{ "annotations": { "list": [ { "builtIn": 1, "datasource": "-- Grafana --", "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": 11, "iteration": 1676163520757, "links": [], "liveNow": false, "panels": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "description": "", "fieldConfig": { "defaults": { "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "orange", "value": 70 }, { "color": "red", "value": 85 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 0, "y": 0 }, "id": 25, "options": { "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "showThresholdLabels": false, "showThresholdMarkers": true }, "pluginVersion": "8.4.7", "targets": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "expression": "fields responseStatus\n| filter responseStatus.code = '403'\n| stats count (*) \n| limit 1", "id": "", "logGroupNames": [ "$loggroupname" ], "namespace": "", "queryMode": "Logs", "refId": "A", "region": "$region", "statsGroups": [] } ], "title": "NonAuthenticatedAccess", "type": "gauge" }, { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 3, "y": 0 }, "id": 24, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "center", "orientation": "horizontal", "reduceOptions": { "calcs": [ "last" ], "fields": "", "values": false }, "text": { "titleSize": 1 }, "textMode": "value" }, "pluginVersion": "8.4.7", "targets": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "expression": "fields objectRef\n| filter objectRef.subresource = 'exec'", "id": "", "logGroupNames": [ "prometheus" ], "namespace": "", "queryMode": "Logs", "refId": "A", "region": "default", "statsGroups": [] } ], "title": "ExecAttemption", "type": "stat" }, { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 1 } ] } }, "overrides": [] }, "gridPos": { "h": 5, "w": 3, "x": 6, "y": 0 }, "id": 16, "options": { "colorMode": "background", "graphMode": "none", "justifyMode": "center", "orientation": "horizontal", "reduceOptions": { "calcs": [ "count" ], "fields": "/^annotations\\.authorization\\.k8s\\.io/reason$/", "values": false }, "text": { "titleSize": 1 }, "textMode": "value" }, "pluginVersion": "8.4.7", "targets": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "expression": "fields `annotations.authorization.k8s.io/reason`\n| filter `annotations.authorization.k8s.io/decision` = 'forbid'", "id": "", "logGroupNames": [ "$loggroupname" ], "namespace": "", "queryMode": "Logs", "refId": "A", "region": "default", "statsGroups": [] } ], "title": "ForbiddenAccessAttemption", "type": "stat" }, { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "displayMode": "auto" }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "userAgent" }, "properties": [ { "id": "custom.width", "value": 461 } ] }, { "matcher": { "id": "byName", "options": "user.username" }, "properties": [ { "id": "custom.width", "value": 139 } ] }, { "matcher": { "id": "byName", "options": "UA" }, "properties": [ { "id": "custom.width", "value": 73 } ] } ] }, "gridPos": { "h": 5, "w": 15, "x": 9, "y": 0 }, "id": 37, "options": { "footer": { "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "8.4.7", "targets": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "expression": "fields userAgent, user.username\n| filter ispresent (userAgent) and user.username not like /system/\n| stats count (*) as UserAgent by userAgent, user.username\n| sort UserAgent desc\n| limit 10", "id": "", "logGroupNames": [ "$loggroupname" ], "namespace": "", "queryMode": "Logs", "refId": "A", "region": "default", "statsGroups": [ "userAgent", "user.username" ] } ], "title": "User access", "type": "table" }, { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "displayMode": "auto", "filterable": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Requests" }, "properties": [ { "id": "custom.width", "value": 300 }, { "id": "custom.displayMode", "value": "gradient-gauge" }, { "id": "color", "value": { "mode": "continuous-BlPu" } } ] }, { "matcher": { "id": "byName", "options": "userAgent" }, "properties": [ { "id": "custom.width", "value": 580 } ] } ] }, "gridPos": { "h": 10, "w": 13, "x": 0, "y": 5 }, "id": 35, "maxDataPoints": 1, "options": { "footer": { "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "8.4.7", "targets": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "expression": "fields userAgent\n| filter ispresent (userAgent)\n| stats count (*) as Count by userAgent\n| sort Count desc\n| limit 10", "id": "", "logGroupNames": [ "$loggroupname" ], "namespace": "", "queryMode": "Logs", "refId": "A", "region": "default", "statsGroups": [ "userAgent" ] } ], "title": "Cluster Activated Top User Agents", "transformations": [ { "id": "organize", "options": { "excludeByName": { "Field": false, "Time": true }, "indexByName": {}, "renameByName": { "Field": "Agent", "Total": "Requests", "Value #A": "Requests", "http_user_agent": "User agent" } } } ], "type": "table" }, { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 10, "w": 11, "x": 13, "y": 5 }, "id": 29, "options": { "displayLabels": [ "percent" ], "legend": { "displayMode": "list", "placement": "right", "values": [] }, "pieType": "donut", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": true }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "8.4.7", "targets": [ { "datasource": { "type": "cloudwatch", "uid": "$datasource" }, "expression": "fields sourceIPs.0\n| filter ispresent (sourceIPs.0) and sourceIPs.0 not like /::1/\n| stats count (*) as SRC_IP_Count by sourceIPs.0\n| sort SRC_IP desc\n| limit 10", "id": "", "logGroupNames": [ "$loggroupname" ], "namespace": "", "queryMode": "Logs", "refId": "A", "region": "default", "statsGroups": [ "sourceIPs.0" ] } ], "title": "Privileged ", "type": "piechart" } ], "refresh": "", "schemaVersion": 35, "style": "dark", "tags": [ "ROSA", "AWS", "OpenShift", "CloudWatch", "Audit Logs" ], "templating": { "list": [ { "current": { "selected": false, "text": "Amazon CloudWatch ap-southeast-2", "value": "Amazon CloudWatch ap-southeast-2" }, "hide": 0, "includeAll": false, "label": "Data source", "multi": false, "name": "datasource", "options": [], "query": "cloudwatch", "refresh": 1, "regex": "", "skipUrlSync": false, "type": "datasource" }, { "current": { "selected": false, "text": "default", "value": "default" }, "datasource": { "type": "datasource", "uid": "$datasource" }, "definition": "regions()", "hide": 0, "includeAll": false, "label": "Region", "multi": false, "name": "region", "options": [], "query": "regions()", "refresh": 1, "regex": "", "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", "tagsQuery": "", "type": "query", "useTags": false }, { "current": { "selected": false, "text": "indonesia-nf6wn.audit", "value": "indonesia-nf6wn.audit" }, "datasource": { "uid": "${datasource}" }, "definition": "", "hide": 0, "includeAll": false, "label": "LogGroupName", "multi": false, "name": "loggroupname", "options": [], "query": "dimension_values($region, AWS/Logs, IncomingBytes, LogGroupName)", "refresh": 2, "regex": "", "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", "tagsQuery": "", "type": "query", "useTags": false } ] }, "time": { "from": "now-30d", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Red Hat OpenShift Service on AWS (ROSA) Audit Dashboard", "uid": "lTSnDBuMz", "version": 1, "weekStart": "" }