From 82b48e4d017ab722a475db29865bed55a9ffd0af Mon Sep 17 00:00:00 2001 From: ericericsw <45174574+ericericsw@users.noreply.github.com> Date: Thu, 26 Dec 2024 05:09:43 +0800 Subject: [PATCH] Add files via upload (#578) update new version dashbroad panel model change list: grafana-piechart-panel -> pie chart Graph(old) -> time series worldmap panel -> geomap some table panel has change , be like overview add ARC Column The problem cannot be solved at the moment: Multiple DKIM information will cause table display errors --- .../Grafana-DMARC_Reports.json-new_panel.json | 5901 +++++++++++++++++ 1 file changed, 5901 insertions(+) create mode 100644 grafana/Grafana-DMARC_Reports.json-new_panel.json diff --git a/grafana/Grafana-DMARC_Reports.json-new_panel.json b/grafana/Grafana-DMARC_Reports.json-new_panel.json new file mode 100644 index 00000000..c74a6082 --- /dev/null +++ b/grafana/Grafana-DMARC_Reports.json-new_panel.json @@ -0,0 +1,5901 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 11227, + "graphTooltip": 0, + "id": 7, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 2, + "mappings": [], + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "SPF Aligned Fail & ARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SPF Aligned Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SPF Aligned Fail & NOT ARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 0, + "y": 0 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true, + "values": [ + "percent" + ] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "SPF Aligned Pass", + "bucketAggs": [ + { + "$$hashKey": "object:244", + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:241", + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND spf_aligned:true", + "refId": "A", + "timeField": "date_begin" + }, + { + "alias": "SPF Aligned Fail & ARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND spf_aligned:false AND policy_overrides.comment.keyword:arc=pass", + "refId": "B", + "timeField": "date_begin" + }, + { + "alias": "SPF Aligned Fail & NOT ARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND spf_aligned:false AND NOT policy_overrides.comment.keyword:arc=pass", + "refId": "C", + "timeField": "date_begin" + } + ], + "title": "SPF Alignment", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 2, + "mappings": [], + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "DKIM Aligned Fail & ARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DKIM Aligned Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DKIM Aligned Fail & NOT ARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 8, + "y": 0 + }, + "id": 2, + "interval": "1h", + "options": { + "displayLabels": [], + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true, + "values": [ + "percent" + ] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "DKIM Aligned Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND dkim_aligned:true", + "refId": "A", + "timeField": "date_begin" + }, + { + "alias": "DKIM Aligned Fail & ARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND dkim_aligned:false AND policy_overrides.comment.keyword:arc=pass", + "refId": "B", + "timeField": "date_begin" + }, + { + "alias": "DKIM Aligned Fail & NOT ARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND dkim_aligned:false AND NOT policy_overrides.comment.keyword:arc=pass", + "refId": "C", + "timeField": "date_begin" + } + ], + "title": "DKIM Alignment", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 2, + "mappings": [], + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "DMARC Fail & ARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DMARC Fail & NOT ARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DMARC Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 16, + "y": 0 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true, + "values": [ + "percent" + ] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "alias": "DMARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "4", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:383", + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND passed_dmarc:true", + "refId": "A", + "timeField": "date_begin" + }, + { + "alias": "DMARC Fail & ARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND passed_dmarc:false AND policy_overrides.comment.keyword:arc=pass", + "refId": "B", + "timeField": "date_begin" + }, + { + "alias": "DMARC Fail & NOT ARC Pass", + "bucketAggs": [ + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "auto" + }, + "type": "date_histogram" + } + ], + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain AND passed_dmarc:false AND NOT policy_overrides.comment.keyword:arc=pass", + "refId": "C", + "timeField": "date_begin" + } + ], + "title": "DMARC Passage", + "transparent": true, + "type": "piechart" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 60, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [ + { + "title": "", + "url": "" + } + ], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "neutral" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "super-light-blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "permerror" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "softfail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "super-light-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "temperror" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 33, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "spf_results.result.keyword", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "1d", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "SPF Results Over Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 60, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "neutral" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "super-light-blue", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "permerror" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "temperror" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 19, + "interval": "$interval", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "dkim_results.result.keyword", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "1d", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "DKIM Results Over Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 60, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 18, + "interval": "$interval", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "spf_aligned", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "1d", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "SPF Alignment Over Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 60, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-yellow", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 34, + "interval": "$interval", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "dkim_aligned", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "1d", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "DKIM Alignment Over Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 60, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "false" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "true" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 27 + }, + "id": 7, + "interval": "1day", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "passed_dmarc", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "1d", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "DMARC Passage Over Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 60, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "none" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "quarantine" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "semi-dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "reject" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 27 + }, + "id": 8, + "interval": "$interval", + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.4.3", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "disposition.keyword", + "id": "3", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "date_begin", + "id": "2", + "settings": { + "interval": "1d", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "field": "message_count", + "id": "1", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Message Disposition Over Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "description": "Total Message Count", + "fieldConfig": { + "defaults": { + "displayName": "Total Message Count", + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-blue", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Value" + }, + "properties": [ + { + "id": "unit", + "value": "none" + } + ] + } + ] + }, + "gridPos": { + "h": 4, + "w": 12, + "x": 0, + "y": 36 + }, + "id": 36, + "interval": "24h", + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "sum" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "value_and_name", + "wideLayout": true + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "alias": "", + "bucketAggs": [ + { + "$$hashKey": "object:430", + "fake": true, + "field": "date_begin", + "id": "6", + "settings": { + "interval": "auto", + "min_doc_count": 0, + "trimEdges": 0 + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:428", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 36 + }, + "id": 10, + "interval": "$interval", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:920", + "fake": true, + "field": "source_base_domain.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "none", + "order": "desc", + "orderBy": "4", + "size": "2000" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:918", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Top 2000 Message Sources by Reverse DNS", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Sum": "Messages", + "source_base_domain.keyword": "Sender PTR Domain" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Reporting Organisation" + }, + "properties": [ + { + "id": "custom.width", + "value": 183 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 12, + "x": 0, + "y": 40 + }, + "id": 9, + "interval": "$interval", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": [ + "Sum" + ], + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:291", + "fake": true, + "field": "org_name.keyword", + "id": "7", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:98", + "fake": true, + "field": "org_extra_contact_info.keyword", + "id": "6", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:96", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + }, + { + "bucketAggs": [ + { + "$$hashKey": "object:102", + "fake": true, + "field": "org_extra_contact_info.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": true, + "metrics": [ + { + "$$hashKey": "object:100", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "B", + "timeField": "date_begin" + } + ], + "title": "Reporting Organisations", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Sum": "Messages", + "org_extra_contact_info.keyword": "Org Contact Info", + "org_name.keyword": "Reporting Organisation" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Header From" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record", + "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 44 + }, + "id": 11, + "interval": "$interval", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:388", + "fake": true, + "field": "header_from.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "none", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:386", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Message Volume by Header From", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Sum": "Messages", + "header_from.keyword": "Header From" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "source_country.keyword" + }, + "properties": [ + { + "id": "displayName", + "value": "Country" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 16, + "x": 0, + "y": 51 + }, + "id": 12, + "interval": "$interval", + "maxDataPoints": 1, + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": true, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "field": "Sum", + "fixed": 5, + "max": 35, + "min": 3 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "symbolAlign": { + "horizontal": "center", + "vertical": "center" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "filterData": { + "id": "byRefId", + "options": "A" + }, + "location": { + "lookup": "source_country.keyword", + "mode": "lookup" + }, + "name": "Message Count", + "tooltip": true, + "type": "markers" + }, + { + "config": { + "nightColor": "#000000", + "show": "to", + "sun": false + }, + "name": "Night / Day", + "opacity": 0.4, + "tooltip": true, + "type": "dayNight" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "shared": false, + "zoom": 1 + } + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:710", + "fake": true, + "field": "source_country.keyword", + "id": "7", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:708", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Map of Message Source Countries", + "transformations": [ + { + "disabled": true, + "id": "reduce", + "options": { + "labelsToFields": false, + "reducers": [ + "sum" + ] + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Country" + }, + "properties": [ + { + "id": "custom.width", + "value": 96 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 8, + "x": 16, + "y": 51 + }, + "id": 39, + "interval": "$interval", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:524", + "fake": true, + "field": "source_country.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "none", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:522", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Message Source Countries", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Sum": "Messages", + "source_country.keyword": "Country" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [ + { + "options": { + "arc=fail": { + "index": 1, + "text": "Fail" + }, + "arc=pass": { + "index": 0, + "text": "Pass" + }, + "fail": { + "index": 4, + "text": "Fail" + }, + "false": { + "index": 5, + "text": "False" + }, + "pass": { + "index": 6, + "text": "Pass" + }, + "true": { + "index": 3, + "text": "True" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + }, + { + "id": "custom.align", + "value": "left" + }, + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Source IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 200 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Country" + }, + "properties": [ + { + "id": "custom.width", + "value": 86 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Disposition" + }, + "properties": [ + { + "id": "custom.width", + "value": 114 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Simple SPF" + }, + "properties": [ + { + "id": "custom.width", + "value": 127 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Simple DKIM" + }, + "properties": [ + { + "id": "custom.width", + "value": 122 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SPF Alignment" + }, + "properties": [ + { + "id": "custom.width", + "value": 134 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Sender PTR Domain" + }, + "properties": [ + { + "id": "custom.width", + "value": 180 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ARC Result" + }, + "properties": [ + { + "id": "custom.width", + "value": 112 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Header From Domain" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DMARC Pass" + }, + "properties": [ + { + "id": "unit", + "value": "bool" + }, + { + "id": "custom.align", + "value": "left" + }, + { + "id": "custom.width", + "value": 129 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DKIM Alignment" + }, + "properties": [ + { + "id": "custom.width", + "value": 145 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 61 + }, + "id": 41, + "interval": "$interval", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": [ + "Sum" + ], + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:457", + "fake": true, + "field": "source_base_domain.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:458", + "fake": true, + "field": "source_reverse_dns.keyword", + "id": "7", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:459", + "fake": true, + "field": "source_ip_address.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:460", + "fake": true, + "field": "source_country.keyword", + "id": "9", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:384", + "fake": true, + "field": "disposition.keyword", + "id": "12", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:391", + "fake": true, + "field": "spf_aligned", + "id": "13", + "settings": { + "min_doc_count": "1", + "missing": "false", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:398", + "fake": true, + "field": "dkim_aligned", + "id": "14", + "settings": { + "min_doc_count": "1", + "missing": "false", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:405", + "fake": true, + "field": "org_name.keyword", + "id": "15", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:412", + "fake": true, + "field": "spf_results.result.keyword", + "id": "16", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:622", + "fake": true, + "field": "header_from.keyword", + "id": "17", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:461", + "fake": true, + "field": "dkim_results.result.keyword", + "id": "10", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "field": "policy_overrides.comment.keyword", + "id": "18", + "settings": { + "min_doc_count": "1", + "missing": "N/A", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "passed_dmarc", + "id": "19", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:455", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_range" + } + ], + "title": "Overview", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "passed_dmarc": false + }, + "indexByName": { + "Sum": 13, + "disposition.keyword": 5, + "dkim_aligned": 9, + "dkim_results.result.keyword": 11, + "header_from.keyword": 12, + "org_name.keyword": 4, + "passed_dmarc": 7, + "policy_overrides.comment.keyword": 6, + "source_base_domain.keyword": 0, + "source_country.keyword": 3, + "source_ip_address.keyword": 2, + "source_reverse_dns.keyword": 1, + "spf_aligned": 8, + "spf_results.result.keyword": 10 + }, + "renameByName": { + "Sum": "Messages", + "disposition.keyword": "Disposition", + "dkim_aligned": "DKIM Alignment", + "dkim_results.result.keyword": "Simple DKIM", + "header_from.keyword": "Header From Domain", + "org_name.keyword": "Reporter", + "passed_dmarc": "DMARC Pass", + "policy_overrides.comment.keyword": "ARC Result", + "source_base_domain.keyword": "Sender PTR Domain", + "source_country.keyword": "Country", + "source_ip_address.keyword": "Source IP", + "source_reverse_dns.keyword": "PTR", + "spf_aligned": "SPF Alignment", + "spf_results.result.keyword": "Simple SPF" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [ + { + "options": { + "r": { + "text": "relaxed" + }, + "s": { + "text": "strict" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + }, + { + "id": "custom.align", + "value": "left" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Percentage" + }, + "properties": [ + { + "id": "unit", + "value": "percent" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "dark-yellow", + "value": null + }, + { + "color": "dark-green", + "value": 100 + } + ] + } + }, + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "color-background" + } + }, + { + "id": "custom.width", + "value": 90 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Subdomain Policy" + }, + "properties": [ + { + "id": "custom.width", + "value": 169 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Policy" + }, + "properties": [ + { + "id": "custom.width", + "value": 113 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Forensic Policy" + }, + "properties": [ + { + "id": "custom.width", + "value": 138 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SPF Policy" + }, + "properties": [ + { + "id": "custom.width", + "value": 132 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DKIM Policy" + }, + "properties": [ + { + "id": "custom.width", + "value": 136 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Header From Domain" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"published_policy.domain.keyword\"]} DMARC record", + "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"published_policy.domain.keyword\"]}&run=toolpage" + } + ] + }, + { + "id": "custom.width", + "value": 604 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 70 + }, + "id": 43, + "interval": "86399", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": [ + "Sum" + ], + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:457", + "fake": true, + "field": "published_policy.adkim.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:458", + "fake": true, + "field": "published_policy.aspf.keyword", + "id": "7", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:459", + "fake": true, + "field": "published_policy.domain.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:460", + "fake": true, + "field": "published_policy.fo.keyword", + "id": "9", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:384", + "fake": true, + "field": "published_policy.p.keyword", + "id": "12", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:391", + "fake": true, + "field": "published_policy.pct", + "id": "13", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:398", + "fake": true, + "field": "published_policy.sp.keyword", + "id": "14", + "settings": { + "min_doc_count": "1", + "missing": "false", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:455", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Published Policies (as reported)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "date_begin": false + }, + "indexByName": { + "Sum": 7, + "published_policy.adkim.keyword": 1, + "published_policy.aspf.keyword": 2, + "published_policy.domain.keyword": 0, + "published_policy.fo.keyword": 3, + "published_policy.p.keyword": 4, + "published_policy.pct": 5, + "published_policy.sp.keyword": 6 + }, + "renameByName": { + "Sum": "Messages", + "date_begin": "Date", + "disposition.keyword": "Applied Policy", + "dkim_aligned": "DKIM", + "dkim_results.domain.keyword": "DKIM Domain", + "dkim_results.result.keyword": "DKIM Auth Result", + "dkim_results.selector.keyword": "DKIM Selector", + "envelope_from.keyword": "Envelope From", + "header_from.keyword": "Header From", + "org_name.keyword": "Reporter", + "published_policy.adkim.keyword": "DKIM Policy", + "published_policy.aspf.keyword": "SPF Policy", + "published_policy.domain.keyword": "Header From Domain", + "published_policy.fo.keyword": "Forensic Policy", + "published_policy.p.keyword": "Policy", + "published_policy.pct": "Percentage", + "published_policy.sp.keyword": "Subdomain Policy", + "source_base_domain.keyword": "Reverse DNS Base", + "source_country.keyword": "Country", + "source_ip_address.keyword": "Source IP", + "source_reverse_dns.keyword": "PTR", + "spf_aligned": "SPF", + "spf_results.result.keyword": "SPF Auth Result" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Sender IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 216 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Country" + }, + "properties": [ + { + "id": "custom.width", + "value": 103 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.width", + "value": 400 + }, + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + }, + { + "id": "custom.align", + "value": "left" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Sender PTR Domain" + }, + "properties": [ + { + "id": "custom.width", + "value": 300 + }, + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Visit Domain", + "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 79 + }, + "id": 14, + "interval": "", + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": [ + "Sum" + ], + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:921", + "fake": true, + "field": "source_ip_address.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "1000" + }, + "type": "terms" + }, + { + "$$hashKey": "object:922", + "fake": true, + "field": "source_reverse_dns.keyword", + "id": "7", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "1000" + }, + "type": "terms" + }, + { + "$$hashKey": "object:923", + "fake": true, + "field": "source_base_domain.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "1000" + }, + "type": "terms" + }, + { + "$$hashKey": "object:924", + "fake": true, + "field": "source_country.keyword", + "id": "9", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "1000" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:919", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_begin" + } + ], + "title": "Top 1000 Message Source IP Addresses", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Sum": "Messages", + "source_base_domain.keyword": "Sender PTR Domain", + "source_country.keyword": "Country", + "source_ip_address.keyword": "Sender IP", + "source_reverse_dns.keyword": "Sender PTR" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [ + { + "options": { + "arc=fail": { + "index": 1, + "text": "Fail" + }, + "arc=pass": { + "index": 0, + "text": "Pass" + }, + "fail": { + "index": 4, + "text": "Fail" + }, + "false": { + "index": 6, + "text": "False" + }, + "pass": { + "index": 3, + "text": "Pass" + }, + "true": { + "index": 5, + "text": "True" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + }, + { + "id": "custom.align", + "value": "left" + }, + { + "id": "custom.width", + "value": 400 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Sender PTR Domain" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Visit Domain", + "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Envelope From" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"envelope_from.keyword\"]} SPF record", + "url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"envelope_from.keyword\"]}" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ARC Result" + }, + "properties": [ + { + "id": "custom.width", + "value": 112 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SPF Alignment" + }, + "properties": [ + { + "id": "custom.width", + "value": 131 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Simple SPF" + }, + "properties": [ + { + "id": "custom.width", + "value": 110 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Source IP" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"source_ip_address.keyword\"]} SPF record result", + "url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"envelope_from.keyword\"]}?ip=${__data.fields[\"source_ip_address.keyword\"]}" + } + ] + }, + { + "id": "custom.width", + "value": 137 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DMARC Pass" + }, + "properties": [ + { + "id": "custom.width", + "value": 120 + }, + { + "id": "unit", + "value": "bool" + }, + { + "id": "custom.align", + "value": "left" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SPF Alignment" + }, + "properties": [ + { + "id": "custom.width", + "value": 130 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Header From" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record", + "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 88 + }, + "id": 16, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": false, + "fields": [ + "Sum" + ], + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:457", + "fake": true, + "field": "header_from.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:458", + "fake": true, + "field": "envelope_from.keyword", + "id": "7", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:459", + "fake": true, + "field": "spf_results.result.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:460", + "fake": true, + "field": "spf_aligned", + "id": "9", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:461", + "fake": true, + "field": "source_base_domain.keyword", + "id": "10", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "field": "policy_overrides.comment.keyword", + "id": "11", + "settings": { + "min_doc_count": "1", + "missing": "N/A", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "source_ip_address.keyword", + "id": "12", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "passed_dmarc", + "id": "13", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:455", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_range" + } + ], + "title": "SPF Alignment Details", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Sum": 8, + "envelope_from.keyword": 1, + "header_from.keyword": 0, + "passed_dmarc": 4, + "policy_overrides.comment.keyword": 3, + "source_base_domain.keyword": 7, + "source_ip_address.keyword": 2, + "spf_aligned": 5, + "spf_results.result.keyword": 6 + }, + "renameByName": { + "Sum": "Messages", + "envelope_from.keyword": "Envelope From", + "header_from.keyword": "Header From", + "passed_dmarc": "DMARC Pass", + "policy_overrides.comment.keyword": "ARC Result", + "source_base_domain.keyword": "Sender PTR Domain", + "source_ip_address.keyword": "Source IP", + "spf_aligned": "SPF Alignment", + "spf_results.result.keyword": "Simple SPF" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourceag" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [ + { + "options": { + "arc=fail": { + "index": 1, + "text": "Fail" + }, + "arc=pass": { + "index": 0, + "text": "Pass" + }, + "fail": { + "index": 4, + "text": "Fail" + }, + "false": { + "index": 6, + "text": "False" + }, + "pass": { + "index": 3, + "text": "Pass" + }, + "true": { + "index": 5, + "text": "True" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + }, + { + "id": "custom.align", + "value": "left" + }, + { + "id": "custom.width", + "value": 400 + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "max" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Sender PTR Domain" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Visit Domain", + "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DKIM Selector" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Open dmarcian.com DKIM Record Checker", + "url": "https://dmarcian.com/dkim-inspector/?domain=${__data.fields[\"dkim_results.domain.keyword\"]}&selector=${__data.fields[\"dkim_results.selector.keyword\"]}" + } + ] + }, + { + "id": "custom.align", + "value": "left" + }, + { + "id": "unit", + "value": "string" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DMARC Pass" + }, + "properties": [ + { + "id": "custom.width", + "value": 126 + }, + { + "id": "custom.align", + "value": "left" + }, + { + "id": "unit", + "value": "bool" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Header From" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"header_from.keyword\"]} DMARC record", + "url": "https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3a${__data.fields[\"header_from.keyword\"]}&run=toolpage" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ARC Result" + }, + "properties": [ + { + "id": "custom.width", + "value": 116 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Simple DKIM" + }, + "properties": [ + { + "id": "custom.width", + "value": 119 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DKIM Alignment" + }, + "properties": [ + { + "id": "custom.width", + "value": 144 + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 97 + }, + "id": 40, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": [ + "Sum" + ], + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:457", + "fake": true, + "field": "header_from.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:458", + "fake": true, + "field": "dkim_results.selector.keyword", + "id": "7", + "settings": { + "min_doc_count": "1", + "missing": "-", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:459", + "fake": true, + "field": "dkim_results.domain.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:460", + "fake": true, + "field": "dkim_results.result.keyword", + "id": "9", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:798", + "fake": true, + "field": "dkim_aligned", + "id": "11", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:461", + "fake": true, + "field": "source_base_domain.keyword", + "id": "10", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "4", + "size": "0" + }, + "type": "terms" + }, + { + "field": "passed_dmarc", + "id": "12", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "policy_overrides.comment.keyword", + "id": "13", + "settings": { + "min_doc_count": "1", + "missing": "N/A", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourceag" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:455", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "sum" + } + ], + "query": "header_from.keyword:$fromdomain", + "refId": "A", + "timeField": "date_range" + } + ], + "title": "DKIM Alignment Details", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "dkim_results.selector.keyword": false + }, + "indexByName": { + "Sum": 8, + "dkim_aligned": 5, + "dkim_results.domain.keyword": 2, + "dkim_results.result.keyword": 6, + "dkim_results.selector.keyword": 1, + "header_from.keyword": 0, + "passed_dmarc": 4, + "policy_overrides.comment.keyword": 3, + "source_base_domain.keyword": 7 + }, + "renameByName": { + "Sum": "Messages", + "dkim_aligned": "DKIM Alignment", + "dkim_results.domain.keyword": "DKIM Domain", + "dkim_results.result.keyword": "Simple DKIM", + "dkim_results.selector.keyword": "DKIM Selector", + "envelope_from.keyword": "Envelope From", + "header_from.keyword": "Header From", + "passed_dmarc": "DMARC Pass", + "policy_overrides.comment.keyword": "ARC Result", + "source_base_domain.keyword": "Sender PTR Domain", + "spf_aligned": "SPF Aligned", + "spf_results.result.keyword": "SPF Result" + } + } + } + ], + "type": "table" + }, + { + "collapsed": false, + "datasource": { + "type": "elasticsearch", + "uid": "fe02a4f7-cf1f-4b97-8d78-774cff09356c" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 106 + }, + "id": 32, + "panels": [], + "targets": [ + { + "datasource": { + "type": "elasticsearch", + "uid": "fe02a4f7-cf1f-4b97-8d78-774cff09356c" + }, + "refId": "A" + } + ], + "title": "DMARC Forensic", + "type": "row" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourcefo" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Arrival_Date" + }, + "properties": [ + { + "id": "unit", + "value": "dateTimeAsIso" + }, + { + "id": "custom.width", + "value": 175 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "AuthFailure" + }, + "properties": [ + { + "id": "custom.width", + "value": 84 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "DeliveryResult" + }, + "properties": [ + { + "id": "custom.width", + "value": 104 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Count" + }, + "properties": [ + { + "id": "custom.width", + "value": 71 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ReplyTo" + }, + "properties": [ + { + "id": "custom.width", + "value": 122 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Sender IP" + }, + "properties": [ + { + "id": "custom.width", + "value": 140 + }, + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Check ${__data.fields[\"source_ip_address.keyword\"]} SPF record result", + "url": "https://www.spf-record.com/spf-lookup/${__data.fields[\"domain.keyword\"]}?ip=${__data.fields[\"source_ip_address.keyword\"]}" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 107 + }, + "id": 20, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.1.6", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:340", + "fake": true, + "field": "arrival_date", + "id": "6", + "settings": { + "interval": "auto", + "min_doc_count": 1, + "trimEdges": 0 + }, + "type": "date_histogram" + }, + { + "$$hashKey": "object:341", + "fake": true, + "field": "sample.headers.from.keyword", + "id": "7", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:342", + "fake": true, + "field": "sample.headers.to.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:343", + "fake": true, + "field": "sample.headers.reply-to.keyword", + "id": "10", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:344", + "fake": true, + "field": "auth_failure.keyword", + "id": "11", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:345", + "fake": true, + "field": "sample.subject.keyword", + "id": "12", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:346", + "fake": true, + "field": "delivery_results.keyword", + "id": "14", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:347", + "fake": true, + "field": "authentication_results.keyword", + "id": "15", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "$$hashKey": "object:348", + "fake": true, + "field": "sample.headers.received.keyword", + "id": "13", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + }, + { + "field": "sample.date", + "id": "16", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "source_ip_address.keyword", + "id": "17", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "source_reverse_dns.keyword", + "id": "18", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + }, + { + "field": "domain.keyword", + "id": "19", + "settings": { + "min_doc_count": "1", + "order": "desc", + "orderBy": "_term", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourcefo" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:338", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "domain.keyword:$fromdomain", + "refId": "A", + "timeField": "arrival_date" + } + ], + "title": "Forensic Samples", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "arrival_date": true, + "domain.keyword": false, + "sample.headers.received.keyword": true + }, + "indexByName": { + "Count": 13, + "arrival_date": 2, + "auth_failure.keyword": 7, + "authentication_results.keyword": 9, + "delivery_results.keyword": 8, + "domain.keyword": 0, + "sample.date": 1, + "sample.headers.from.keyword": 3, + "sample.headers.received.keyword": 10, + "sample.headers.reply-to.keyword": 5, + "sample.headers.to.keyword": 4, + "sample.subject.keyword": 6, + "source_ip_address.keyword": 11, + "source_reverse_dns.keyword": 12 + }, + "renameByName": { + "Count": "Message Count", + "arrival_date": "", + "auth_failure.keyword": "AuthFailure", + "authentication_results.keyword": "Auth Results", + "delivery_results.keyword": "DeliveryResult", + "domain.keyword": "Header From Domain", + "sample.date": "Arrival_Date", + "sample.headers.from.keyword": "Envelope From", + "sample.headers.received.keyword": "Mail Hop 1", + "sample.headers.reply-to.keyword": "ReplyTo", + "sample.headers.to.keyword": "Envelope To", + "sample.subject.keyword": "Subject", + "source_ip_address.keyword": "Sender IP", + "source_reverse_dns.keyword": "Sender PTR" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "$datasourcefo" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-green" + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Field" + }, + "properties": [ + { + "id": "displayName", + "value": "Country" + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 8, + "x": 0, + "y": 116 + }, + "id": 22, + "maxDataPoints": 1, + "options": { + "basemap": { + "name": "Basemap", + "type": "default" + }, + "controls": { + "mouseWheelZoom": true, + "showAttribution": true, + "showDebug": false, + "showMeasure": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "showLegend": true, + "style": { + "color": { + "field": "Total", + "fixed": "dark-green" + }, + "opacity": 0.4, + "rotation": { + "fixed": 0, + "max": 360, + "min": -360, + "mode": "mod" + }, + "size": { + "field": "Total", + "fixed": 5, + "max": 30, + "min": 2 + }, + "symbol": { + "fixed": "img/icons/marker/circle.svg", + "mode": "fixed" + }, + "textConfig": { + "fontSize": 12, + "offsetX": 0, + "offsetY": 0, + "textAlign": "center", + "textBaseline": "middle" + } + } + }, + "filterData": { + "id": "byRefId", + "options": "A" + }, + "location": { + "gazetteer": "public/gazetteer/countries.json", + "lookup": "Field", + "mode": "lookup" + }, + "name": "Forensic Count", + "tooltip": true, + "type": "markers" + }, + { + "config": { + "nightColor": "#000000", + "show": "to", + "sun": false + }, + "name": "Layer 2", + "opacity": 0.4, + "tooltip": true, + "type": "dayNight" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "allLayers": true, + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } + }, + "pluginVersion": "11.1.0-179769", + "targets": [ + { + "bucketAggs": [ + { + "fake": true, + "field": "source_country.keyword", + "id": "9", + "settings": { + "min_doc_count": 1, + "order": "desc", + "orderBy": "_term", + "size": "10" + }, + "type": "terms" + }, + { + "field": "arrival_date", + "id": "10", + "settings": { + "interval": "auto", + "min_doc_count": "0", + "timeZone": "utc", + "trimEdges": "0" + }, + "type": "date_histogram" + } + ], + "datasource": { + "uid": "$datasourcefo" + }, + "hide": false, + "metrics": [ + { + "id": "4", + "type": "count" + } + ], + "query": "domain.keyword:$fromdomain", + "refId": "A", + "timeField": "arrival_date" + } + ], + "title": "Forensic Sample Sources by Country", + "transformations": [ + { + "id": "reduce", + "options": { + "reducers": [ + "sum" + ] + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "uid": "$datasourcefo" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Count" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green" + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Country" + }, + "properties": [ + { + "id": "custom.width", + "value": 70 + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 5, + "x": 8, + "y": 116 + }, + "id": 23, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "11.1.0-179769", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:840", + "fake": true, + "field": "source_country.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "none", + "order": "desc", + "orderBy": "_count", + "size": "0" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourcefo" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:838", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "domain.keyword:$fromdomain", + "refId": "A", + "timeField": "arrival_date" + } + ], + "title": "DMARC Forensic Sample Source Countries", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "source_country.keyword": "Country" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "uid": "$datasourcefo" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Country" + }, + "properties": [ + { + "id": "custom.width", + "value": 70 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Base Domain" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "Visit https://${__data.fields[\"source_base_domain.keyword\"]}", + "url": "https://${__data.fields[\"source_base_domain.keyword\"]}" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Messages" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "mode": "gradient", + "type": "gauge" + } + }, + { + "id": "thresholds", + "value": { + "mode": "percentage", + "steps": [ + { + "color": "green" + }, + { + "color": "dark-purple", + "value": 101 + } + ] + } + } + ] + } + ] + }, + "gridPos": { + "h": 11, + "w": 11, + "x": 13, + "y": 116 + }, + "id": 24, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Messages" + } + ] + }, + "pluginVersion": "11.1.0-179769", + "targets": [ + { + "bucketAggs": [ + { + "$$hashKey": "object:653", + "fake": true, + "field": "source_ip_address.keyword", + "id": "6", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "1000" + }, + "type": "terms" + }, + { + "$$hashKey": "object:654", + "fake": true, + "field": "source_reverse_dns.keyword", + "id": "7", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "1000" + }, + "type": "terms" + }, + { + "$$hashKey": "object:655", + "fake": true, + "field": "source_base_domain.keyword", + "id": "8", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "1000" + }, + "type": "terms" + }, + { + "$$hashKey": "object:656", + "fake": true, + "field": "source_country.keyword", + "id": "9", + "settings": { + "min_doc_count": 1, + "missing": "-", + "order": "desc", + "orderBy": "_count", + "size": "1000" + }, + "type": "terms" + } + ], + "datasource": { + "uid": "$datasourcefo" + }, + "hide": false, + "metrics": [ + { + "$$hashKey": "object:651", + "field": "message_count", + "id": "4", + "meta": {}, + "settings": {}, + "type": "count" + } + ], + "query": "domain.keyword:$fromdomain", + "refId": "A", + "timeField": "arrival_date" + } + ], + "title": "Top 1000 Forensic Sample Source IP Addresses", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Count": "Messages", + "source_base_domain.keyword": "Base Domain", + "source_country.keyword": "Country", + "source_ip_address.keyword": "IP Address", + "source_reverse_dns.keyword": "Reverse DNS" + } + } + } + ], + "type": "table" + } + ], + "refresh": "", + "schemaVersion": 38, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "dmarc-ag", + "value": "f79d0082-7d3f-4e44-9f8a-ec546b954d22" + }, + "hide": 2, + "includeAll": false, + "label": "Datasource: Aggregate", + "multi": false, + "name": "datasourceag", + "options": [], + "query": "elasticsearch", + "refresh": 1, + "regex": "/.*dmarc-ag/", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "dmarc-fo", + "value": "deae39d9-c143-40ed-8470-c5560059ad22" + }, + "hide": 2, + "includeAll": false, + "label": "Datasource: Forensic", + "multi": false, + "name": "datasourcefo", + "options": [], + "query": "elasticsearch", + "refresh": 1, + "regex": "/.*dmarc-fo/", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": true, + "text": [ + "All" + ], + "value": [ + "$__all" + ] + }, + "datasource": { + "uid": "$datasourceag" + }, + "definition": "{\"find\":\"terms\",\"field\":\"header_from.keyword\"}", + "hide": 0, + "includeAll": true, + "label": "From Domain", + "multi": true, + "name": "fromdomain", + "options": [], + "query": "{\"find\":\"terms\",\"field\":\"header_from.keyword\"}", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "selected": false, + "text": "1d", + "value": "1d" + }, + "hide": 2, + "label": "Interval", + "name": "interval", + "options": [ + { + "selected": true, + "text": "1d", + "value": "1d" + } + ], + "query": "1d", + "refresh": 2, + "skipUrlSync": false, + "type": "interval" + }, + { + "datasource": { + "type": "elasticsearch", + "uid": "${datasourceag}" + }, + "filters": [], + "hide": 0, + "label": "Filter", + "name": "Filter", + "skipUrlSync": false, + "type": "adhoc" + } + ] + }, + "time": { + "from": "now-30d", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "utc", + "title": "DMARC Reports-2024/11/13", + "uid": "SDksirRWz-new", + "version": 10, + "weekStart": "" +} \ No newline at end of file