You've already forked http-badbots
2549 lines
60 KiB
JSON
2549 lines
60 KiB
JSON
{
|
|
"__inputs": [
|
|
{
|
|
"name": "DS_HTTP-BADBOTS",
|
|
"label": "HTTP-Badbots",
|
|
"description": "",
|
|
"type": "datasource",
|
|
"pluginId": "mysql",
|
|
"pluginName": "MySQL"
|
|
}
|
|
],
|
|
"__elements": {},
|
|
"__requires": [
|
|
{
|
|
"type": "panel",
|
|
"id": "geomap",
|
|
"name": "Geomap",
|
|
"version": ""
|
|
},
|
|
{
|
|
"type": "grafana",
|
|
"id": "grafana",
|
|
"name": "Grafana",
|
|
"version": "9.3.6"
|
|
},
|
|
{
|
|
"type": "datasource",
|
|
"id": "mysql",
|
|
"name": "MySQL",
|
|
"version": "1.0.0"
|
|
},
|
|
{
|
|
"type": "panel",
|
|
"id": "stat",
|
|
"name": "Stat",
|
|
"version": ""
|
|
},
|
|
{
|
|
"type": "panel",
|
|
"id": "table",
|
|
"name": "Table",
|
|
"version": ""
|
|
},
|
|
{
|
|
"type": "panel",
|
|
"id": "text",
|
|
"name": "Text",
|
|
"version": ""
|
|
},
|
|
{
|
|
"type": "panel",
|
|
"id": "timeseries",
|
|
"name": "Time series",
|
|
"version": ""
|
|
}
|
|
],
|
|
"annotations": {
|
|
"list": [
|
|
{
|
|
"builtIn": 1,
|
|
"datasource": {
|
|
"type": "datasource",
|
|
"uid": "grafana"
|
|
},
|
|
"enable": true,
|
|
"hide": true,
|
|
"iconColor": "rgba(0, 211, 255, 1)",
|
|
"name": "Annotations & Alerts",
|
|
"target": {
|
|
"limit": 100,
|
|
"matchAny": false,
|
|
"tags": [],
|
|
"type": "dashboard"
|
|
},
|
|
"type": "dashboard"
|
|
}
|
|
]
|
|
},
|
|
"editable": true,
|
|
"fiscalYearStartMonth": 0,
|
|
"graphTooltip": 0,
|
|
"id": null,
|
|
"links": [
|
|
{
|
|
"asDropdown": false,
|
|
"icon": "external link",
|
|
"includeVars": false,
|
|
"keepTime": false,
|
|
"tags": [],
|
|
"targetBlank": true,
|
|
"title": "http-badbots",
|
|
"tooltip": "",
|
|
"type": "link",
|
|
"url": "https://git.rznet.fr/razian/http-badbots"
|
|
},
|
|
{
|
|
"asDropdown": false,
|
|
"icon": "external link",
|
|
"includeVars": false,
|
|
"keepTime": false,
|
|
"tags": [],
|
|
"targetBlank": true,
|
|
"title": "iplookup.fr",
|
|
"tooltip": "",
|
|
"type": "link",
|
|
"url": "https://iplookup.fr"
|
|
}
|
|
],
|
|
"liveNow": true,
|
|
"panels": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"gridPos": {
|
|
"h": 1,
|
|
"w": 24,
|
|
"x": 0,
|
|
"y": 0
|
|
},
|
|
"id": 35,
|
|
"options": {
|
|
"code": {
|
|
"language": "plaintext",
|
|
"showLineNumbers": false,
|
|
"showMiniMap": false
|
|
},
|
|
"content": "Hi",
|
|
"mode": "html"
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"format": "time_series",
|
|
"group": [],
|
|
"metricColumn": "none",
|
|
"rawQuery": false,
|
|
"rawSql": "SELECT\n starttime AS \"time\",\n sensor\nFROM sessions\nWHERE\n $__timeFilter(starttime)\nORDER BY starttime",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"sensor"
|
|
],
|
|
"type": "column"
|
|
}
|
|
]
|
|
],
|
|
"table": "sessions",
|
|
"timeColumn": "starttime",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "HTTP crawls on RzNET",
|
|
"type": "text"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "continuous-GrYlRd"
|
|
},
|
|
"custom": {
|
|
"hideFrom": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": false
|
|
}
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "percentage",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
}
|
|
]
|
|
},
|
|
"unit": "none"
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 15,
|
|
"w": 16,
|
|
"x": 0,
|
|
"y": 1
|
|
},
|
|
"id": 14,
|
|
"options": {
|
|
"basemap": {
|
|
"config": {},
|
|
"name": "Layer 0",
|
|
"type": "default"
|
|
},
|
|
"controls": {
|
|
"mouseWheelZoom": false,
|
|
"showAttribution": false,
|
|
"showDebug": false,
|
|
"showMeasure": false,
|
|
"showScale": false,
|
|
"showZoom": true
|
|
},
|
|
"layers": [
|
|
{
|
|
"config": {
|
|
"showLegend": true,
|
|
"style": {
|
|
"color": {
|
|
"field": "attacks",
|
|
"fixed": "red"
|
|
},
|
|
"opacity": 0.4,
|
|
"rotation": {
|
|
"fixed": 0,
|
|
"max": 360,
|
|
"min": -360,
|
|
"mode": "mod"
|
|
},
|
|
"size": {
|
|
"field": "attacks",
|
|
"fixed": 1,
|
|
"max": 10,
|
|
"min": 2
|
|
},
|
|
"symbol": {
|
|
"fixed": "img/icons/marker/circle.svg",
|
|
"mode": "fixed"
|
|
},
|
|
"text": {
|
|
"field": "ip",
|
|
"fixed": "",
|
|
"mode": "fixed"
|
|
},
|
|
"textConfig": {
|
|
"fontSize": 12,
|
|
"offsetX": 0,
|
|
"offsetY": 0,
|
|
"textAlign": "center",
|
|
"textBaseline": "middle"
|
|
}
|
|
}
|
|
},
|
|
"location": {
|
|
"latitude": "latitude",
|
|
"longitude": "longitude",
|
|
"mode": "auto"
|
|
},
|
|
"name": "Mark",
|
|
"tooltip": true,
|
|
"type": "markers"
|
|
}
|
|
],
|
|
"tooltip": {
|
|
"mode": "details"
|
|
},
|
|
"view": {
|
|
"allLayers": true,
|
|
"id": "coords",
|
|
"lat": 30,
|
|
"lon": 14,
|
|
"zoom": 2
|
|
}
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"ip"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "none",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n latitude,\n longitude,\n ip,\n city,\n country,\n isp,\n count(ip) AS \"attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n latitude <> ''\nAND\n longitude <> ''\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY ip\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"lat"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"lat"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"lon"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"lon"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"ip"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"ip"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Attacks Map",
|
|
"type": "geomap"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 80
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "IP"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "links",
|
|
"value": [
|
|
{
|
|
"targetBlank": false,
|
|
"title": "",
|
|
"url": "d/grOSx5-Mx/http-badbots?var-IP=${__data.fields.IP}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 15,
|
|
"w": 4,
|
|
"x": 16,
|
|
"y": 1
|
|
},
|
|
"id": 18,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"ip"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "ip",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n ip AS \"IP\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nAND\n ip <> ''\nGROUP BY ip\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"cc"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top IPs",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 80
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Country"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "links",
|
|
"value": [
|
|
{
|
|
"title": "Country",
|
|
"url": "d/grOSx5-Mx/http-badbots?var-Country=${__data.fields.Country}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 15,
|
|
"w": 4,
|
|
"x": 20,
|
|
"y": 1
|
|
},
|
|
"id": 27,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "country",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n country AS \"Country\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n country <> ''\nAND\n ISP REGEXP '${ISP:pipe}'\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY country\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"id"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top Countries",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 12,
|
|
"w": 10,
|
|
"x": 0,
|
|
"y": 16
|
|
},
|
|
"id": 41,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n useragent AS \"User-agent\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n useragent <> ''\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY useragent\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top User-agents",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
}
|
|
]
|
|
},
|
|
"unit": "short"
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 3,
|
|
"w": 2,
|
|
"x": 10,
|
|
"y": 16
|
|
},
|
|
"id": 25,
|
|
"options": {
|
|
"colorMode": "none",
|
|
"graphMode": "none",
|
|
"justifyMode": "center",
|
|
"orientation": "auto",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"sum"
|
|
],
|
|
"fields": "/^value$/",
|
|
"values": false
|
|
},
|
|
"textMode": "auto"
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "time_series",
|
|
"group": [],
|
|
"metricColumn": "id",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n$__timeGroupAlias(timestamp, '1m'),\nCOUNT(ip) AS value\nFROM\nconnections\nWHERE\n$__timeFilter(timestamp)\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY DATE(timestamp), HOUR(timestamp), MINUTE(timestamp)",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"id"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"id"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "sessions",
|
|
"timeColumn": "starttime",
|
|
"timeColumnType": "datetime",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Connections",
|
|
"type": "stat"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "continuous-GrYlRd"
|
|
},
|
|
"custom": {
|
|
"axisCenteredZero": false,
|
|
"axisColorMode": "text",
|
|
"axisLabel": "",
|
|
"axisPlacement": "auto",
|
|
"barAlignment": 0,
|
|
"drawStyle": "bars",
|
|
"fillOpacity": 90,
|
|
"gradientMode": "scheme",
|
|
"hideFrom": {
|
|
"legend": false,
|
|
"tooltip": false,
|
|
"viz": false
|
|
},
|
|
"lineInterpolation": "linear",
|
|
"lineWidth": 1,
|
|
"pointSize": 5,
|
|
"scaleDistribution": {
|
|
"type": "linear"
|
|
},
|
|
"showPoints": "auto",
|
|
"spanNulls": false,
|
|
"stacking": {
|
|
"group": "A",
|
|
"mode": "none"
|
|
},
|
|
"thresholdsStyle": {
|
|
"mode": "off"
|
|
}
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 6,
|
|
"w": 12,
|
|
"x": 12,
|
|
"y": 16
|
|
},
|
|
"id": 20,
|
|
"options": {
|
|
"legend": {
|
|
"calcs": [],
|
|
"displayMode": "list",
|
|
"placement": "bottom",
|
|
"showLegend": false
|
|
},
|
|
"tooltip": {
|
|
"mode": "single",
|
|
"sort": "none"
|
|
}
|
|
},
|
|
"pluginVersion": "8.3.5",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "time_series",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"starttime"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "id",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n $__timeGroupAlias(timestamp, '1h'),\nCOUNT(ip) AS value\nFROM\n connections\nWHERE\n $__timeFilter(timestamp)\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY time\n ORDER BY timestamp ASC",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"id"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"id"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "sessions",
|
|
"timeColumn": "starttime",
|
|
"timeColumnType": "datetime",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
},
|
|
{
|
|
"name": "",
|
|
"params": [
|
|
"value",
|
|
"=",
|
|
"value"
|
|
],
|
|
"type": "expression"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Connections per hour",
|
|
"type": "timeseries"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
},
|
|
{
|
|
"color": "red",
|
|
"value": 80
|
|
}
|
|
]
|
|
},
|
|
"unit": "short"
|
|
},
|
|
"overrides": []
|
|
},
|
|
"gridPos": {
|
|
"h": 3,
|
|
"w": 2,
|
|
"x": 10,
|
|
"y": 19
|
|
},
|
|
"id": 8,
|
|
"options": {
|
|
"colorMode": "none",
|
|
"graphMode": "none",
|
|
"justifyMode": "center",
|
|
"orientation": "auto",
|
|
"reduceOptions": {
|
|
"calcs": [
|
|
"sum"
|
|
],
|
|
"fields": "/^count\\(distinct ip\\)$/",
|
|
"values": false
|
|
},
|
|
"textMode": "auto"
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [],
|
|
"metricColumn": "none",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n count(distinct ip)\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"id"
|
|
],
|
|
"type": "column"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "auth",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Unique IPs",
|
|
"type": "stat"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"links": [],
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green",
|
|
"value": null
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Host"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "links",
|
|
"value": [
|
|
{
|
|
"title": "Host",
|
|
"url": "d/grOSx5-Mx/http-badbots?var-Host=${__data.fields.Host}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 6,
|
|
"w": 14,
|
|
"x": 10,
|
|
"y": 22
|
|
},
|
|
"id": 42,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n host AS \"Host\",\n path AS \"URL\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nAND\n path <> ''\nGROUP BY host,path\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top URLs",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "ISP"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "links",
|
|
"value": [
|
|
{
|
|
"title": "ISP",
|
|
"url": "d/grOSx5-Mx/http-badbots?var-ISP=${__data.fields.ISP}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 12,
|
|
"w": 10,
|
|
"x": 0,
|
|
"y": 28
|
|
},
|
|
"id": 29,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n isp AS \"ISP\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Country REGEXP '${Country:pipe}'\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nAND\n isp <> ''\nGROUP BY isp\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top ISPs",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 12,
|
|
"w": 7,
|
|
"x": 10,
|
|
"y": 28
|
|
},
|
|
"id": 40,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n username AS \"Username\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n username <> ''\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY username\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top Usernames",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 12,
|
|
"w": 7,
|
|
"x": 17,
|
|
"y": 28
|
|
},
|
|
"id": 39,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n password AS \"Password\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n password <> ''\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nGROUP BY password\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top Passwords",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byType",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Country"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 256
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "ISP"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "links",
|
|
"value": [
|
|
{
|
|
"title": "ISP",
|
|
"url": "d/grOSx5-Mx/http-badbots?var-ISP=${__data.fields.ISP}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 12,
|
|
"w": 10,
|
|
"x": 0,
|
|
"y": 40
|
|
},
|
|
"id": 38,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": false,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n isp AS \"ISP\",\n country AS \"Country\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n Country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nAND\n country <> ''\nAND\n isp <> ''\nGROUP BY isp, country\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top ISPs by Country",
|
|
"type": "table"
|
|
},
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"fieldConfig": {
|
|
"defaults": {
|
|
"color": {
|
|
"mode": "thresholds"
|
|
},
|
|
"custom": {
|
|
"align": "left",
|
|
"displayMode": "auto",
|
|
"inspect": false
|
|
},
|
|
"mappings": [],
|
|
"thresholds": {
|
|
"mode": "absolute",
|
|
"steps": [
|
|
{
|
|
"color": "green"
|
|
}
|
|
]
|
|
},
|
|
"unit": "none"
|
|
},
|
|
"overrides": [
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "Attacks"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.width",
|
|
"value": 100
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "IP"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "links",
|
|
"value": [
|
|
{
|
|
"targetBlank": false,
|
|
"title": "",
|
|
"url": "d/grOSx5-Mx/http-badbots?var-IP=${__data.fields.IP}"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"matcher": {
|
|
"id": "byName",
|
|
"options": "time"
|
|
},
|
|
"properties": [
|
|
{
|
|
"id": "custom.hidden",
|
|
"value": true
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"gridPos": {
|
|
"h": 12,
|
|
"w": 14,
|
|
"x": 10,
|
|
"y": 40
|
|
},
|
|
"id": 37,
|
|
"options": {
|
|
"footer": {
|
|
"countRows": false,
|
|
"fields": "",
|
|
"reducer": [
|
|
"sum"
|
|
],
|
|
"show": false
|
|
},
|
|
"showHeader": true,
|
|
"showRowNums": false,
|
|
"sortBy": [
|
|
{
|
|
"desc": true,
|
|
"displayName": "Attacks"
|
|
}
|
|
]
|
|
},
|
|
"pluginVersion": "9.3.6",
|
|
"targets": [
|
|
{
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"editorMode": "code",
|
|
"format": "table",
|
|
"group": [
|
|
{
|
|
"params": [
|
|
"isp"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"country"
|
|
],
|
|
"type": "column"
|
|
}
|
|
],
|
|
"metricColumn": "isp",
|
|
"rawQuery": true,
|
|
"rawSql": "SELECT\n timestamp AS \"time\",\n ip AS \"IP\",\n country AS \"Country\",\n city AS \"City\",\n isp AS \"ISP\",\n count(ip) AS \"Attacks\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n country REGEXP '${Country:pipe}'\nAND\n isp REGEXP \"${ISP:pipe}\"\nAND\n Host REGEXP '${Host:pipe}'\nAND\n IP REGEXP '${IP:pipe}'\nAND\n ip <> ''\nGROUP BY ip\nORDER BY timestamp",
|
|
"refId": "A",
|
|
"select": [
|
|
[
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"Country"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
],
|
|
[
|
|
{
|
|
"params": [
|
|
"value"
|
|
],
|
|
"type": "column"
|
|
},
|
|
{
|
|
"params": [
|
|
"count"
|
|
],
|
|
"type": "aggregate"
|
|
},
|
|
{
|
|
"params": [
|
|
"Attacks"
|
|
],
|
|
"type": "alias"
|
|
}
|
|
]
|
|
],
|
|
"sql": {
|
|
"columns": [
|
|
{
|
|
"parameters": [],
|
|
"type": "function"
|
|
}
|
|
],
|
|
"groupBy": [
|
|
{
|
|
"property": {
|
|
"type": "string"
|
|
},
|
|
"type": "groupBy"
|
|
}
|
|
],
|
|
"limit": 50
|
|
},
|
|
"table": "locations",
|
|
"timeColumn": "timestamp",
|
|
"timeColumnType": "timestamp",
|
|
"where": [
|
|
{
|
|
"name": "$__timeFilter",
|
|
"params": [],
|
|
"type": "macro"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"title": "Top IPs Details",
|
|
"type": "table"
|
|
}
|
|
],
|
|
"refresh": "1m",
|
|
"revision": 1,
|
|
"schemaVersion": 37,
|
|
"style": "dark",
|
|
"tags": [],
|
|
"templating": {
|
|
"list": [
|
|
{
|
|
"current": {},
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"definition": "\tSELECT ip AS \"IP\" FROM connections WHERE $__timeFilter(timestamp) AND ip <> '' GROUP BY ip ORDER BY count(ip) DESC",
|
|
"hide": 0,
|
|
"includeAll": true,
|
|
"label": "IP",
|
|
"multi": false,
|
|
"name": "IP",
|
|
"options": [],
|
|
"query": "\tSELECT ip AS \"IP\" FROM connections WHERE $__timeFilter(timestamp) AND ip <> '' GROUP BY ip ORDER BY count(ip) DESC",
|
|
"refresh": 1,
|
|
"regex": "",
|
|
"skipUrlSync": false,
|
|
"sort": 0,
|
|
"type": "query"
|
|
},
|
|
{
|
|
"current": {},
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"definition": "SELECT\n country\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n country <> ''\nGROUP BY country\nORDER BY count(ip) DESC;",
|
|
"hide": 0,
|
|
"includeAll": true,
|
|
"multi": true,
|
|
"name": "Country",
|
|
"options": [],
|
|
"query": "SELECT\n country\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n country <> ''\nGROUP BY country\nORDER BY count(ip) DESC;",
|
|
"refresh": 1,
|
|
"regex": "",
|
|
"skipUrlSync": false,
|
|
"sort": 0,
|
|
"type": "query"
|
|
},
|
|
{
|
|
"current": {},
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"definition": "SELECT\n isp AS \"ISP\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n isp <> ''\nGROUP BY isp\nORDER BY count(ip) DESC",
|
|
"hide": 0,
|
|
"includeAll": true,
|
|
"multi": true,
|
|
"name": "ISP",
|
|
"options": [],
|
|
"query": "SELECT\n isp AS \"ISP\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n isp <> ''\nGROUP BY isp\nORDER BY count(ip) DESC",
|
|
"refresh": 1,
|
|
"regex": "",
|
|
"skipUrlSync": false,
|
|
"sort": 0,
|
|
"type": "query"
|
|
},
|
|
{
|
|
"current": {},
|
|
"datasource": {
|
|
"type": "mysql",
|
|
"uid": "${DS_HTTP-BADBOTS}"
|
|
},
|
|
"definition": "SELECT\n host AS \"Host\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n host <> ''\nGROUP BY host\nORDER BY count(ip) DESC",
|
|
"hide": 0,
|
|
"includeAll": true,
|
|
"multi": false,
|
|
"name": "Host",
|
|
"options": [],
|
|
"query": "SELECT\n host AS \"Host\"\nFROM connections\nWHERE\n $__timeFilter(timestamp)\nAND\n host <> ''\nGROUP BY host\nORDER BY count(ip) DESC",
|
|
"refresh": 1,
|
|
"regex": "",
|
|
"skipUrlSync": false,
|
|
"sort": 0,
|
|
"type": "query"
|
|
}
|
|
]
|
|
},
|
|
"time": {
|
|
"from": "now-7d",
|
|
"to": "now"
|
|
},
|
|
"timepicker": {
|
|
"refresh_intervals": [
|
|
"5s",
|
|
"10s",
|
|
"30s",
|
|
"1m",
|
|
"5m",
|
|
"15m",
|
|
"30m",
|
|
"1h",
|
|
"2h",
|
|
"1d"
|
|
]
|
|
},
|
|
"timezone": "",
|
|
"title": "HTTP-Badbots",
|
|
"uid": "grOSx5-Mx",
|
|
"version": 26,
|
|
"weekStart": ""
|
|
}
|