Created
October 17, 2023 18:23
-
-
Save asachs01/943a0d44667ff059c1302ed0db36210d to your computer and use it in GitHub Desktop.
Grafana Dashboard for Windows Account Lockouts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "__inputs": [ | |
| { | |
| "name": "DS_LOKI", | |
| "label": "Loki", | |
| "description": "", | |
| "type": "datasource", | |
| "pluginId": "loki", | |
| "pluginName": "Loki" | |
| } | |
| ], | |
| "__elements": {}, | |
| "__requires": [ | |
| { | |
| "type": "grafana", | |
| "id": "grafana", | |
| "name": "Grafana", | |
| "version": "10.1.2" | |
| }, | |
| { | |
| "type": "panel", | |
| "id": "logs", | |
| "name": "Logs", | |
| "version": "" | |
| }, | |
| { | |
| "type": "datasource", | |
| "id": "loki", | |
| "name": "Loki", | |
| "version": "1.0.0" | |
| }, | |
| { | |
| "type": "panel", | |
| "id": "piechart", | |
| "name": "Pie chart", | |
| "version": "" | |
| }, | |
| { | |
| "type": "panel", | |
| "id": "stat", | |
| "name": "Stat", | |
| "version": "" | |
| }, | |
| { | |
| "type": "panel", | |
| "id": "table", | |
| "name": "Table", | |
| "version": "" | |
| }, | |
| { | |
| "type": "panel", | |
| "id": "timeseries", | |
| "name": "Time series", | |
| "version": "" | |
| } | |
| ], | |
| "annotations": { | |
| "list": [ | |
| { | |
| "builtIn": 1, | |
| "datasource": { | |
| "type": "grafana", | |
| "uid": "-- Grafana --" | |
| }, | |
| "enable": true, | |
| "hide": true, | |
| "iconColor": "rgba(0, 211, 255, 1)", | |
| "name": "Annotations & Alerts", | |
| "type": "dashboard" | |
| } | |
| ] | |
| }, | |
| "editable": true, | |
| "fiscalYearStartMonth": 0, | |
| "graphTooltip": 0, | |
| "id": null, | |
| "links": [], | |
| "liveNow": false, | |
| "panels": [ | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| } | |
| }, | |
| "mappings": [], | |
| "unit": "none" | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 0, | |
| "y": 0 | |
| }, | |
| "id": 6, | |
| "options": { | |
| "displayLabels": [ | |
| "name", | |
| "value" | |
| ], | |
| "legend": { | |
| "displayMode": "list", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "pieType": "pie", | |
| "reduceOptions": { | |
| "calcs": [ | |
| "lastNotNull" | |
| ], | |
| "fields": "", | |
| "values": false | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "pluginVersion": "10.1.2", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "editorMode": "code", | |
| "expr": "sum by (LockoutSource) (count_over_time({job=\"windows_security\"} | json | event_id = `4740` | line_format \"{{.event_data}}\" | regexp \"'TargetDomainName'>(?P<LockoutSource>[^<]+)<\" [$__range]))", | |
| "legendFormat": "{{LockoutSource}}", | |
| "queryType": "range", | |
| "refId": "A" | |
| } | |
| ], | |
| "title": "Count of Largest Lockout Sources", | |
| "transformations": [], | |
| "type": "piechart" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| }, | |
| "unit": "none" | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 12, | |
| "x": 12, | |
| "y": 0 | |
| }, | |
| "id": 7, | |
| "options": { | |
| "colorMode": "value", | |
| "graphMode": "area", | |
| "justifyMode": "auto", | |
| "orientation": "auto", | |
| "reduceOptions": { | |
| "calcs": [ | |
| "lastNotNull" | |
| ], | |
| "fields": "", | |
| "values": false | |
| }, | |
| "textMode": "auto" | |
| }, | |
| "pluginVersion": "10.1.2", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "editorMode": "code", | |
| "expr": "topk(5,sum by (UserName) (count_over_time({job=\"windows_security\"} | json | event_id = `4740` | line_format \"{{.event_data}}\" | regexp \"'TargetUserName'>(?P<UserName>[^<]+)<\" [$__range])))", | |
| "legendFormat": "{{LockoutSource}}", | |
| "queryType": "range", | |
| "refId": "A" | |
| } | |
| ], | |
| "title": "Count of Locked Out Usernames", | |
| "transformations": [ | |
| { | |
| "id": "limit", | |
| "options": { | |
| "limitField": 10 | |
| } | |
| } | |
| ], | |
| "type": "stat" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "palette-classic" | |
| }, | |
| "custom": { | |
| "axisCenteredZero": false, | |
| "axisColorMode": "text", | |
| "axisLabel": "", | |
| "axisPlacement": "auto", | |
| "barAlignment": 0, | |
| "drawStyle": "line", | |
| "fillOpacity": 0, | |
| "gradientMode": "none", | |
| "hideFrom": { | |
| "legend": false, | |
| "tooltip": false, | |
| "viz": false | |
| }, | |
| "insertNulls": false, | |
| "lineInterpolation": "linear", | |
| "lineWidth": 1, | |
| "pointSize": 5, | |
| "scaleDistribution": { | |
| "type": "linear" | |
| }, | |
| "showPoints": "auto", | |
| "spanNulls": true, | |
| "stacking": { | |
| "group": "A", | |
| "mode": "none" | |
| }, | |
| "thresholdsStyle": { | |
| "mode": "off" | |
| } | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| }, | |
| "unit": "none" | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 8, | |
| "w": 24, | |
| "x": 0, | |
| "y": 8 | |
| }, | |
| "id": 2, | |
| "options": { | |
| "legend": { | |
| "calcs": [], | |
| "displayMode": "list", | |
| "placement": "bottom", | |
| "showLegend": true | |
| }, | |
| "tooltip": { | |
| "mode": "single", | |
| "sort": "none" | |
| } | |
| }, | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "editorMode": "code", | |
| "expr": "sum(count_over_time({job=\"windows_security\"} | json | event_id = `4740`[$__range]))", | |
| "queryType": "range", | |
| "refId": "A" | |
| } | |
| ], | |
| "title": "Sum of lockouts by range", | |
| "type": "timeseries" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "fieldConfig": { | |
| "defaults": { | |
| "color": { | |
| "mode": "thresholds" | |
| }, | |
| "custom": { | |
| "align": "auto", | |
| "cellOptions": { | |
| "type": "auto" | |
| }, | |
| "filterable": true, | |
| "inspect": false | |
| }, | |
| "mappings": [], | |
| "thresholds": { | |
| "mode": "absolute", | |
| "steps": [ | |
| { | |
| "color": "green", | |
| "value": null | |
| }, | |
| { | |
| "color": "red", | |
| "value": 80 | |
| } | |
| ] | |
| } | |
| }, | |
| "overrides": [] | |
| }, | |
| "gridPos": { | |
| "h": 27, | |
| "w": 24, | |
| "x": 0, | |
| "y": 16 | |
| }, | |
| "id": 5, | |
| "options": { | |
| "cellHeight": "sm", | |
| "footer": { | |
| "countRows": false, | |
| "enablePagination": true, | |
| "fields": "", | |
| "reducer": [ | |
| "sum" | |
| ], | |
| "show": false | |
| }, | |
| "showHeader": true, | |
| "sortBy": [ | |
| { | |
| "desc": true, | |
| "displayName": "Time" | |
| } | |
| ] | |
| }, | |
| "pluginVersion": "10.1.2", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "editorMode": "code", | |
| "expr": "{job=\"windows_security\"} \n| json \n| event_id = `4740` \n| line_format \"{{.event_data}}\"\n| regexp \"'TargetUserName'>(?P<UserName>[^<]+)<\"\n| regexp \"'TargetDomainName'>(?P<LockoutSource>[^<]+)<\"\n", | |
| "maxLines": 5000, | |
| "queryType": "range", | |
| "refId": "A" | |
| } | |
| ], | |
| "title": "Live lockouts", | |
| "transformations": [ | |
| { | |
| "id": "extractFields", | |
| "options": { | |
| "source": "labels" | |
| } | |
| }, | |
| { | |
| "id": "filterFieldsByName", | |
| "options": { | |
| "include": { | |
| "names": [ | |
| "Time", | |
| "LockoutSource", | |
| "UserName", | |
| "computer", | |
| "eventRecordID", | |
| "event_data", | |
| "message", | |
| "timeCreated" | |
| ] | |
| } | |
| } | |
| } | |
| ], | |
| "type": "table" | |
| }, | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "gridPos": { | |
| "h": 18, | |
| "w": 24, | |
| "x": 0, | |
| "y": 43 | |
| }, | |
| "id": 4, | |
| "options": { | |
| "dedupStrategy": "none", | |
| "enableLogDetails": true, | |
| "prettifyLogMessage": true, | |
| "showCommonLabels": false, | |
| "showLabels": false, | |
| "showTime": false, | |
| "sortOrder": "Descending", | |
| "wrapLogMessage": false | |
| }, | |
| "pluginVersion": "10.1.0", | |
| "targets": [ | |
| { | |
| "datasource": { | |
| "type": "loki", | |
| "uid": "${DS_LOKI}" | |
| }, | |
| "editorMode": "code", | |
| "expr": "{job=\"windows_security\"} | json | event_id = `4740` | line_format \"{{.message}}\"", | |
| "maxLines": 1000, | |
| "queryType": "range", | |
| "refId": "A" | |
| } | |
| ], | |
| "title": "Live lockouts (details)", | |
| "type": "logs" | |
| } | |
| ], | |
| "refresh": "5m", | |
| "schemaVersion": 38, | |
| "style": "dark", | |
| "tags": [], | |
| "templating": { | |
| "list": [] | |
| }, | |
| "time": { | |
| "from": "now-15m", | |
| "to": "now" | |
| }, | |
| "timepicker": {}, | |
| "timezone": "", | |
| "title": "Account Lockouts", | |
| "uid": "e0ffb9f4-6ab1-4dbc-8981-21ec924da7da", | |
| "version": 20, | |
| "weekStart": "" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment