{
    "annotations": {
        "list": [
            {
                "builtIn": 1,
                "datasource": "-- Grafana --",
                "enable": true,
                "hide": true,
                "iconColor": "rgba(0, 211, 255, 1)",
                "name": "Annotations & Alerts",
                "target": {
                    "limit": 100,
                    "matchAny": false,
                    "tags": [],
                    "type": "dashboard"
                },
                "type": "dashboard"
            }
        ]
    },
    "editable": true,
    "fiscalYearStartMonth": 0,
    "graphTooltip": 0,
    "id": 11,
    "iteration": 1676163520757,
    "links": [],
    "liveNow": false,
    "panels": [
        {
            "datasource": {
                "type": "cloudwatch",
                "uid": "$datasource"
            },
            "description": "",
            "fieldConfig": {
                "defaults": {
                    "mappings": [],
                    "thresholds": {
                        "mode": "percentage",
                        "steps": [
                            {
                                "color": "green",
                                "value": null
                            },
                            {
                                "color": "orange",
                                "value": 70
                            },
                            {
                                "color": "red",
                                "value": 85
                            }
                        ]
                    }
                },
                "overrides": []
            },
            "gridPos": {
                "h": 5,
                "w": 3,
                "x": 0,
                "y": 0
            },
            "id": 25,
            "options": {
                "orientation": "auto",
                "reduceOptions": {
                    "calcs": [
                        "lastNotNull"
                    ],
                    "fields": "",
                    "values": false
                },
                "showThresholdLabels": false,
                "showThresholdMarkers": true
            },
            "pluginVersion": "8.4.7",
            "targets": [
                {
                    "datasource": {
                        "type": "cloudwatch",
                        "uid": "$datasource"
                    },
                    "expression": "fields responseStatus\n| filter responseStatus.code = '403'\n| stats count (*) \n| limit 1",
                    "id": "",
                    "logGroupNames": [
                        "$loggroupname"
                    ],
                    "namespace": "",
                    "queryMode": "Logs",
                    "refId": "A",
                    "region": "$region",
                    "statsGroups": []
                }
            ],
            "title": "NonAuthenticatedAccess",
            "type": "gauge"
        },
        {
            "datasource": {
                "type": "cloudwatch",
                "uid": "$datasource"
            },
            "fieldConfig": {
                "defaults": {
                    "color": {
                        "mode": "thresholds"
                    },
                    "mappings": [],
                    "thresholds": {
                        "mode": "absolute",
                        "steps": [
                            {
                                "color": "green",
                                "value": null
                            },
                            {
                                "color": "red",
                                "value": 1
                            }
                        ]
                    }
                },
                "overrides": []
            },
            "gridPos": {
                "h": 5,
                "w": 3,
                "x": 3,
                "y": 0
            },
            "id": 24,
            "options": {
                "colorMode": "background",
                "graphMode": "none",
                "justifyMode": "center",
                "orientation": "horizontal",
                "reduceOptions": {
                    "calcs": [
                        "last"
                    ],
                    "fields": "",
                    "values": false
                },
                "text": {
                    "titleSize": 1
                },
                "textMode": "value"
            },
            "pluginVersion": "8.4.7",
            "targets": [
                {
                    "datasource": {
                        "type": "cloudwatch",
                        "uid": "$datasource"
                    },
                    "expression": "fields objectRef\n| filter objectRef.subresource = 'exec'",
                    "id": "",
                    "logGroupNames": [
                        "prometheus"
                    ],
                    "namespace": "",
                    "queryMode": "Logs",
                    "refId": "A",
                    "region": "default",
                    "statsGroups": []
                }
            ],
            "title": "ExecAttemption",
            "type": "stat"
        },
        {
            "datasource": {
                "type": "cloudwatch",
                "uid": "$datasource"
            },
            "fieldConfig": {
                "defaults": {
                    "color": {
                        "mode": "thresholds"
                    },
                    "mappings": [],
                    "thresholds": {
                        "mode": "absolute",
                        "steps": [
                            {
                                "color": "green",
                                "value": null
                            },
                            {
                                "color": "red",
                                "value": 1
                            }
                        ]
                    }
                },
                "overrides": []
            },
            "gridPos": {
                "h": 5,
                "w": 3,
                "x": 6,
                "y": 0
            },
            "id": 16,
            "options": {
                "colorMode": "background",
                "graphMode": "none",
                "justifyMode": "center",
                "orientation": "horizontal",
                "reduceOptions": {
                    "calcs": [
                        "count"
                    ],
                    "fields": "/^annotations\\.authorization\\.k8s\\.io/reason$/",
                    "values": false
                },
                "text": {
                    "titleSize": 1
                },
                "textMode": "value"
            },
            "pluginVersion": "8.4.7",
            "targets": [
                {
                    "datasource": {
                        "type": "cloudwatch",
                        "uid": "$datasource"
                    },
                    "expression": "fields `annotations.authorization.k8s.io/reason`\n| filter `annotations.authorization.k8s.io/decision` = 'forbid'",
                    "id": "",
                    "logGroupNames": [
                        "$loggroupname"
                    ],
                    "namespace": "",
                    "queryMode": "Logs",
                    "refId": "A",
                    "region": "default",
                    "statsGroups": []
                }
            ],
            "title": "ForbiddenAccessAttemption",
            "type": "stat"
        },
        {
            "datasource": {
                "type": "cloudwatch",
                "uid": "$datasource"
            },
            "fieldConfig": {
                "defaults": {
                    "custom": {
                        "align": "auto",
                        "displayMode": "auto"
                    },
                    "mappings": [],
                    "thresholds": {
                        "mode": "absolute",
                        "steps": [
                            {
                                "color": "green",
                                "value": null
                            },
                            {
                                "color": "red",
                                "value": 80
                            }
                        ]
                    }
                },
                "overrides": [
                    {
                        "matcher": {
                            "id": "byName",
                            "options": "userAgent"
                        },
                        "properties": [
                            {
                                "id": "custom.width",
                                "value": 461
                            }
                        ]
                    },
                    {
                        "matcher": {
                            "id": "byName",
                            "options": "user.username"
                        },
                        "properties": [
                            {
                                "id": "custom.width",
                                "value": 139
                            }
                        ]
                    },
                    {
                        "matcher": {
                            "id": "byName",
                            "options": "UA"
                        },
                        "properties": [
                            {
                                "id": "custom.width",
                                "value": 73
                            }
                        ]
                    }
                ]
            },
            "gridPos": {
                "h": 5,
                "w": 15,
                "x": 9,
                "y": 0
            },
            "id": 37,
            "options": {
                "footer": {
                    "fields": "",
                    "reducer": [
                        "sum"
                    ],
                    "show": false
                },
                "showHeader": true,
                "sortBy": []
            },
            "pluginVersion": "8.4.7",
            "targets": [
                {
                    "datasource": {
                        "type": "cloudwatch",
                        "uid": "$datasource"
                    },
                    "expression": "fields userAgent, user.username\n| filter ispresent (userAgent) and user.username not like /system/\n| stats count (*) as UserAgent by userAgent, user.username\n| sort UserAgent desc\n| limit 10",
                    "id": "",
                    "logGroupNames": [
                        "$loggroupname"
                    ],
                    "namespace": "",
                    "queryMode": "Logs",
                    "refId": "A",
                    "region": "default",
                    "statsGroups": [
                        "userAgent",
                        "user.username"
                    ]
                }
            ],
            "title": "User access",
            "type": "table"
        },
        {
            "datasource": {
                "type": "cloudwatch",
                "uid": "$datasource"
            },
            "description": "",
            "fieldConfig": {
                "defaults": {
                    "color": {
                        "mode": "thresholds"
                    },
                    "custom": {
                        "align": "auto",
                        "displayMode": "auto",
                        "filterable": false
                    },
                    "mappings": [],
                    "thresholds": {
                        "mode": "absolute",
                        "steps": [
                            {
                                "color": "green",
                                "value": null
                            },
                            {
                                "color": "red",
                                "value": 80
                            }
                        ]
                    }
                },
                "overrides": [
                    {
                        "matcher": {
                            "id": "byName",
                            "options": "Requests"
                        },
                        "properties": [
                            {
                                "id": "custom.width",
                                "value": 300
                            },
                            {
                                "id": "custom.displayMode",
                                "value": "gradient-gauge"
                            },
                            {
                                "id": "color",
                                "value": {
                                    "mode": "continuous-BlPu"
                                }
                            }
                        ]
                    },
                    {
                        "matcher": {
                            "id": "byName",
                            "options": "userAgent"
                        },
                        "properties": [
                            {
                                "id": "custom.width",
                                "value": 580
                            }
                        ]
                    }
                ]
            },
            "gridPos": {
                "h": 10,
                "w": 13,
                "x": 0,
                "y": 5
            },
            "id": 35,
            "maxDataPoints": 1,
            "options": {
                "footer": {
                    "fields": "",
                    "reducer": [
                        "sum"
                    ],
                    "show": false
                },
                "showHeader": true,
                "sortBy": []
            },
            "pluginVersion": "8.4.7",
            "targets": [
                {
                    "datasource": {
                        "type": "cloudwatch",
                        "uid": "$datasource"
                    },
                    "expression": "fields userAgent\n| filter ispresent (userAgent)\n| stats count (*) as Count by userAgent\n| sort Count desc\n| limit 10",
                    "id": "",
                    "logGroupNames": [
                        "$loggroupname"
                    ],
                    "namespace": "",
                    "queryMode": "Logs",
                    "refId": "A",
                    "region": "default",
                    "statsGroups": [
                        "userAgent"
                    ]
                }
            ],
            "title": "Cluster Activated Top User Agents",
            "transformations": [
                {
                    "id": "organize",
                    "options": {
                        "excludeByName": {
                            "Field": false,
                            "Time": true
                        },
                        "indexByName": {},
                        "renameByName": {
                            "Field": "Agent",
                            "Total": "Requests",
                            "Value #A": "Requests",
                            "http_user_agent": "User agent"
                        }
                    }
                }
            ],
            "type": "table"
        },
        {
            "datasource": {
                "type": "cloudwatch",
                "uid": "$datasource"
            },
            "description": "",
            "fieldConfig": {
                "defaults": {
                    "color": {
                        "mode": "palette-classic"
                    },
                    "custom": {
                        "hideFrom": {
                            "legend": false,
                            "tooltip": false,
                            "viz": false
                        }
                    },
                    "mappings": []
                },
                "overrides": []
            },
            "gridPos": {
                "h": 10,
                "w": 11,
                "x": 13,
                "y": 5
            },
            "id": 29,
            "options": {
                "displayLabels": [
                    "percent"
                ],
                "legend": {
                    "displayMode": "list",
                    "placement": "right",
                    "values": []
                },
                "pieType": "donut",
                "reduceOptions": {
                    "calcs": [
                        "lastNotNull"
                    ],
                    "fields": "",
                    "values": true
                },
                "tooltip": {
                    "mode": "single",
                    "sort": "none"
                }
            },
            "pluginVersion": "8.4.7",
            "targets": [
                {
                    "datasource": {
                        "type": "cloudwatch",
                        "uid": "$datasource"
                    },
                    "expression": "fields sourceIPs.0\n| filter ispresent (sourceIPs.0) and sourceIPs.0 not like /::1/\n| stats count (*) as SRC_IP_Count by sourceIPs.0\n| sort SRC_IP desc\n| limit 10",
                    "id": "",
                    "logGroupNames": [
                        "$loggroupname"
                    ],
                    "namespace": "",
                    "queryMode": "Logs",
                    "refId": "A",
                    "region": "default",
                    "statsGroups": [
                        "sourceIPs.0"
                    ]
                }
            ],
            "title": "Privileged ",
            "type": "piechart"
        }
    ],
    "refresh": "",
    "schemaVersion": 35,
    "style": "dark",
    "tags": [
        "ROSA",
        "AWS",
        "OpenShift",
        "CloudWatch",
        "Audit Logs"
    ],
    "templating": {
        "list": [
            {
                "current": {
                    "selected": false,
                    "text": "Amazon CloudWatch ap-southeast-2",
                    "value": "Amazon CloudWatch ap-southeast-2"
                },
                "hide": 0,
                "includeAll": false,
                "label": "Data source",
                "multi": false,
                "name": "datasource",
                "options": [],
                "query": "cloudwatch",
                "refresh": 1,
                "regex": "",
                "skipUrlSync": false,
                "type": "datasource"
            },
            {
                "current": {
                    "selected": false,
                    "text": "default",
                    "value": "default"
                },
                "datasource": {
                    "type": "datasource",
                    "uid": "$datasource"
                },
                "definition": "regions()",
                "hide": 0,
                "includeAll": false,
                "label": "Region",
                "multi": false,
                "name": "region",
                "options": [],
                "query": "regions()",
                "refresh": 1,
                "regex": "",
                "skipUrlSync": false,
                "sort": 0,
                "tagValuesQuery": "",
                "tagsQuery": "",
                "type": "query",
                "useTags": false
            },
            {
                "current": {
                    "selected": false,
                    "text": "indonesia-nf6wn.audit",
                    "value": "indonesia-nf6wn.audit"
                },
                "datasource": {
                    "uid": "${datasource}"
                },
                "definition": "",
                "hide": 0,
                "includeAll": false,
                "label": "LogGroupName",
                "multi": false,
                "name": "loggroupname",
                "options": [],
                "query": "dimension_values($region, AWS/Logs, IncomingBytes, LogGroupName)",
                "refresh": 2,
                "regex": "",
                "skipUrlSync": false,
                "sort": 0,
                "tagValuesQuery": "",
                "tagsQuery": "",
                "type": "query",
                "useTags": false
            }
        ]
    },
    "time": {
        "from": "now-30d",
        "to": "now"
    },
    "timepicker": {},
    "timezone": "",
    "title": "Red Hat OpenShift Service on AWS (ROSA) Audit Dashboard",
    "uid": "lTSnDBuMz",
    "version": 1,
    "weekStart": ""
}