{ "title": "CloudTrail Dashboard", "services": { "query": { "list": { "0": { "query": "eventSource:dynamodb.amazonaws.com", "alias": "DynamoDB", "color": "#7EB26D", "id": 0, "pin": true, "type": "lucene", "enable": true }, "1": { "id": 1, "color": "#EAB839", "alias": "CloudWatch", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:monitoring.amazonaws.com" }, "2": { "id": 2, "color": "#6ED0E0", "alias": "EMR", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:elasticmapreduce.amazonaws.com" }, "3": { "id": 3, "color": "#EF843C", "alias": "Autoscaling", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:autoscaling.amazonaws.com" }, "4": { "id": 4, "color": "#E24D42", "alias": "KMS", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:kms.amazonaws.com" }, "5": { "id": 5, "color": "#1F78C1", "alias": "Kinesis", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:kinesis.amazonaws.com" }, "6": { "id": 6, "color": "#BA43A9", "alias": "ELB", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:elasticloadbalancing.amazonaws.com" }, "7": { "id": 7, "color": "#705DA0", "alias": "EC2", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:ec2.amazonaws.com" }, "8": { "id": 8, "color": "#508642", "alias": "Sign In", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:signin.amazonaws.com" }, "9": { "id": 9, "color": "#CCA300", "alias": "IAM", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:iam.amazonaws.com" }, "10": { "id": 10, "color": "#447EBC", "alias": "SNS", "pin": true, "type": "lucene", "enable": true, "query": "eventSource:sns.amazonaws.com" }, "11": { "id": 11, "color": "#C15C17", "alias": "Root", "pin": true, "type": "lucene", "enable": true, "query": "userIdentity.type:Root" }, "12": { "id": 12, "color": "#890F02", "alias": "AssumedRole", "pin": true, "type": "lucene", "enable": true, "query": "userIdentity.type:AssumedRole" }, "13": { "id": 13, "color": "#0A437C", "alias": "IAMUser", "pin": true, "type": "lucene", "enable": true, "query": "userIdentity.type:IAMUser" } }, "ids": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 ] }, "filter": { "list": { "0": { "type": "time", "field": "eventTime", "from": "now-3h", "to": "now", "mandate": "must", "active": true, "alias": "", "id": 0 } }, "ids": [ 0 ] } }, "rows": [ { "title": "Activity", "height": "140px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 12, "editable": false, "type": "text", "loadingEditor": false, "mode": "text", "content": "", "style": { "font-size": "10pt" }, "title": "Activity by Source" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 7 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "EC2" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 3 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "Autoscaling" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 5 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "Kinesis" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 0 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "DynamoDB" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 2 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "EMR" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 9 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "IAM" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 1 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "CloudWatch" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 10 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": false, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "SNS" }, { "error": false, "span": 12, "editable": false, "type": "text", "loadingEditor": false, "mode": "text", "content": "", "style": { "font-size": "10pt" }, "title": "Activity by User Type" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 11 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": true, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "Root" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 13 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": true, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "IAM" }, { "span": 3, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "eventTime", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": null }, "queries": { "mode": "selected", "ids": [ 12 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "1m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 2, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": true, "zoomlinks": false, "options": false, "legend": false, "show_query": false, "interactive": true, "legend_counts": false, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "Assume Role" } ], "notice": false }, { "title": "Top N", "height": "150px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 12, "editable": false, "type": "text", "loadingEditor": false, "mode": "text", "content": "", "style": { "font-size": "10pt" }, "title": "Top N Reports" }, { "error": false, "span": 6, "editable": true, "type": "terms", "loadingEditor": false, "field": "eventSource", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "8pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "queries": { "mode": "unpinned", "ids": [] }, "tmode": "terms", "tstat": "total", "valuefield": "", "title": "Top 10 Sources" }, { "error": false, "span": 6, "editable": true, "type": "terms", "loadingEditor": false, "field": "eventSource", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "8pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "queries": { "mode": "selected", "ids": [ 11 ] }, "tmode": "terms", "tstat": "total", "valuefield": "", "title": "Top 10 Sources With Root Access" } ], "notice": false }, { "title": "Events", "height": "398px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 12, "editable": false, "type": "text", "loadingEditor": false, "mode": "text", "content": "", "style": { "font-size": "10pt" }, "title": "Events" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "sourceIPAddress", "userIdentity.type", "userAgent", "eventName", "eventType", "responseElements.ConsoleLogin", "additionalEventData.MFAUsed" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 8 ] }, "field_list": false, "status": "Stable", "trimFactor": 450, "normTimes": true, "title": "AWS Console Sign-Ins", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventName", "requestParameters.instanceId", "sourceIPAddress", "userIdentity.type", "userAgent" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 7 ] }, "field_list": false, "status": "Stable", "trimFactor": 300, "normTimes": true, "title": "EC2 Events", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventName", "requestParameters.streamName", "userIdentity.type", "userAgent", "sourceIPAddress" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 5 ] }, "field_list": false, "status": "Stable", "trimFactor": 400, "normTimes": true, "title": "Kinesis Events", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventName", "userIdentity.type", "userIdentity.userName", "userAgent", "requestParameters.autoScalingGroupName" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 3 ] }, "field_list": false, "status": "Stable", "trimFactor": 350, "normTimes": true, "title": "Autoscaling Events", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventName", "sourceIPAddress", "userIdentity.type", "requestParameters.tableName" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 0 ] }, "field_list": false, "status": "Stable", "trimFactor": 350, "normTimes": true, "title": "DynamoDB Events", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventName", "requestParameters.namespace", "requestParameters.metricName", "sourceIPAddress", "userIdentity.type", "userAgent" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 1 ] }, "field_list": false, "status": "Stable", "trimFactor": 300, "normTimes": true, "title": "CloudWatch Events", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventName", "sourceIPAddress", "userIdentity.type", "userAgent", "userIdentity.sessionContext.sessionIssuer.arn" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 9 ] }, "field_list": false, "status": "Stable", "trimFactor": 300, "normTimes": true, "title": "IAM Events", "all_fields": false, "localTime": true, "timeField": "eventTime" }, { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 10, "pages": 10, "offset": 0, "sort": [ "eventTime", "desc" ], "style": { "font-size": "8pt" }, "overflow": "min-height", "fields": [ "eventTime", "eventSource", "eventName", "userIdentity.userName", "userIdentity.type", "sourceIPAddress", "userAgent" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 ] }, "field_list": false, "status": "Stable", "trimFactor": 300, "normTimes": true, "title": "All Events", "all_fields": false, "localTime": true, "timeField": "eventTime" } ], "notice": false } ], "editable": true, "index": { "interval": "day", "pattern": "[cwl-]YYYY.MM.DD", "default": "_all", "warm_fields": true }, "style": "light", "failover": false, "panel_hints": true, "loader": { "save_gist": false, "save_elasticsearch": true, "save_local": true, "save_default": true, "save_temp": true, "save_temp_ttl_enable": true, "save_temp_ttl": "30d", "load_gist": false, "load_elasticsearch": true, "load_elasticsearch_size": 20, "load_local": true, "hide": false }, "pulldowns": [ { "type": "query", "collapse": true, "notice": false, "query": "*", "pinned": true, "history": [], "remember": 10, "enable": true }, { "type": "filtering", "collapse": true, "notice": true, "enable": true } ], "nav": [ { "type": "timepicker", "collapse": false, "notice": false, "status": "Stable", "time_options": [ "15m", "1h", "3h", "6h", "8h", "12h", "24h", "2d", "7d", "30d" ], "refresh_intervals": [ "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "timefield": "eventTime", "enable": true, "now": true, "filter_id": 0 } ], "refresh": "5m" }