Created
December 9, 2022 09:31
-
-
Save ashwanth1109/6b302ab2c8d8d4e6a4d33277c11edbbb to your computer and use it in GitHub Desktop.
High CPU working yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: high_cpu | |
| title: High CPU Advisory | |
| triageGraph: | |
| context: | |
| name: cpu_utilization | |
| label: CPU Utilization | |
| description: There is significant increase in the CPU | |
| indicators: | |
| - name: CPU over time | |
| preHelpText: There was a significatn increase in the CPU | |
| postHelpText: Let's evaluate what could be the possible cause for it | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_5607084a-7af6-4eb7-9495-8246e739f6ca | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: smtp_connections | |
| label: SMTP Connections | |
| description: Is SMTP Connections responsible for it? | |
| indicators: | |
| - name: SMTP Connections over time | |
| preHelpText: Is there a sudden increase in SMTP Connections? | |
| postHelpText: If yes, go check the connection origin | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: connection_origin | |
| label: Origin of the Connections | |
| description: Which origin ip, domain, country is contributing to most SMTP connections? | |
| indicators: | |
| - name: Origin IP, Domain, Country of the SMTP Connections | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| preHelpText: Which origin ip, domain, country is contributing to most SMTP connections? | |
| postHelpText: Go block the IP & add the countries to geo ip filtering. After that see the affected receivers | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| actions: | |
| - name: add_ip_to_ip_address_group | |
| - name: create_firewall_rule | |
| - name: add_country_to_geo_ip_filtering | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: affected_receivers | |
| label: Receivers Affected | |
| description: Which receivers got affected by it? | |
| indicators: | |
| - name: List of receivers getting affected by domains | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| preHelpText: Which users got most affected by it? | |
| postHelpText: Create custom message rules for these users | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| actions: | |
| - name: create_custom_message_rule | |
| presentation: | |
| displayVariant: Vertical | |
| - name: incoming_emails | |
| label: Incoming Emails | |
| description: Is incoming emails responsible for it? | |
| indicators: | |
| - name: Incoming emails over time | |
| preHelpText: Is there a sudden increase in incoming emails? | |
| postHelpText: If yes, go check which domain, ip is responsible for it | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: sender_domain_ip | |
| label: Sender Domain IP | |
| description: Which sender domain, ip is responsible for it? | |
| indicators: | |
| - name: Top 10 senders with domains & IP | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| actions: | |
| - name: add_ip_to_ip_address_group | |
| - name: create_firewall_rule | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: affected_recipients | |
| label: Recipients Affected | |
| description: Which recipients got affected by it? | |
| indicators: | |
| - name: List of recipients getting affected by domains | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| actions: | |
| - name: create_custom_message_rule | |
| presentation: | |
| displayVariant: Vertical | |
| - name: outgoing_emails | |
| label: Outgoing Emails | |
| description: Is outgoing emails responsible for it? | |
| indicators: | |
| - name: Outgoing emails over time | |
| preHelpText: Is there a sudden increase in outgoing emails? | |
| postHelpText: If yes, go check which user is responsible for it | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: responsible_sender | |
| label: Sender Responsbile | |
| description: Which sender user is responsible for it? | |
| indicators: | |
| - name: Top 10 senders with connections & 2FA & password policy | |
| preHelpText: Are there any users with 2FA disabled or who don't meet complex requirements for password policy? | |
| postHelpText: Enable 2FA & meet complex requirements for password policy and renew after atleast 3 months | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| actions: | |
| - name: disable_user | |
| - name: create_firewall_rule | |
| - name: add_ip_to_ip_address_group | |
| presentation: | |
| displayVariant: Vertical | |
| - name: ram | |
| label: RAM | |
| description: Is increase in RAM responsible for it? | |
| indicators: | |
| - name: RAM over time | |
| preHelpText: Is there a sudden increase in RAM? | |
| postHelpText: If yes, this could be a possible issue. Go investigate further | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: server_metadata | |
| label: Server Metadata | |
| description: Server Up Time, Total Ram, VM | |
| indicators: | |
| - name: Metadata of the server | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: IF server time < 1 day that means there was an update made recently, go investigate the updates made | |
| postHelpText: ELSE go see the applications installed to see RAM distribution | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: applications_installed | |
| label: Installed Applications | |
| description: List of applications installed with their RAM consumption | |
| indicators: | |
| - name: Applications Installed | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: Is there any application that's consuming most of the RAM when it's not expected to? | |
| postHelpText: If yes, uninstall the application | |
| actions: | |
| - name: uninstall_application | |
| presentation: | |
| displayVariant: Vertical | |
| - name: server_updates | |
| label: Server Updates | |
| description: Different updates made on the server | |
| indicators: | |
| - name: Version Update Status | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: Was the version of the kerio connect updated? | |
| postHelpText: If yes, that might be the cause, open a ticket for the new version ELSE check if OS was updated | |
| actions: | |
| - name: open_ticket | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: os_version_update | |
| label: OS Update | |
| description: OS updated on the server | |
| indicators: | |
| - name: Os Version Update | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: Was the OS updated? | |
| postHelpText: If yes, uninstall the new patches that are deployed | |
| presentation: | |
| displayVariant: Vertical | |
| - name: active_connections | |
| label: Active Connections | |
| description: Is increase in Active Connections responsible for it? | |
| indicators: | |
| - name: active_connections_over_time | |
| preHelpText: Is there a sudden increase in Active Connections? | |
| postHelpText: If yes, this could be a possible issue. Go investigate further | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
| parameters: | |
| - name: account_id | |
| value: $accountId | |
| - name: appliance_id | |
| value: $applianceId | |
| displayByDefault: true | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: connection_protocol | |
| label: Connections per protocol | |
| description: How are connections distributed over protocols? | |
| indicators: | |
| - name: Connections per protocol | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: Is there a sudden increase in active connections for a given protocol? | |
| postHelpText: If yes, go investigate top users with most active connections under this protocol | |
| presentation: | |
| displayVariant: Vertical | |
| investigations: | |
| - name: users_per_protocol | |
| label: Users per protocol | |
| description: List of users sorted with active connections per protocol | |
| indicators: | |
| - name: Users per protocol | |
| type: DATA_PLOT | |
| config: | |
| dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
| sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
| visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
| displayByDefault: true | |
| preHelpText: Who are the top users with most number of connections per protocol? | |
| postHelpText: Go check source IPs of these users | |
| - name: IP of users | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: What are the source IPs of these users? | |
| postHelpText: Test | |
| actions: | |
| - name: disable_user | |
| - name: create_firewall_rule | |
| - name: add_ip_to_ip_address_group | |
| presentation: | |
| displayVariant: Vertical | |
| - name: user_protocol | |
| label: Users over protocol | |
| description: How are users distributed over protocols? | |
| indicators: | |
| - name: Users with connections over multiple protocols | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: What users have most number of active connections and with multiple protocols? | |
| postHelpText: Go check IPs of these users | |
| actions: | |
| - name: disable_user | |
| - name: IP of users | |
| type: DATA_FETCHER | |
| visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
| displayByDefault: true | |
| preHelpText: What are the source IPs of these users? | |
| postHelpText: Test | |
| actions: | |
| - name: create_firewall_rule | |
| - name: add_ip_to_ip_address_group | |
| presentation: | |
| displayVariant: Vertical |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment