{ "__inputs": [ { "name": "DS_PFS_GRAYLOG", "label": "PFS Graylog", "description": "", "type": "datasource", "pluginId": "elasticsearch", "pluginName": "Elasticsearch" } ], "__requires": [ { "type": "datasource", "id": "elasticsearch", "name": "Elasticsearch", "version": "1.0.0" }, { "type": "grafana", "id": "grafana", "name": "Grafana", "version": "6.4.3" }, { "type": "panel", "id": "grafana-piechart-panel", "name": "Pie Chart", "version": "1.3.9" }, { "type": "panel", "id": "grafana-worldmap-panel", "name": "Worldmap Panel", "version": "0.2.1" }, { "type": "panel", "id": "graph", "name": "Graph", "version": "" }, { "type": "panel", "id": "savantly-heatmap-panel", "name": "Heatmap", "version": "0.2.0" }, { "type": "panel", "id": "singlestat", "name": "Singlestat", "version": "" }, { "type": "panel", "id": "table", "name": "Table", "version": "" } ], "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": true, "gnetId": 5420, "graphTooltip": 0, "id": null, "iteration": 1573140215631, "links": [], "panels": [ { "circleMaxSize": "20", "circleMinSize": 2, "colors": [ "#FADE2A", "rgba(237, 129, 40, 0.89)", "#F2495C" ], "datasource": "pfsensefw", "decimals": 0, "esGeoPoint": "src_location", "esLocationName": "src_ip", "esMetric": "Count", "gridPos": { "h": 12, "w": 16, "x": 0, "y": 0 }, "height": "", "hideEmpty": false, "hideZero": false, "id": 1, "initialZoom": "2", "links": [], "locationData": "geohash", "mapCenter": "Europe", "mapCenterLatitude": 46, "mapCenterLongitude": 14, "maxDataPoints": 1, "mouseWheelZoom": true, "options": {}, "showLegend": true, "stickyLabels": true, "tableQueryOptions": { "geohashField": "geohash", "latitudeField": "latitude", "longitudeField": "longitude", "metricField": "metric", "queryType": "geohash" }, "targets": [ { "alias": "", "bucketAggs": [ { "fake": true, "field": "src_ip", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "field": "src_location", "id": "2", "settings": { "precision": 7 }, "type": "geohash_grid" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "thresholds": "2,5", "title": "GeoIP Block source ip location by $iface", "type": "grafana-worldmap-panel", "unitPlural": "", "unitSingle": "", "valueName": "total" }, { "cacheTimeout": null, "columns": [], "datasource": "pfsensefw", "fontSize": "100%", "gridPos": { "h": 12, "w": 8, "x": 16, "y": 0 }, "id": 8, "links": [], "options": {}, "pageSize": null, "showHeader": true, "sort": { "col": null, "desc": false }, "styles": [ { "alias": "Time", "dateFormat": "YYYY-MM-DD HH:mm:ss", "pattern": "Time", "type": "date" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "decimals": 2, "pattern": "/.*/", "thresholds": [], "type": "number", "unit": "short" } ], "targets": [ { "bucketAggs": [ { "fake": true, "field": "src_ip", "id": "7", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "fake": true, "field": "src_ip_city_name", "id": "8", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "fake": true, "field": "src_ip_country_code", "id": "6", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" } ], "dsType": "elasticsearch", "hide": false, "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "target": "", "timeField": "timestamp" } ], "title": "Top ip Block by $iface", "transform": "table", "type": "table" }, { "columns": [ { "text": "real_timestamp", "value": "real_timestamp" }, { "text": "src_ip", "value": "src_ip" }, { "text": "dest_ip", "value": "dest_ip" }, { "text": "PortServiceName", "value": "PortServiceName" }, { "text": "proto", "value": "proto" }, { "text": "action", "value": "action" }, { "text": "iface", "value": "iface" }, { "text": "dest_port", "value": "dest_port" }, { "text": "direction", "value": "direction" }, { "text": "src_ip_whoisresult", "value": "src_ip_whoisresult" } ], "datasource": "pfsensefw", "filterNull": false, "fontSize": "90%", "gridPos": { "h": 8, "w": 24, "x": 0, "y": 12 }, "id": 14, "links": [], "options": {}, "pageSize": 100, "scroll": true, "showHeader": true, "sort": { "col": 0, "desc": true }, "styles": [ { "dateFormat": "DD/MM/YY h:mm:ss a", "pattern": "real_timestamp", "type": "date" }, { "alias": "dest_port Servicename", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "PortServiceName", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Source Port Name", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "src_port_name", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "Protocol", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "pattern": "proto", "thresholds": [], "type": "string", "unit": "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 0, "mappingType": 1, "pattern": "dest_port", "thresholds": [], "type": "number", "unit": "none" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "dateFormat": "YYYY-MM-DD HH:mm:ss", "decimals": 2, "mappingType": 1, "pattern": "", "thresholds": [], "type": "number", "unit": "short" }, { "alias": "", "colorMode": null, "colors": [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], "decimals": 2, "pattern": "src_ip_whoisresult", "preserveFormat": false, "sanitize": false, "thresholds": [], "type": "string", "unit": "none" } ], "targets": [ { "bucketAggs": [], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "meta": {}, "settings": { "size": 10000 }, "type": "raw_document" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "title": "Real time logs by iface:$iface", "transform": "json", "type": "table" }, { "cacheTimeout": null, "colorBackground": false, "colorValue": true, "colors": [ "#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a" ], "datasource": "pfsensefw", "format": "none", "gauge": { "maxValue": 100, "minValue": 0, "show": false, "thresholdLabels": false, "thresholdMarkers": true }, "gridPos": { "h": 4, "w": 6, "x": 0, "y": 20 }, "id": 18, "interval": null, "links": [], "mappingType": 1, "mappingTypes": [ { "name": "value to text", "value": 1 }, { "name": "range to text", "value": 2 } ], "maxDataPoints": 100, "nullPointMode": "connected", "nullText": null, "options": {}, "postfix": "", "postfixFontSize": "50%", "prefix": "", "prefixFontSize": "50%", "rangeMaps": [ { "from": "null", "text": "N/A", "to": "null" } ], "sparkline": { "fillColor": "rgba(31, 118, 189, 0.18)", "full": false, "lineColor": "rgb(31, 120, 193)", "show": false }, "tableColumn": "", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "target": "", "timeField": "timestamp" } ], "thresholds": "", "title": "Total Firewall Events", "type": "singlestat", "valueFontSize": "80%", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ], "valueName": "total" }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": "" }, "datasource": "pfsensefw", "fontSize": "80%", "format": "none", "gridPos": { "h": 4, "w": 6, "x": 6, "y": 20 }, "id": 2, "interval": null, "legend": { "percentage": true, "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "pie", "strokeWidth": "1", "targets": [ { "bucketAggs": [ { "fake": true, "field": "iface", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "title": "Match by interface $iface", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": {}, "bars": false, "dashLength": 10, "dashes": false, "datasource": "pfsensefw", "fill": 1, "fillGradient": 0, "gridPos": { "h": 8, "w": 12, "x": 12, "y": 20 }, "id": 4, "legend": { "alignAsTable": false, "avg": false, "current": false, "hideEmpty": false, "hideZero": false, "max": false, "min": false, "show": true, "total": false, "values": false }, "lines": true, "linewidth": 1, "links": [], "nullPointMode": "connected", "options": { "dataLinks": [] }, "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Events by $iface", "tooltip": { "shared": true, "sort": 0, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "format": "none", "label": "Count", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": "", "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "bars": true, "dashLength": 10, "dashes": false, "datasource": "pfsensefw", "fill": 1, "fillGradient": 0, "gridPos": { "h": 6, "w": 12, "x": 0, "y": 24 }, "id": 12, "legend": { "alignAsTable": true, "avg": false, "current": false, "max": false, "min": false, "rightSide": true, "show": true, "total": true, "values": true }, "lines": false, "linewidth": 10, "links": [], "nullPointMode": "null", "options": { "dataLinks": [] }, "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "alias": "", "bucketAggs": [ { "fake": true, "field": "src_ip_country_code", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "fake": true, "field": "timestamp", "id": "4", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Rules triggered on $iface by Country", "tooltip": { "shared": false, "sort": 2, "value_type": "cumulative" }, "type": "graph", "xaxis": { "buckets": null, "mode": "series", "name": "@timestamp", "show": true, "values": [ "total" ] }, "yaxes": [ { "format": "none", "label": "Triggers", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": "", "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "pfsensefw", "fontSize": "80%", "format": "none", "gridPos": { "h": 10, "w": 12, "x": 12, "y": 28 }, "id": 5, "interval": null, "legend": { "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "pie", "strokeWidth": 1, "targets": [ { "bucketAggs": [ { "fake": true, "field": "proto", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "title": "Protocols by interface $iface", "type": "grafana-piechart-panel", "valueName": "total" }, { "chartId": "chart_11", "colors": [ "rgba(50, 172, 45, 1)", "rgba(241, 255, 0, 1)", "rgba(245, 54, 54, 1)" ], "datasource": "pfsensefw", "format": "none", "gridPos": { "h": 9, "w": 12, "x": 0, "y": 30 }, "id": 11, "legend": { "avg": false, "current": false, "max": false, "min": false, "show": true, "total": true }, "links": [], "mappingType": 1, "maxDataPoints": 100, "nullPointMode": "connected", "options": {}, "seriesOverrides": [], "targets": [ { "bucketAggs": [ { "fake": true, "field": "PortServiceName", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "20" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "target": "", "timeField": "timestamp" } ], "thresholds": "0,10", "title": "Destination Port by iface:$iface", "treeMap": { "aggregationFunction": "sum", "colorByFunction": "max", "debug": false, "depth": 0, "enableGrouping": true, "enableTimeBlocks": false, "groups": [ { "key": "server", "value": "/^.*./g" } ], "ids": [ "alias" ], "mode": "squarify", "nodeSizeProperty": "value", "showLegend": true, "sizeByFunction": "total" }, "type": "savantly-heatmap-panel", "valueMaps": [ { "op": "=", "text": "N/A", "value": "null" } ] }, { "aliasColors": {}, "bars": true, "dashLength": 10, "dashes": false, "datasource": "pfsensefw", "fill": 1, "fillGradient": 0, "gridPos": { "h": 9, "w": 12, "x": 12, "y": 38 }, "id": 3, "legend": { "alignAsTable": true, "avg": false, "current": false, "max": false, "min": false, "rightSide": true, "show": true, "total": true, "values": true }, "lines": false, "linewidth": 10, "links": [], "nullPointMode": "null", "options": { "dataLinks": [] }, "percentage": false, "pointradius": 5, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": false, "steppedLine": false, "targets": [ { "alias": "City: {{term src_ip_city_name}}", "bucketAggs": [ { "fake": true, "field": "src_ip_city_name", "id": "5", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "fake": true, "field": "timestamp", "id": "4", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "timeField": "timestamp" } ], "thresholds": [], "timeFrom": null, "timeRegions": [], "timeShift": null, "title": "Rules triggered on $iface by City", "tooltip": { "shared": false, "sort": 2, "value_type": "cumulative" }, "type": "graph", "xaxis": { "buckets": null, "mode": "series", "name": "@timestamp", "show": false, "values": [ "total" ] }, "yaxes": [ { "format": "none", "label": "Cantidad de Accesos", "logBase": 1, "max": null, "min": null, "show": true }, { "format": "none", "label": "Paises", "logBase": 1, "max": null, "min": null, "show": true } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": 0 }, "datasource": "pfsensefw", "fontSize": "80%", "format": "none", "gridPos": { "h": 8, "w": 12, "x": 0, "y": 39 }, "id": 9, "interval": null, "legend": { "show": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 3, "nullPointMode": "connected", "options": {}, "pieType": "donut", "strokeWidth": 1, "targets": [ { "alias": "Port: {{PortServiceName}}", "bucketAggs": [ { "fake": true, "field": "PortServiceName", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "dsType": "elasticsearch", "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "iface:$iface AND dest_port:$dport AND src_ip:$src_ip -src_ip:62.155.248.*", "refId": "A", "target": "", "timeField": "timestamp" } ], "title": "Top 10 port Destination Block by $iface", "type": "grafana-piechart-panel", "valueName": "total" } ], "refresh": "1m", "schemaVersion": 20, "style": "dark", "tags": [ "Elasticsearch", "Firewall", "Log Analyzer", "PFsense" ], "templating": { "list": [ { "allValue": null, "current": {}, "datasource": "pfsensefw", "definition": "", "hide": 0, "includeAll": true, "label": "Interface", "multi": true, "name": "iface", "options": [], "query": "{\"find\": \"terms\", \"field\":\"iface\",\"size\": \"1000000\" }", "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": "*", "current": {}, "datasource": "pfsensefw", "definition": "{\"find\": \"terms\", \"field\":\"src_ip\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", "hide": 0, "includeAll": true, "label": "Source IP", "multi": true, "name": "src_ip", "options": [], "query": "{\"find\": \"terms\", \"field\":\"src_ip\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "allValue": "*", "current": {}, "datasource": "pfsensefw", "definition": "{\"find\": \"terms\", \"field\":\"dest_port\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", "hide": 0, "includeAll": true, "label": null, "multi": true, "name": "dport", "options": [], "query": "{\"find\": \"terms\", \"field\":\"dest_port\",\"query\":\"iface iface:$iface\",\"size\": \"1000000\" }", "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 3, "tagValuesQuery": "", "tags": [], "tagsQuery": "", "type": "query", "useTags": false }, { "datasource": "PFS Graylog", "filters": [ { "condition": "AND", "key": "direction", "operator": "=", "value": "in" }, { "key": "action", "operator": "=", "value": "block" } ], "hide": 0, "label": "", "name": "Filters", "skipUrlSync": false, "type": "adhoc" } ] }, "time": { "from": "now-1h", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ] }, "timezone": "browser", "title": "Firewall Logs", "uid": "000000030", "version": 82 }