{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": true, "gnetId": 12323, "graphTooltip": 0, "id": 2, "links": [], "panels": [ { "circleMaxSize": "15", "circleMinSize": "2", "colors": [ "#FFF899", "#E0B400", "#FA6400", "#C4162A", "#8F3BB8" ], "datasource": "InfluxDB", "decimals": 0, "description": "", "esGeoPoint": "geohash", "esLocationName": "location", "esMetric": "value", "fieldConfig": { "defaults": { "custom": {} }, "overrides": [] }, "gridPos": { "h": 13, "w": 15, "x": 0, "y": 0 }, "hideEmpty": false, "hideZero": false, "id": 2, "initialZoom": "2", "locationData": "geohash", "mapCenter": "Europe", "mapCenterLatitude": 46, "mapCenterLongitude": 14, "maxDataPoints": 1, "mouseWheelZoom": true, "showLegend": true, "stickyLabels": false, "tableQueryOptions": { "geohashField": "geohash", "latitudeField": "latitude", "longitudeField": "longitude", "metricField": "metric", "queryType": "geohash" }, "targets": [ { "groupBy": [ { "params": [ "geohash" ], "type": "tag" } ], "hide": false, "measurement": "geossh", "orderByTime": "ASC", "policy": "default", "query": "SELECT sum( \"value\") as value FROM \"geossh\" GROUP BY \"location\", \"ip\", \"geohash\"", "rawQuery": true, "refId": "A", "resultFormat": "table", "select": [ [ { "params": [ "value" ], "type": "field" } ] ], "tags": [] } ], "thresholds": "2,3,5,10", "timeFrom": null, "timeShift": null, "title": "SSH Attacks Location", "type": "grafana-worldmap-panel", "unitPlural": "attempts", "unitSingle": "", "unitSingular": "attempt", "valueName": "total" }, { "columns": [], "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {} }, "overrides": [] }, "fontSize": "100%", "gridPos": { "h": 13, "w": 9, "x": 15, "y": 0 }, "id": 4, "pageSize": null, "showHeader": true, "sort": { "col": 0, "desc": true }, "styles": [ { "$$hashKey": "object:63", "alias": "Last attempt", "align": "", "dateFormat": "YYYY-MM-DD HH:mm:ss", "pattern": "Time", "type": "date" }, { "$$hashKey": "object:64", "alias": "Tries", "align": "auto", "colorMode": "cell", "colors": [ "rgba(255, 248, 153, 0)", "rgba(255, 84, 88, 0.54)", "rgba(255, 7, 186, 0.53)" ], "decimals": 0, "pattern": "sum", "thresholds": [ "5", "10" ], "type": "number", "unit": "short" } ], "targets": [ { "groupBy": [ { "params": [ "location" ], "type": "tag" }, { "params": [ "ip" ], "type": "tag" }, { "params": [ "username" ], "type": "tag" }, { "params": [ "geohash" ], "type": "tag" } ], "hide": false, "measurement": "geossh", "orderByTime": "ASC", "policy": "default", "query": "SELECT sum( \"value\") FROM \"geossh\" WHERE $timeFilter GROUP BY \"country\", \"ip\"", "rawQuery": true, "refId": "A", "resultFormat": "table", "select": [ [ { "params": [ "value" ], "type": "field" } ] ], "tags": [] }, { "groupBy": [ { "params": [ "$__interval" ], "type": "time" }, { "params": [ "null" ], "type": "fill" } ], "orderByTime": "ASC", "policy": "default", "query": "SELECT last( \"value\") FROM \"geossh\" WHERE $timeFilter GROUP BY \"country\", \"ip\"", "rawQuery": true, "refId": "B", "resultFormat": "table", "select": [ [ { "params": [ "value" ], "type": "field" }, { "params": [], "type": "mean" } ] ], "tags": [] } ], "timeFrom": null, "timeShift": null, "title": "Failed SSH Attempts", "transform": "table", "transformations": [ { "id": "seriesToColumns", "options": { "byField": "ip" } }, { "id": "organize", "options": { "excludeByName": { "last": true }, "indexByName": { "Time": 0, "country": 3, "ip": 1, "last": 5, "location": 2, "sum": 4 }, "renameByName": { "Time": "", "location": "" } } } ], "type": "table-old" }, { "aliasColors": {}, "bars": true, "dashLength": 10, "dashes": false, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, "links": [] }, "overrides": [] }, "fill": 1, "fillGradient": 0, "gridPos": { "h": 9, "w": 24, "x": 0, "y": 13 }, "hiddenSeries": false, "id": 6, "legend": { "alignAsTable": true, "avg": false, "current": false, "max": false, "min": false, "rightSide": true, "show": true, "total": false, "values": false }, "lines": false, "linewidth": 1, "nullPointMode": "null", "options": { "alertThreshold": true }, "percentage": false, "pluginVersion": "7.4.0-8924pre", "pointradius": 10, "points": false, "renderer": "flot", "seriesOverrides": [], "spaceLength": 10, "stack": true, "steppedLine": false, "targets": [ { "alias": "$tag_country: $tag_ip", "groupBy": [ { "params": [ "1h" ], "type": "time" }, { "params": [ "ip" ], "type": "tag" }, { "params": [ "country" ], "type": "tag" }, { "params": [ "null" ], "type": "fill" } ], "measurement": "geossh", "orderByTime": "ASC", "policy": "autogen", "refId": "A", "resultFormat": "time_series", "select": [ [ { "params": [ "value" ], "type": "field" }, { "params": [], "type": "sum" } ] ], "tags": [] } ], "thresholds": [ { "colorMode": "critical", "fill": true, "line": true, "op": "gt", "value": 5 } ], "timeFrom": "7d", "timeRegions": [], "timeShift": null, "title": "SSH Attacks by IP and Country", "tooltip": { "shared": false, "sort": 1, "value_type": "individual" }, "type": "graph", "xaxis": { "buckets": null, "mode": "time", "name": null, "show": true, "values": [] }, "yaxes": [ { "$$hashKey": "object:477", "decimals": 0, "format": "none", "label": "", "logBase": 1, "max": null, "min": null, "show": true }, { "$$hashKey": "object:478", "format": "short", "label": null, "logBase": 1, "max": null, "min": null, "show": false } ], "yaxis": { "align": false, "alignLevel": null } }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": "0.005" }, "datasource": "InfluxDB", "fieldConfig": { "defaults": { "custom": {}, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "fontSize": "80%", "format": "short", "gridPos": { "h": 12, "w": 12, "x": 0, "y": 22 }, "id": 8, "interval": null, "legend": { "percentage": true, "show": true, "sort": "total", "sortDesc": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 1, "nullPointMode": "connected", "pieType": "pie", "pluginVersion": "7.1.0-a7ec9986pre", "strokeWidth": 1, "targets": [ { "alias": "$tag_username", "groupBy": [ { "params": [ "username" ], "type": "tag" } ], "measurement": "geossh", "orderByTime": "ASC", "policy": "default", "refId": "A", "resultFormat": "time_series", "select": [ [ { "params": [ "value" ], "type": "field" }, { "params": [], "type": "sum" } ] ], "tags": [] } ], "timeFrom": null, "timeShift": null, "title": "Most popular usernames", "type": "grafana-piechart-panel", "valueName": "total" }, { "aliasColors": {}, "breakPoint": "50%", "cacheTimeout": null, "combine": { "label": "Others", "threshold": "0.005" }, "datasource": "InfluxDB", "decimals": null, "fieldConfig": { "defaults": { "custom": {} }, "overrides": [] }, "fontSize": "80%", "format": "short", "gridPos": { "h": 12, "w": 12, "x": 12, "y": 22 }, "id": 10, "interval": null, "legend": { "header": "", "percentage": true, "show": true, "sort": "total", "sortDesc": true, "values": true }, "legendType": "Right side", "links": [], "maxDataPoints": 1, "nullPointMode": "connected", "pieType": "pie", "strokeWidth": 1, "targets": [ { "alias": "$tag_country", "groupBy": [ { "params": [ "country" ], "type": "tag" } ], "measurement": "geossh", "orderByTime": "ASC", "policy": "default", "refId": "A", "resultFormat": "time_series", "select": [ [ { "params": [ "value" ], "type": "field" }, { "params": [], "type": "sum" } ] ], "tags": [] } ], "timeFrom": null, "timeShift": null, "title": "Most popular attackers", "type": "grafana-piechart-panel", "valueName": "total" } ], "refresh": "5m", "schemaVersion": 27, "style": "dark", "tags": [], "templating": { "list": [] }, "time": { "from": "now-90d", "to": "now" }, "timepicker": { "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ] }, "timezone": "", "title": "Geohash SSH", "uid": "Qg1DRtWgz", "version": 1 }