "DataQuery", |
| 17 | "group": "grafana", |
| 18 | "version": "v0", |
| 19 | "spec": {}, |
| 20 | "labels": { |
| 21 | "grafana.app/export-label": "grafana-1" |
| 22 | } |
| 23 | }, |
| 24 | "enable": true, |
| 25 | "hide": true, |
| 26 | "iconColor": "rgba(0, 211, 255, 1)", |
| 27 | "name": "Annotations & Alerts", |
| 28 | "builtIn": true |
| 29 | } |
| 30 | } |
| 31 | ], |
| 32 | "cursorSync": "Off", |
| 33 | "editable": true, |
| 34 | "elements": { |
| 35 | "panel-1": { |
| 36 | "kind": "Panel", |
| 37 | "spec": { |
| 38 | "id": 1, |
| 39 | "title": "Logins OK", |
| 40 | "description": "Успешные входы в домен (samba_auth): машинные и пользовательские, разбивка по домену.", |
| 41 | "links": [], |
| 42 | "data": { |
| 43 | "kind": "QueryGroup", |
| 44 | "spec": { |
| 45 | "queries": [ |
| 46 | { |
| 47 | "kind": "PanelQuery", |
| 48 | "spec": { |
| 49 | "query": { |
| 50 | "kind": "DataQuery", |
| 51 | "group": "influxdb", |
| 52 | "version": "v0", |
| 53 | "spec": { |
| 54 | "alias": "machine_login", |
| 55 | "groupBy": [ |
| 56 | { "params": ["$interval"], "type": "time" }, |
| 57 | { "params": ["domain::tag"], "type": "tag" }, |
| 58 | { "params": ["null"], "type": "fill" } |
| 59 | ], |
| 60 | "measurement": "samba_auth", |
| 61 | "orderByTime": "ASC", |
| 62 | "policy": "default", |
| 63 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^MACHINE/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 64 | "rawQuery": false, |
| 65 | "resultFormat": "time_series", |
| 66 | "select": [ |
| 67 | [ |
| 68 | { "params": ["client_account"], "type": "field" }, |
| 69 | { "params": [], "type": "count" } |
| 70 | ] |
| 71 | ], |
| 72 | "tags": [ |
| 73 | { "key": "status::tag", "operator": "=", "value": "NT_STATUS_OK" }, |
| 74 | { "condition": "AND", "key": "account::tag", "operator": "=~", "value": "/^MACHINE/" } |
| 75 | ] |
| 76 | }, |
| 77 | "labels": { |
| 78 | "grafana.app/export-label": "influxdb-1" |
| 79 | } |
| 80 | }, |
| 81 | "refId": "A", |
| 82 | "hidden": false |
| 83 | } |
| 84 | }, |
| 85 | { |
| 86 | "kind": "PanelQuery", |
| 87 | "spec": { |
| 88 | "query": { |
| 89 | "kind": "DataQuery", |
| 90 | "group": "influxdb", |
| 91 | "version": "v0", |
| 92 | "spec": { |
| 93 | "alias": "user_login", |
| 94 | "groupBy": [ |
| 95 | { "params": ["$interval"], "type": "time" }, |
| 96 | { "params": ["domain::tag"], "type": "tag" }, |
| 97 | { "params": ["null"], "type": "fill" } |
| 98 | ], |
| 99 | "measurement": "samba_auth", |
| 100 | "orderByTime": "ASC", |
| 101 | "policy": "default", |
| 102 | "query": "SELECT count(\"client_account\") FROM \"samba_auth\" WHERE (\"status\"::tag = 'NT_STATUS_OK' AND \"account\"::tag =~ /^user/) AND $timeFilter GROUP BY time($interval), \"domain\"::tag fill(null)", |
| 103 | "rawQuery": false, |
| 104 | "resultFormat": "time_series", |
| 105 | "select": [ |
| 106 | [ |
| 107 | { "params": ["client_account"], "type": "field" }, |
| 108 | { "params": [], "type": "count" } |
| 109 | ] |
| 110 | ], |
| 111 | "tags": [ |
| 112 | { "key": "status::tag", "operator": "=", "value": "NT_STATUS_OK" }, |
| 113 | { "condition": "AND", "key": "account::tag", "operator": "=~", "value": "/^user/" } |
| 114 | ] |
| 115 | }, |
| 116 | "labels": { |
| 117 | "grafana.app/export-label": "influxdb-1" |
| 118 | } |
| 119 | }, |
| 120 | "refId": "B", |
| 121 | "hidden": false |
| 122 | } |
| 123 | } |
| 124 | ], |
| 125 | "transformations": [], |
| 126 | "queryOptions": {} |
| 127 | } |
| 128 | }, |
| 129 | "vizConfig": { |
| 130 | "kind": "VizConfig", |
| 131 | "group": "timeseries", |
| 132 | "version": "13.0.1+security-01", |
| 133 | "spec": { |
| 134 | "options": { |
| 135 | "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, |
| 136 | "tooltip": { "hideZeros": false, "mode": "single", "sort": "none" } |
| 137 | }, |
| 138 | "fieldConfig": { |
| 139 | "defaults": { |
| 140 | "color": { "mode": "palette-classic" }, |
| 141 | "custom": { |
| 142 | "axisBorderShow": false, |
| 143 | "axisCenteredZero": false, |
| 144 | "axisColorMode": "text", |
| 145 | "axisLabel": "", |
| 146 | "axisPlacement": "auto", |
| 147 | "barAlignment": 0, |
| 148 | "barWidthFactor": 0.6, |
| 149 | "drawStyle": "line", |
| 150 | "fillOpacity": 10, |
| 151 | "gradientMode": "none", |
| 152 | "hideFrom": { "legend": false, "tooltip": false, "viz": false }, |
| 153 | "insertNulls": false, |
| 154 | "lineInterpolation": "smooth", |
| 155 | "lineWidth": 1, |
| 156 | "pointSize": 5, |
| 157 | "scaleDistribution": { "type": "linear" }, |
| 158 | "showPoints": "auto", |
| 159 | "spanNulls": false, |
| 160 | "stacking": { "group": "A", "mode": "none" }, |
| 161 | "thresholdsStyle": { "mode": "off" } |
| 162 | } |
| 163 | }, |
| 164 | "overrides": [] |
| 165 | } |
| 166 | } |
| 167 | } |
| 168 | } |
| 169 | }, |
| 170 | "panel-2": { |
| 171 | "kind": "Panel", |
| 172 | "spec": { |
| 173 | "id": 2, |
| 174 | "title": "DSDB: изменения по операциям", |
| 175 | "description": "Число изменений объектов каталога (samba_dsdb), разбивка по типу операции.", |
| 176 | "links": [], |
| 177 | "data": { |
| 178 | "kind": "QueryGroup", |
| 179 | "spec": { |
| 180 | "queries": [ |
| 181 | { |
| 182 | "kind": "PanelQuery", |
| 183 | "spec": { |
| 184 | "query": { |
| 185 | "kind": "DataQuery", |
| 186 | "group": "influxdb", |
| 187 | "version": "v0", |
| 188 | "spec": { |
| 189 | "measurement": "samba_dsdb", |
| 190 | "orderByTime": "ASC", |
| 191 | "policy": "default", |
| 192 | "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"operation\"::tag fill(null)", |
| 193 | "rawQuery": true, |
| 194 | "resultFormat": "time_series", |
| 195 | "select": [], |
| 196 | "groupBy": [], |
| 197 | "tags": [] |
| 198 | }, |
| 199 | "labels": { "grafana.app/export-label": "influxdb-1" } |
| 200 | }, |
| 201 | "refId": "A", |
| 202 | "hidden": false |
| 203 | } |
| 204 | } |
| 205 | ], |
| 206 | "transformations": [], |
| 207 | "queryOptions": {} |
| 208 | } |
| 209 | }, |
| 210 | "vizConfig": { |
| 211 | "kind": "VizConfig", |
| 212 | "group": "timeseries", |
| 213 | "version": "13.0.1+security-01", |
| 214 | "spec": { |
| 215 | "options": { |
| 216 | "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, |
| 217 | "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } |
| 218 | }, |
| 219 | "fieldConfig": { |
| 220 | "defaults": { |
| 221 | "color": { "mode": "palette-classic" }, |
| 222 | "custom": { |
| 223 | "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", |
| 224 | "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, |
| 225 | "drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none", |
| 226 | "hideFrom": { "legend": false, "tooltip": false, "viz": false }, |
| 227 | "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, |
| 228 | "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, |
| 229 | "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } |
| 230 | } |
| 231 | }, |
| 232 | "overrides": [] |
| 233 | } |
| 234 | } |
| 235 | } |
| 236 | } |
| 237 | }, |
| 238 | "panel-3": { |
| 239 | "kind": "Panel", |
| 240 | "spec": { |
| 241 | "id": 3, |
| 242 | "title": "DSDB: система vs пользователь", |
| 243 | "description": "Изменения каталога с разбивкой по performedAsSystem (true = выполнено системой).", |
| 244 | "links": [], |
| 245 | "data": { |
| 246 | "kind": "QueryGroup", |
| 247 | "spec": { |
| 248 | "queries": [ |
| 249 | { |
| 250 | "kind": "PanelQuery", |
| 251 | "spec": { |
| 252 | "query": { |
| 253 | "kind": "DataQuery", |
| 254 | "group": "influxdb", |
| 255 | "version": "v0", |
| 256 | "spec": { |
| 257 | "measurement": "samba_dsdb", |
| 258 | "orderByTime": "ASC", |
| 259 | "policy": "default", |
| 260 | "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"as_system\"::tag fill(null)", |
| 261 | "rawQuery": true, |
| 262 | "resultFormat": "time_series", |
| 263 | "select": [], |
| 264 | "groupBy": [], |
| 265 | "tags": [] |
| 266 | }, |
| 267 | "labels": { "grafana.app/export-label": "influxdb-1" } |
| 268 | }, |
| 269 | "refId": "A", |
| 270 | "hidden": false |
| 271 | } |
| 272 | } |
| 273 | ], |
| 274 | "transformations": [], |
| 275 | "queryOptions": {} |
| 276 | } |
| 277 | }, |
| 278 | "vizConfig": { |
| 279 | "kind": "VizConfig", |
| 280 | "group": "timeseries", |
| 281 | "version": "13.0.1+security-01", |
| 282 | "spec": { |
| 283 | "options": { |
| 284 | "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, |
| 285 | "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } |
| 286 | }, |
| 287 | "fieldConfig": { |
| 288 | "defaults": { |
| 289 | "color": { "mode": "palette-classic" }, |
| 290 | "custom": { |
| 291 | "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", |
| 292 | "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, |
| 293 | "drawStyle": "line", "fillOpacity": 20, "gradientMode": "none", |
| 294 | "hideFrom": { "legend": false, "tooltip": false, "viz": false }, |
| 295 | "insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5, |
| 296 | "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, |
| 297 | "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } |
| 298 | } |
| 299 | }, |
| 300 | "overrides": [] |
| 301 | } |
| 302 | } |
| 303 | } |
| 304 | } |
| 305 | }, |
| 306 | "panel-4": { |
| 307 | "kind": "Panel", |
| 308 | "spec": { |
| 309 | "id": 4, |
| 310 | "title": "DSDB: топ инициаторов (SID)", |
| 311 | "description": "Кто инициировал изменения каталога — разбивка по userSid.", |
| 312 | "links": [], |
| 313 | "data": { |
| 314 | "kind": "QueryGroup", |
| 315 | "spec": { |
| 316 | "queries": [ |
| 317 | { |
| 318 | "kind": "PanelQuery", |
| 319 | "spec": { |
| 320 | "query": { |
| 321 | "kind": "DataQuery", |
| 322 | "group": "influxdb", |
| 323 | "version": "v0", |
| 324 | "spec": { |
| 325 | "measurement": "samba_dsdb", |
| 326 | "orderByTime": "ASC", |
| 327 | "policy": "default", |
| 328 | "query": "SELECT count(\"status_code\") FROM \"samba_dsdb\" WHERE $timeFilter GROUP BY time($interval), \"user_sid\"::tag fill(null)", |
| 329 | "rawQuery": true, |
| 330 | "resultFormat": "time_series", |
| 331 | "select": [], |
| 332 | "groupBy": [], |
| 333 | "tags": [] |
| 334 | }, |
| 335 | "labels": { "grafana.app/export-label": "influxdb-1" } |
| 336 | }, |
| 337 | "refId": "A", |
| 338 | "hidden": false |
| 339 | } |
| 340 | } |
| 341 | ], |
| 342 | "transformations": [], |
| 343 | "queryOptions": {} |
| 344 | } |
| 345 | }, |
| 346 | "vizConfig": { |
| 347 | "kind": "VizConfig", |
| 348 | "group": "timeseries", |
| 349 | "version": "13.0.1+security-01", |
| 350 | "spec": { |
| 351 | "options": { |
| 352 | "legend": { "calcs": ["sum"], "displayMode": "table", "placement": "right", "showLegend": true }, |
| 353 | "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } |
| 354 | }, |
| 355 | "fieldConfig": { |
| 356 | "defaults": { |
| 357 | "color": { "mode": "palette-classic" }, |
| 358 | "custom": { |
| 359 | "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", |
| 360 | "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, |
| 361 | "drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none", |
| 362 | "hideFrom": { "legend": false, "tooltip": false, "viz": false }, |
| 363 | "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, |
| 364 | "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, |
| 365 | "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } |
| 366 | } |
| 367 | }, |
| 368 | "overrides": [] |
| 369 | } |
| 370 | } |
| 371 | } |
| 372 | } |
| 373 | }, |
| 374 | "panel-5": { |
| 375 | "kind": "Panel", |
| 376 | "spec": { |
| 377 | "id": 5, |
| 378 | "title": "Транзакции: длительность (mean/max)", |
| 379 | "description": "Длительность транзакций каталога (samba_dsdb_tx) в микросекундах.", |
| 380 | "links": [], |
| 381 | "data": { |
| 382 | "kind": "QueryGroup", |
| 383 | "spec": { |
| 384 | "queries": [ |
| 385 | { |
| 386 | "kind": "PanelQuery", |
| 387 | "spec": { |
| 388 | "query": { |
| 389 | "kind": "DataQuery", |
| 390 | "group": "influxdb", |
| 391 | "version": "v0", |
| 392 | "spec": { |
| 393 | "measurement": "samba_dsdb_tx", |
| 394 | "orderByTime": "ASC", |
| 395 | "policy": "default", |
| 396 | "query": "SELECT mean(\"duration\") AS \"mean\", max(\"duration\") AS \"max\" FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval) fill(null)", |
| 397 | "rawQuery": true, |
| 398 | "resultFormat": "time_series", |
| 399 | "select": [], |
| 400 | "groupBy": [], |
| 401 | "tags": [] |
| 402 | }, |
| 403 | "labels": { "grafana.app/export-label": "influxdb-1" } |
| 404 | }, |
| 405 | "refId": "A", |
| 406 | "hidden": false |
| 407 | } |
| 408 | } |
| 409 | ], |
| 410 | "transformations": [], |
| 411 | "queryOptions": {} |
| 412 | } |
| 413 | }, |
| 414 | "vizConfig": { |
| 415 | "kind": "VizConfig", |
| 416 | "group": "timeseries", |
| 417 | "version": "13.0.1+security-01", |
| 418 | "spec": { |
| 419 | "options": { |
| 420 | "legend": { "calcs": ["mean", "max"], "displayMode": "table", "placement": "bottom", "showLegend": true }, |
| 421 | "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } |
| 422 | }, |
| 423 | "fieldConfig": { |
| 424 | "defaults": { |
| 425 | "unit": "µs", |
| 426 | "color": { "mode": "palette-classic" }, |
| 427 | "custom": { |
| 428 | "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", |
| 429 | "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, |
| 430 | "drawStyle": "line", "fillOpacity": 10, "gradientMode": "none", |
| 431 | "hideFrom": { "legend": false, "tooltip": false, "viz": false }, |
| 432 | "insertNulls": false, "lineInterpolation": "smooth", "lineWidth": 1, "pointSize": 5, |
| 433 | "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, |
| 434 | "stacking": { "group": "A", "mode": "none" }, "thresholdsStyle": { "mode": "off" } |
| 435 | } |
| 436 | }, |
| 437 | "overrides": [] |
| 438 | } |
| 439 | } |
| 440 | } |
| 441 | } |
| 442 | }, |
| 443 | "panel-6": { |
| 444 | "kind": "Panel", |
| 445 | "spec": { |
| 446 | "id": 6, |
| 447 | "title": "Транзакции по типу действия", |
| 448 | "description": "Число транзакций каталога, разбивка по action (commit / rollback / prepare commit / begin).", |
| 449 | "links": [], |
| 450 | "data": { |
| 451 | "kind": "QueryGroup", |
| 452 | "spec": { |
| 453 | "queries": [ |
| 454 | { |
| 455 | "kind": "PanelQuery", |
| 456 | "spec": { |
| 457 | "query": { |
| 458 | "kind": "DataQuery", |
| 459 | "group": "influxdb", |
| 460 | "version": "v0", |
| 461 | "spec": { |
| 462 | "measurement": "samba_dsdb_tx", |
| 463 | "orderByTime": "ASC", |
| 464 | "policy": "default", |
| 465 | "query": "SELECT count(\"duration\") FROM \"samba_dsdb_tx\" WHERE $timeFilter GROUP BY time($interval), \"action\"::tag fill(null)", |
| 466 | "rawQuery": true, |
| 467 | "resultFormat": "time_series", |
| 468 | "select": [], |
| 469 | "groupBy": [], |
| 470 | "tags": [] |
| 471 | }, |
| 472 | "labels": { "grafana.app/export-label": "influxdb-1" } |
| 473 | }, |
| 474 | "refId": "A", |
| 475 | "hidden": false |
| 476 | } |
| 477 | } |
| 478 | ], |
| 479 | "transformations": [], |
| 480 | "queryOptions": {} |
| 481 | } |
| 482 | }, |
| 483 | "vizConfig": { |
| 484 | "kind": "VizConfig", |
| 485 | "group": "timeseries", |
| 486 | "version": "13.0.1+security-01", |
| 487 | "spec": { |
| 488 | "options": { |
| 489 | "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, |
| 490 | "tooltip": { "hideZeros": false, "mode": "multi", "sort": "desc" } |
| 491 | }, |
| 492 | "fieldConfig": { |
| 493 | "defaults": { |
| 494 | "color": { "mode": "palette-classic" }, |
| 495 | "custom": { |
| 496 | "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", |
| 497 | "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, |
| 498 | "drawStyle": "bars", "fillOpacity": 50, "gradientMode": "none", |
| 499 | "hideFrom": { "legend": false, "tooltip": false, "viz": false }, |
| 500 | "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, |
| 501 | "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, |
| 502 | "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } |
| 503 | } |
| 504 | }, |
| 505 | "overrides": [] |
| 506 | } |
| 507 | } |
| 508 | } |
| 509 | } |
| 510 | } |
| 511 | }, |
| 512 | "layout": { |
| 513 | "kind": "GridLayout", |
| 514 | "spec": { |
| 515 | "items": [ |
| 516 | { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 0, "width": 24, "height": 8, "element": { "kind": "ElementReference", "name": "panel-1" } } }, |
| 517 | { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 8, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-2" } } }, |
| 518 | { "kind": "GridLayoutItem", "spec": { "x": 12, "y": 8, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-3" } } }, |
| 519 | { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 16, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-4" } } }, |
| 520 | { "kind": "GridLayoutItem", "spec": { "x": 12, "y": 16, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-5" } } }, |
| 521 | { "kind": "GridLayoutItem", "spec": { "x": 0, "y": 24, "width": 12, "height": 8, "element": { "kind": "ElementReference", "name": "panel-6" } } } |
| 522 | ] |
| 523 | } |
| 524 | }, |
| 525 | "links": [], |
| 526 | "liveNow": false, |
| 527 | "preload": false, |
| 528 | "tags": ["samba", "ad", "audit"], |
| 529 | "timeSettings": { |
| 530 | "timezone": "browser", |
| 531 | "from": "now-6h", |
| 532 | "to": "now", |
| 533 | "autoRefresh": "", |
| 534 | "autoRefreshIntervals": ["5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d"], |
| 535 | "hideTimepicker": false, |
| 536 | "fiscalYearStartMonth": 0 |
| 537 | }, |
| 538 | "title": "Samba AD audit", |
| 539 | "variables": [ |
| 540 | { |
| 541 | "kind": "IntervalVariable", |
| 542 | "spec": { |
| 543 | "name": "interval", |
| 544 | "query": "1s,3s,5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d", |
| 545 | "current": { "text": "1m", "value": "1m" }, |
| 546 | "options": [ |
| 547 | { "selected": true, "text": "1m", "value": "1m" }, |
| 548 | { "selected": false, "text": "10m", "value": "10m" }, |
| 549 | { "selected": false, "text": "30m", "value": "30m" }, |
| 550 | { "selected": false, "text": "1h", "value": "1h" }, |
| 551 | { "selected": false, "text": "6h", "value": "6h" }, |
| 552 | { "selected": false, "text": "12h", "value": "12h" }, |
| 553 | { "selected": false, "text": "1d", "value": "1d" } |
| 554 | ], |
| 555 | "auto": false, |
| 556 | "auto_min": "10s", |
| 557 | "auto_count": 30, |
| 558 | "refresh": "onTimeRangeChanged", |
| 559 | "hide": "dontHide", |
| 560 | "skipUrlSync": false |
| 561 | } |
| 562 | } |
| 563 | ], |
| 564 | "preferences": { |
| 565 | "layout": { "kind": "GridLayout", "spec": { "items": [] } } |
| 566 | } |
| 567 | } |
| 568 | } |
| 569 |